Automates the detection and exploitation of command injection vulnerabilities in certain vulnerable parameter(s) and/or HTTP header(s).
It is compatible with multiple penetration testing tools and freamworks (e.g. Metasploit Freamwork, Burp-suite, SQLMap etc) thereby the detection and exploitation success rate is higly increased.
It is Written in Python! No need to compile anything, only Python (version 2.6, 2.7 or 3.x) is required for running commix on any platform.
Below you will find the answers to the questions that are most often asked by the users of commix.
Q: How can I increase the capabilities of the commix tool and/or to adapt it to my needs?
A: You can easily develop and import our own modules. For more, check the module development wiki page on GitHub.
Q: How can I test or evaluate the detection and exploitation capabilities of commix?
A: Check the command injection testbeds wiki page which includes a collection of applications and virtual machines vulnerable to command injection attacks.
Q: Is there a place where I can check for demos of commix?
A: If you want to see a collection of demos, about the exploitation capabilities of commix, take a look at the third party references wiki page on GitHub.
Q: I found a bug and/or I have to request new features. What can I do?
A: For bug reports and/or new features, please open an issue on Github .
Q: Is there a place where I can find presentations and/or white papers regarding commix?
A: For presentations and/or white papers published in conferences, check the presentations wiki page on GitHub.
Q: Where can I find stable releases of commix?
A: For stable releases check the Releases page on GitHub.