Commix V2.7 - Automated All-In-One Bone Ascendance Injection In Addition To Exploitation Tool


Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written past times Anastasios Stasinopoulos (@ancst) that tin hold upwards used from spider web developers, penetration testers or fifty-fifty safety researchers inward club to seek web-based applications amongst the thought to honor bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is real slow to honor as well as exploit a command injection vulnerability inward a surely vulnerable parameter or HTTP header.

Requirements
Python version 2.6.x or 2.7.x is required for running this program.

Installation
Download commix past times cloning the Git repository:
git clone https://github.com/commixproject/commix.git commix
Commix comes packaged on the official repositories of the next Linux distributions, as well as hence y'all tin role the package manager to install it!
Commix also comes as a plugin, on the next penetration testing frameworks:

Supported Platforms
  • Linux
  • Mac OS X
  • Windows (experimental)

Usage
To larn a listing of all options as well as switches use:
python commix.py -h
Q: Where tin I banking concern represent all the available options as well as switches?
A: Check the 'usage' wiki page.

Usage Examples
Q: Can I larn approximately basic ideas on how to role commix?
A: Just larn as well as banking concern represent the 'usage examples' wiki page, where at that topographic point are several seek cases as well as prepare on scenarios.

Upload Shells
Q: How easily tin I upload web-shells on a target host via commix?
A: Commix enables y'all to upload web-shells (e.g metasploit PHP meterpreter) easily on target host. For more, banking concern represent the 'upload shells' wiki page.

Modules Development
Q: Do y'all desire to increase the capabilities of the commix tool and/or to suit it to our needs?
A: You tin easily prepare as well as import our ain modules. For more, banking concern represent the 'module development' wiki page.

Command Injection Testbeds
Q: How tin I seek or evaluate the exploitation abilities of commix?
A: Check the 'command injection testbeds' wiki page which includes a collection of pwnable spider web applications and/or VMs (that include spider web applications) vulnerable to ascendancy injection attacks.

Exploitation Demos
Q: Is at that topographic point a identify where I tin banking concern represent for demos of commix?
A: If y'all desire to meet a collection of demos, almost the exploitation abilities of commix, accept a hold back at the 'exploitation demos' wiki page.

Bugs as well as Enhancements
Q: I constitute a põrnikas / I hit got to propose a novel feature! What tin I do?
A: For põrnikas reports or enhancements, delight opened upwards an final result here.

Presentations as well as White Papers
Q: Is at that topographic point a identify where I tin honor presentations and/or white papers regarding commix?
A: For presentations and/or white papers published inward conferences, banking concern represent the 'presentations' wiki page.