• Automated All-in-One OS Command Injection and Exploitation Tool.

    Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. The Commix Project uses GitHub to host its source code and to track issues.

    Easy to Use.

    It is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header(s).

    Batteries Included.

    Everything you need to perform effective OS command injection attacks against multiple operating systems and applications is included.


    You are able to develop and easily import your own modules in order to increase the capabilities of commix and/or adapt it to your needs.


    It is compatible with multiple penetration testing tools and freamworks (e.g. Metasploit Freamwork, Burp-suite, SQLMap etc) thereby the success rate of a penetration test is increased.


    It is Written in Python! No need to compile anything, only Python (version 2.6, 2.7 or 3.x is required to be installed for commix to run over Linux (), Mac OSX () and Windows ().

    Free / Open Source.

    It is a free (as in beer!) and open source project licensed under the GPLv3 License