Open In App

Fuxploider – File Upload Vulnerability Scanner And Exploitation Tool

Last Updated : 17 Oct, 2021
Improve
Improve
Like Article
Like
Save
Share
Report

A local file upload flaw is a vulnerability where a web application permits an attacker to upload a wicked file straightly which is then performed. The tester can test this flaw by individually uploading all types of files with different extensions, but the manual approach takes more time. So Automated Tools can be used to fast up the process. Fuxploider tool is an automated tool that automates the testing and detection of File Upload Flaw. Fuxploider tool is developed in the Python Language and is available on the GitHub platform. As the Fuxploider tool is available on the GitHub platform, it’s free and open-source to use. Fuxploider tool is capable to detect the file types permitted to be uploaded and can detect which technique will work best to upload web shells or any payload file on the target web server.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Installation of Fuxploider Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/almandin/fuxploider.git

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd fuxploider

Step 3: You are in the directory of the Fuxploider. Now you have to install a dependency of the Fuxploider using the following command.

sudo pip3 install -r requirements.txt

Step 4: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.

python3 fuxploider.py -h

Working with Fuxploider Tool on Kali Linux OS

Example/Usage: Basic example

python3 fuxploider.py –url https://ac851f8d1ebe5c4e80f5688f007500c6.web-security-academy.net/post?postId=4 –not-regex “Avatar file must be an image.”

In this example, we are testing the target domain for File Upload Vulnerability.

In the below screenshot, the tool is trying to test the extensions which are valid while uploading the files on the target domain.

In the below screenshot, tool will upload the all types of files and check the response code and message.


Like Article
Suggest improvement
Previous
Detecting and Checking Rootkits with Chkrootkit and rkhunter Tool in Kali Linux
Next
Commix - OS Command Injection and Exploitation Tool
Share your thoughts in the comments

Similar Reads

Ppmap - A Scanner or Exploitation Tool Written In GO
Vscan - Vulnerability Scanner Tool Using Nmap And NSE Scripts in Kali Linux
X Attacker Tool - Website Vulnerability Scanner and Auto Exploiter
JoomScan Vulnerability Scanner Tool in Kali Linux
PwnXSS - Automated XSS Vulnerability Scanner Tool in Kali Linux
RapidScan – The Multi-Tool Web Vulnerability Scanner in Kali Linux
Tulpar - Web Vulnerability Scanner Tool
Nuclei - Fast and Customizable Vulnerability Scanner
Vulnnr – Vulnerability Scanner and Auto Exploiter in Kali Linux
CMSeeK - CMS Detection and Exploitation Tool

G
gauravgandal
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox