Commix (short for [comm]and [i]njection e[x]ploiter) is an open source penetration testing tool, written by Anastasios Stasinopoulos (@ancst), that automates the detection and exploitation of command injection vulnerabilities.
You can download commix on any platform by cloning the official Git repository :
$ git clone https://github.com/commixproject/commix.git commix
Alternatively, you can download the latest tarball or zipball.
Note: Python (version 2.6, 2.7 or 3.x) is required for running commix.
To get a list of all options and switches use:
$ python commix.py -h
To get an overview of commix available options, switches and/or basic ideas on how to use commix, check usage, usage examples and filters bypasses wiki pages.
- User's manual: https://github.com/commixproject/commix/wiki
- Issues tracker: https://github.com/commixproject/commix/issues