Commix, other wise known as [ comm ]and [ i ]njection e[ x ]ploiter is an automated tool written by that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header.
- Python version 2.6.x or 2.7.x
- Linux or Mac OS X or Windows (experimental)
Download & Installation:
Download commix by cloning the Git repository:
git clone https://github.com/commixproject/commix.git commix
Commix comes packaged on the official repositories of the following Linux distributions, so you can use the package manager to install it!
Commix also comes as a plugin , on the following penetration testing frameworks:
- TrustedSec’s Penetration Testers Framework (PTF)
- OWASP Offensive Web Testing Framework (OWTF)
- Aptive’s Penetration Testing tools