File inclusion database tool

Tutorials Tools
1

Hi there,

I’m working on fidb - a file inclusion database tool. It allows you to harvest paths from owned systems (e.g. HTB machines), save them and query for them using specific filters like “only windows paths”, or “paths containing passwords”, or “apache2 paths”.

Let’s say you have a file inclusion vulnerability that only works with relative paths, but you know you’re in /var/www/html - you can use fidb to automatically make the queried paths relative to your current directory.

More things you can do with fidb:

  • query for windows paths with an .exe extension
  • query for linux paths in the /etc directory but in the format of “{path}%00”
  • query for paths relative to /var/www/html

If you’re interested you can check it out on Github:

Thanks and happy hacking!

2

A quick note: The next feature I plan on adding is support for relative paths. This way, you can e.g. save a category “git” which contains common .git paths that you can then query for (and optionally prepend an absolute parent path).