commix v2.8 releases: Automated All-in-One OS command injection and exploitation tool

Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header.

 

Changelog

Version 2.8-20190326

  • Fixed: Multiple bug-fixes regarding several reported unhandled exceptions.
  • Updated: Minor update regarding accepting overly long result lines.
  • Revised: Minor bug-fixes and improvements regarding --file-upload option.
  • Revised: Minor bug-fixes and improvements regarding HTTP authentication dictionary-based cracker.
  • Revised: Minor bug-fixes and improvements regarding HTTP authentication (Basic / Digest).
  • Fixed: Minor bug-fix regarding ignoring HTTP Error 401 (Unauthorized) (for --ignore-401 option).
  • Added: Support for writing crawling results to a temporary file (for eventual further processing with other tools).
  • Added: Support for Windows “Python” on “reverse_tcp” shell option.

Download

git clone https://github.com/commixproject/commix.git commix

Tutorial

Copyright (c) 2014-2018 Anastasios Stasinopoulos

Source: https://github.com/commixproject/

Share