Automated All-in-One OS command injection and exploitation tool
Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header.
Change log v1.9-20170502
- Revised: Minor improvement in results-based techniques, for delaying the OS responses depending on the user-provided time delay.
- Revised: The time-related (“time-based”/”tempfile-based”) payloads, have been shortly revised.
- Revised: Minor improvement in file-based technique, for delaying the OS responses depending on the user-provided time delay.
- Fixed: Minor improvement in file-based technique, regarding τhe directory path that the output file is saved.
- Added: New option “–ignore-redirects” that ignoring redirection attempts.
- Added: New functionality for identifying and following URL redirections.
- Fixed: Minor improvement for adding “/” at the end of the user provided root dir (in case it does not exist).
- Revised: The file-based payload for deleting files with execution output has been shortly revised.
- Replaced: The “–root-dir” option has been replaced with “–web-root” option.
- Added: New option “–wizard” that shows a simple wizard interface for beginner users.
Installation
