Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header.
- Fixed: Multiple bug-fixes regarding several reported unhandled exceptions.
- Updated: Minor update regarding accepting overly long result lines.
- Revised: Minor bug-fixes and improvements regarding
- Revised: Minor bug-fixes and improvements regarding HTTP authentication dictionary-based cracker.
- Revised: Minor bug-fixes and improvements regarding HTTP authentication (Basic / Digest).
- Fixed: Minor bug-fix regarding ignoring HTTP Error 401 (Unauthorized) (for
- Added: Support for writing crawling results to a temporary file (for eventual further processing with other tools).
- Added: Support for Windows “Python” on “reverse_tcp” shell option.
git clone https://github.com/commixproject/commix.git commix
Copyright (c) 2014-2018 Anastasios Stasinopoulos