Updates Commix v-0.1b : Automatic All-in-One OS Command Injection and Exploitation Tool.

Updates Commix v-0.1b : Automatic All-in-One OS Command Injection and Exploitation Tool.

Changelog Version 0.1b [2015]:
* Added some enumeration options.
* Added an alternative option for os-shell (Python).
* Added the “ICMP Exfiltration” technique on classic results-based command injections (first module).
* Added the “tempfile-based” semiblind technique.
* Added the “file-based” semiblind technique.
* Removed the “boolean-based” blind technique.
* Some minor fixes.
* Added More Options.
* Added new option “–root-dir(24/04/2015)

Commix (short for [com]mand [i]njection e[x]ploiter) has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or string. Commix is written in Python programming language.

Example screenCapture commix-v-0.1b : Automated All-in-One OS Command Injection and Exploitation Tool

Example screenCapture commix-v-0.1b : Automated All-in-One OS Command Injection and Exploitation Tool

Disclaimer :
The tool is only for testing and academic purposes and can only be used where strict consent has been given. Do not use it for illegal purposes!!

Usage

Options:

Target:

Request:

Injection:

Enumeration :

Download : Master.zip | Clone Url
Source : https://github.com/stasinopoulos/ | Our post Before