The Commix (abbreviation for [comm] and [ i ] njection e [x] ploiter) is an automated tool written by Anastasios Stasinopoulos ( @ancst ), which can be used by web developers, penetration testers or even security researchers to test web applications for errors or vulnerabilities related to attacks command injection.
Using this tool, it is very easy to find and exploit a command injection vulnerability in a specific vulnerable parameter or HTTP header.
Version required Python 2.6 , 2.7 the 3.x to run this program.
We download it commix from the Git repository:
The Commix already exists in official repositories of the following Linux distributions so that you can use it package manager for to install it!
The Commix is also coming as an add-on , in the following penetration testing frameworks:
- TrustedSec's Penetration Testers Framework (PTF)
- OWASP Offensive Web Testing Framework (OWTF)
- Aptive's Penetration Testing tools
- Homebrew Tap - Pen Test Tools
- fsociety Hacking Tools Pack - A Penetration Testing Framework
- Mac OS X
- Windows (experimental)
To display all available program options, type the following command:
python commix.py -h