Commix (abbreviation for [comm] and [ i ] njection e [x] ploiter) is an automated tool written by Anastasios Stasinopoulos ( @ancst ), which can be used by web developers, penetration testers or even security researchers to test web applications for errors or vulnerabilities related to attacks command injection.
Using this tool, it is very easy to find and exploit a command injection vulnerability in a specific vulnerable parameter or HTTP header.
Version required Python 2.6 , 2.7 ή 3.x to run this program.
We download commix from the Git repository:
git clone https://github.com/commixproject/commix.git commix
Commix already exists in official repositories of the following Linux distributions so that you can use it package manager for to install it!
Commix is coming too as an additive , in the following penetration testing frameworks:
- TrustedSec's Penetration Testers Framework (PTF)
- OWASP Offensive Web Testing Framework (OWTF)
- Aptive's Penetration Testing tools
- Homebrew Tap - Pen Test Tools
- fsociety Hacking Tools Pack - A Penetration Testing Framework
- Mac OS X
- Windows (experimental)
To display all available program options, type the following command:
python commix.py -h