## https://sploitus.com/exploit?id=F766EDA3-1A81-5664-8E56-2888CA517B93
fimap is a Python tool designed to find, prepare, audit, exploit, and even automatically Google for local and remote file inclusion (LFI/RFI) bugs in web applications. It can identify and exploit file inclusion bugs, including include(), include_once(), require(), and require_once() functions. The tool has a blind mode for cases where the server has disabled error messages and an interactive exploit mode that can spawn a shell on vulnerable systems. Fimap also has a plugin system, with plugins available for Metasploit payloads, which can be used to gain further access to the server and network. The tool uses Metasploit payloads for Unix and Windows boxes, including Perl reverse shell, Bash reverse shell, PHP reverse shell, and Meterpreter reverse shell. Fimap can be used to test and exploit multiple bugs, and it has a user-friendly interface for configuring and running attacks.