Updates Commix v-0.1b-c537e53 : Automatic All-in-One OS Command Injection and Exploitation Tool.

Updates Commix v-0.1b-c537e53 : Automatic All-in-One OS Command Injection and Exploitation Tool.

Changelog Version 0.1b-c537e53 [21/8/2015]:
+* Payloads on “tempfile-based” semiblind technique, have been replaced by new (more solid) ones. *New
+* Added a “new-line” separator support, on “time-based” blind & “tempfile-based” semiblind techniques. *New
+* Added support for referer-based command injections.
+* Added support for user-agent-based command injections.
+* Added CVE-2014-6278 support on ‘shellshock’ module.
+* Added support for cookie-based command injections.
+* Added a generic false-positive prevention technique.
+* Removed the “Base64” detection option.
+* Added Tor network support.
+* Added the ‘shellshock’ (CVE-2014-6271) injection technique (module).
+* Added termcolor support for Windows (colorama).
+* Added file access options.
+* Added enumeration options.
+* Added an alternative option for os-shell (Python).
+* Added the “ICMP Exfiltration” injection technique (module).
+* Added the “tempfile-based” semiblind technique.
+* Added the “file-based” semiblind technique.
+* Removed the “boolean-based” blind technique.
+* Added More Options.

Commix (short for [com]mand [i]njection e[x]ploiter) has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or string. Commix is written in Python programming language.

Example screenCapture commix-v-0.1b : Automated All-in-One OS Command Injection and Exploitation Tool

Example screenCapture commix-v-0.1b : Automated All-in-One OS Command Injection and Exploitation Tool

Disclaimer :
The tool is only for testing and academic purposes and can only be used where strict consent has been given. Do not use it for illegal purposes!!

Usage

Options:

Target:

Request:

Injection:

Enumeration :

Download : Master.zip | Clone Url
Source : https://github.com/stasinopoulos/ | Our post Before