Commix

Description

Commix, short for COMMand Injection eXploiter, is an open-source penetration testing tool developed by Anastasios Stasinopoulos. Its primary function is to automate the detection and exploitation of command injection vulnerabilities. (Command injection involves executing arbitrary commands on a host operating system through a vulnerable application.) Commix simplifies the process for security professionals to identify and leverage these weaknesses in web applications and other systems.

The tool is written in Python and is compatible with versions 2.6, 2.7, and 3.x. The project is licensed under the GNU General Public License v3 (GPLv3).

The tool documents most of its options on its wiki: https://github.com/commixproject/commix/wiki

The tool's development is ongoing, with a focus on providing a stable and reliable utility for penetration testers. The setup.py file indicates a stable version (e.g., '4.0-stable') and includes project URLs for documentation, source code, and an issue tracker, all hosted on GitHub. This structured approach to development and community engagement helps ensure that Commix remains a relevant and powerful tool in the cybersecurity landscape.

Commix also supports various international users, with translations of its README available in several languages, including Farsi (Persian), Greek, Indonesian, and Turkish. This commitment to accessibility broadens its reach and usability across different regions. The project encourages community involvement through its issue tracker for reporting bugs or suggesting enhancements.

Links

• http://tools.kali.org/exploitation-tools/commix
• https://github.com/stasinopoulos/commix
• https://github.com/stasinopoulos/commix/wiki/Exploitation-Demos
• https://github.com/stasinopoulos/commix/wiki/Usage-Examples

Shellshock

python commix.py --url="http://192.168.0.1/cgi.bin/status" --shellshock