{"id":3898,"date":"2015-04-04T04:21:39","date_gmt":"2015-04-03T20:21:39","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3898"},"modified":"2015-09-09T19:36:39","modified_gmt":"2015-09-09T11:36:39","slug":"commix-command-injection-attack-tool","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2015\/04\/commix-command-injection-attack-tool\/","title":{"rendered":"Commix &#8211; Command Injection Attack Tool"},"content":{"rendered":"<p>Commix (short for [comm]and [i]njection e[x]ploiter) has a simple environment and it can be used by web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks.<\/p>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/farm8.staticflickr.com\/7650\/16835597000_915833a19c.jpg\" alt=\"Commix - Command Injection Attack Tool\" \/><\/p>\n<p>By using this command injection attack tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or string.<\/p>\n<p>Commix is written in Python programming language.<\/p>\n<h3>Usage<\/h3>\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3033787195489589\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Darknet Responsive Post Ad Links [previously link ad unit] -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3033787195489589\"\r\n     data-ad-slot=\"5456620019\"\r\n     data-ad-format=\"auto\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script>\n<pre>Usage: python commix.py [options]\r\n\r\n-h, --help            Show help and exit.\r\n--verbose             Enable the verbose mode.\r\n--install             Install 'commix' to your system.\r\n--version             Show version number and exit.\r\n--update              Check for updates (apply if any) and exit.\r\n\r\nThis option has to be provided, to define the target URL.\r\n\r\n--url=URL           Target URL.\r\n--url-reload        Reload target URL after command execution.\r\n\r\nThese options can be used, to specify how to connect to the target\r\nURL.\r\n\r\n--host=HOST         HTTP Host header.\r\n--referer=REFERER   HTTP Referer header.\r\n--user-agent=AGENT  HTTP User-Agent header.\r\n--cookie=COOKIE     HTTP Cookie header.\r\n--headers=HEADERS   Extra headers (e.g. 'Header1:Value1\\nHeader2:Value2').\r\n--proxy=PROXY       Use a HTTP proxy (e.g. '127.0.0.1:8080').\r\n--auth-url=AUTH_..  Login panel URL.\r\n--auth-data=AUTH..  Login parameters and data.\r\n--auth-cred=AUTH..  HTTP Basic Authentication credentials (e.g.\r\n                    'admin:admin').\r\n\r\nThese options can be used, to specify which parameters to inject and\r\nto provide custom injection payloads.\r\n\r\n--data=DATA         POST data to inject (use 'INJECT_HERE' tag).\r\n--suffix=SUFFIX     Injection payload suffix string.\r\n--prefix=PREFIX     Injection payload prefix string.\r\n--technique=TECH    Specify a certain injection technique : 'classic',\r\n                    'eval-based', 'time-based' or 'file-based'.\r\n--maxlen=MAXLEN     The length of the output on time-based technique\r\n                    (Default: 10000 chars).\r\n--delay=DELAY       Set Time-delay for time-based and file-based\r\n                    techniques (Default: 1 sec).\r\n--base64            Use Base64 (enc)\/(de)code trick to prevent false-\r\n                    positive results.\r\n--tmp-path=TMP_P..  Set remote absolute path of temporary files directory.\r\n--icmp-exfil=IP_..  Use the ICMP exfiltration technique (e.g.\r\n                    'ip_src=192.168.178.1,ip_dst=192.168.178.3').<\/pre>\n<p>You can download commix here by cloning the Github repo:<\/p>\n<pre>git clone https:\/\/github.com\/stasinopoulos\/commix.git commix<\/pre>\n<p>Or read more <a href=\"https:\/\/github.com\/stasinopoulos\/commix\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Commix (short for [comm]and [i]njection e[x]ploiter) has a simple environment and it can be used by web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this command injection attack tool, it is very easy to find [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"Commix is a command injection attack tool written in Python to help you test web applications and find command injection bugs, vulnerabilities or errors.","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[10,15],"tags":[284,785],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/3898"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=3898"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/3898\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=3898"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=3898"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=3898"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}