Commix V2.7 - Automated All-In-One Bone Ascendance Injection In Addition To Exploitation Tool

Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written past times Anastasios Stasinopoulos (@ancst) that tin hold upwards used from spider web developers, penetration testers or fifty-fifty safety researchers inward club to seek web-based applications amongst the thought to honor bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is real slow to honor as well as exploit a command injection vulnerability inward a surely vulnerable parameter or HTTP header.

Requirements
Python version 2.6.x or 2.7.x is required for running this program.

Installation
Download commix past times cloning the Git repository:

git clone https://github.com/commixproject/commix.git commix

Commix comes packaged on the official repositories of the next Linux distributions, as well as hence y'all tin role the package manager to install it!

• ArchStrike
• BlackArch Linux
• BackBox
• Kali Linux
• Parrot Security OS
• Weakerthan Linux

Commix also comes as a plugin, on the next penetration testing frameworks:

• TrustedSec's Penetration Testers Framework (PTF)
• OWASP Offensive Web Testing Framework (OWTF)
• CTF-Tools
• PentestBox
• PenBox
• Katoolin
• Aptive's Penetration Testing tools
• Homebrew Tap - Pen Test Tools

Supported Platforms

• Linux
• Mac OS X
• Windows (experimental)

Usage
To larn a listing of all options as well as switches use:

python commix.py -h

Q: Where tin I banking concern represent all the available options as well as switches?
A: Check the 'usage' wiki page.

Usage Examples
Q: Can I larn approximately basic ideas on how to role commix?
A: Just larn as well as banking concern represent the 'usage examples' wiki page, where at that topographic point are several seek cases as well as prepare on scenarios.

Upload Shells
Q: How easily tin I upload web-shells on a target host via commix?
A: Commix enables y'all to upload web-shells (e.g metasploit PHP meterpreter) easily on target host. For more, banking concern represent the 'upload shells' wiki page.

Modules Development
Q: Do y'all desire to increase the capabilities of the commix tool and/or to suit it to our needs?
A: You tin easily prepare as well as import our ain modules. For more, banking concern represent the 'module development' wiki page.

Command Injection Testbeds
Q: How tin I seek or evaluate the exploitation abilities of commix?
A: Check the 'command injection testbeds' wiki page which includes a collection of pwnable spider web applications and/or VMs (that include spider web applications) vulnerable to ascendancy injection attacks.

Exploitation Demos
Q: Is at that topographic point a identify where I tin banking concern represent for demos of commix?
A: If y'all desire to meet a collection of demos, almost the exploitation abilities of commix, accept a hold back at the 'exploitation demos' wiki page.

Bugs as well as Enhancements
Q: I constitute a põrnikas / I hit got to propose a novel feature! What tin I do?
A: For põrnikas reports or enhancements, delight opened upwards an final result here.

Presentations as well as White Papers
Q: Is at that topographic point a identify where I tin honor presentations and/or white papers regarding commix?
A: For presentations and/or white papers published inward conferences, banking concern represent the 'presentations' wiki page.

Download Commix