Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool

Commix (brief for [comm]and [i]njection e[x]ploiter) is an automatic software written by Anastasios Stasinopoulos (@ancst) that can be utilized from net builders, penetration testers and even safety researchers with a purpose to take a look at net-primarily based functions with the view to seek out bugs, errors or vulnerabilities associated to command injection assaults. By utilizing this software, it is extremely simple to seek out and exploit a command injection vulnerability in a sure weak parameter or HTTP header.

Requirements
Python model 2.6.x or 2.7.x is required for operating this program.

Installation
Download commix by cloning the Git repository:

git clone https://github.com/commixproject/commix.git commix

Commix comes packaged on the official repositories of the next Linux distributions, so you should utilize the package deal supervisor to put in it!
Commix additionally comes as a plugin, on the next penetration testing frameworks:

Supported Platforms

Linux
Mac OS X
Windows (experimental)

Usage
To get a listing of all choices and switches use:

python commix.py -h

Q: Where can I examine all of the accessible choices and switches?
A: Check the ‘usage‘ wiki web page.

Usage Examples
Q: Can I get some fundamental concepts on tips on how to use commix?
A: Just go and examine the ‘usage examples‘ wiki web page, the place there are a number of take a look at circumstances and assault situations.

Upload Shells
Q: How simply can I add net-shells on a goal host by way of commix?
A: Commix lets you add net-shells (e.g metasploit PHP meterpreter) simply on the right track host. For extra, examine the ‘upload shells‘ wiki web page.

Modules Development
Q: Do you wish to enhance the capabilities of the commix software and/or to adapt it to our wants?
A: You can simply develop and import our personal modules. For extra, examine the ‘module development‘ wiki web page.

Command Injection Testbeds
Q: How can I take a look at or consider the exploitation skills of commix?
A: Check the ‘command injection testbeds‘ wiki web page which features a assortment of pwnable net functions and/or VMs (that embrace net functions) weak to command injection assaults.

Exploitation Demos
Q: Is there a spot the place I can examine for demos of commix?
A: If you wish to see a group of demos, concerning the exploitation skills of commix, check out the ‘exploitation demos‘ wiki web page.

Bugs and Enhancements
Q: I discovered a bug / I’ve to counsel a brand new function! What can I do?
A: For bug reviews or enhancements, please open a difficulty here.

Presentations and White Papers
Q: Is there a spot the place I can discover shows and/or white papers concerning commix?
A: For shows and/or white papers revealed in conferences, examine the ‘presentations‘ wiki web page.