Commix (short for [comm]and [i]njection e[x]ploiter) has a simple environment and it can be used by web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks.
By using this command injection attack tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or string.
Commix is written in Python programming language.
Usage
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
Usage: python commix.py [options] -h, --help Show help and exit. --verbose Enable the verbose mode. --install Install 'commix' to your system. --version Show version number and exit. --update Check for updates (apply if any) and exit. This option has to be provided, to define the target URL. --url=URL Target URL. --url-reload Reload target URL after command execution. These options can be used, to specify how to connect to the target URL. --host=HOST HTTP Host header. --referer=REFERER HTTP Referer header. --user-agent=AGENT HTTP User-Agent header. --cookie=COOKIE HTTP Cookie header. --headers=HEADERS Extra headers (e.g. 'Header1:Value1\nHeader2:Value2'). --proxy=PROXY Use a HTTP proxy (e.g. '127.0.0.1:8080'). --auth-url=AUTH_.. Login panel URL. --auth-data=AUTH.. Login parameters and data. --auth-cred=AUTH.. HTTP Basic Authentication credentials (e.g. 'admin:admin'). These options can be used, to specify which parameters to inject and to provide custom injection payloads. --data=DATA POST data to inject (use 'INJECT_HERE' tag). --suffix=SUFFIX Injection payload suffix string. --prefix=PREFIX Injection payload prefix string. --technique=TECH Specify a certain injection technique : 'classic', 'eval-based', 'time-based' or 'file-based'. --maxlen=MAXLEN The length of the output on time-based technique (Default: 10000 chars). --delay=DELAY Set Time-delay for time-based and file-based techniques (Default: 1 sec). --base64 Use Base64 (enc)/(de)code trick to prevent false- positive results. --tmp-path=TMP_P.. Set remote absolute path of temporary files directory. --icmp-exfil=IP_.. Use the ICMP exfiltration technique (e.g. 'ip_src=192.168.178.1,ip_dst=192.168.178.3'). |
You can download commix here by cloning the Github repo:
1 |
git clone https://github.com/stasinopoulos/commix.git commix |
Or read more here.