Description
Commix (Command Injection Exploiter) is an open source tool that automates the detection and exploitation of command injection vulnerabilities. It supports results-based, blind, and time-based techniques.
Installation
BASH
# Kali/Debian
sudo apt install commix
# From source
git clone https://github.com/commixproject/commix.git
cd commix
python commix.py --versionBasic Usage
BASH
# Test URL
python commix.py -u "https://target.com/?cmd=test"
# POST data
python commix.py -u "https://target.com" --data "param=value"Advanced Usage
BASH
# From request file
python commix.py -r request.txt
# OS shell
python commix.py -u "https://target.com/?cmd=test" --os-cmd="id"
# Specific technique
python commix.py -u "https://target.com/?cmd=test" --technique=t
# With cookies
python commix.py -u "https://target.com/?cmd=test" --cookie="session=abc"
# Through proxy
python commix.py -u "https://target.com/?cmd=test" --proxy http://127.0.0.1:8080
# Batch mode
python commix.py -u "https://target.com/?cmd=test" --batch