Fuxploider is an automated penetration testing tool designed to detect and exploit file upload vulnerabilities on web servers.
File upload vulnerability scanner and exploitation tool.
This tool is primarily used by penetration testers and red teamers to identify and exploit weaknesses in file upload mechanisms of web applications. It automates the detection of allowed file types and determines the best technique to upload malicious files or web shells, aiding in security assessments and vulnerability exploitation.
Ensure Python 3.6 or higher is installed before running the tool. Usage without explicit permission from the target is illegal and may result in legal consequences. Use responsibly and only on authorized targets. Docker support allows for easier deployment and isolation.
git clone https://github.com/almandin/fuxploider.git
cd fuxploider
pip3 install -r requirements.txt
If pip issues occur (especially on Windows), run: python3 -m pip install -r requirements.txt
For Docker installation, build the image with: docker build -t almandin/fuxploider .python3 fuxploider.py -h
Displays a list of basic options and switches available in the tool.
python3 fuxploider.py --url https://awesomeFileUploadService.com --not-regex "wrong file type"
Runs the scanner against the specified URL while ignoring responses matching the 'wrong file type' regex.