Fuxploider is an open-source penetration testing tool that automates the detection and exploitation of file upload vulnerabilities. It can detect the allowed extension in the file upload area and detect which technique will work best for installing the web shell. You can use the Fuxploider tool to scan for file upload vulnerabilities while performing your web penetration tests.

Installing Fuxploider

We will use the following commands for installation. For this installation, we will need at least Python 3.6 and pip3. With the “git clone https://github.com/almandin/fuxploider.git” command, we clone the “fuxploider” file from the “Github” site to the Kali Linux desktop. With the “cd fuxploider” command, we enter the “fuxploider” file. Then we install the “requirements” file with the “pip3 install -r requirements.txt” command.

Note: You can use “sudo apt update” and “sudo apt install python3-pip” to install pip on Kali Linux.

git clone https://github.com/almandin/fuxploider.git
cd fuxploider
pip3 install -r requirements.txt

Using Fuxploider

To get more detailed information about the “fuxploider” application, you can use the following sandbox.

python3 fuxploider.py -h

Example Usage

I crawled my own site for example usage. You can reproduce these examples. As you can see, there is a file upload vulnerability on my site.

python3 fuxploider.py --url https://systemconf.com --not-regex "wrong file type"