7th December 2021

What is Fuxploider and How to Use it?

Fuxploider is an open-source penetration testing tool that automates the detection and exploitation of file upload vulnerabilities. It can detect the allowed extension in the file upload area and detect which technique will work best for installing the web shell. You can use the Fuxploider tool to scan for file upload vulnerabilities while performing your web penetration tests.

Installing Fuxploider

We will use the following commands for installation. For this installation, we will need at least Python 3.6 and pip3. With the “git clone https://github.com/almandin/fuxploider.git” command, we clone the “fuxploider” file from the “Github” site to the Kali Linux desktop. With the “cd fuxploider” command, we enter the “fuxploider” file. Then we install the “requirements” file with the “pip3 install -r requirements.txt” command.

Note: You can use “sudo apt update” and “sudo apt install python3-pip” to install pip on Kali Linux.

Installing Fuxploider
Installing Fuxploider

 

Using Fuxploider

To get more detailed information about the “fuxploider” application, you can use the following sandbox.

python3 fuxploider.py -h
python3 fuxploider.py -h

 

Example Usage

I crawled my own site for example usage. You can reproduce these examples. As you can see, there is a file upload vulnerability on my site.

Using Fuxploider
Using Fuxploider

 

LEARN MORE  Microsoft Exchange Server Remote Code Execution Vulnerabilities - CVE-2021-28480,CVE-2021-28481,CVE-2021-28482,CVE-2021-28483

Leave a Reply

Your email address will not be published. Required fields are marked *