vFeed


Tools

Published on June 7th, 2016 | by MaxiSoler

0

Commix v0.9b Command Injection Exploiter

Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks.

By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header.

logo_commix

Changelog v0.9b (2016-06-07)

  • Added: The ability to re-perform the injection request if it has failed.
  • Fixed: The shell output in semiblind (“file-based”) technique has been fixed not to concat new lines.
  • Revised: The ability to execute multiple tamper scripts combined or the one after the other.
  • Added: New tamper script “space2plus.py” that replaces every space (” “) with plus (“+”).
  • Added: New state (“checking”) and the color of that state has been setted.
  • Replaced: The “–base64” option has been replaced with “base64encode.py” tamper script.
  • Added: New tamper script “space2ifs.py” that replaces every space (” “) with $IFS (bash) variable.
  • Added: New option “–tamper” that supports tamper injection scripts.
  • Added: Support for verbosity levels (currently supported levels: 0,1).
  • Fixed: Minor rearrangement of prefixes and separators has been implemented.
  • Revised: The “time-based” (blind) technique fr *nix targets has been shortly revised.
  • Revised: The source code has been revised to support “print_state_msg” (i.e error, warning, success etc) functions.

 

Requirements

  • Python version 2.6.x or 2.7.x is required for running this program.

Supported Platforms

  • Linux
  • Mac OS X
  • Windows (experimental)

More Information:

 

Thanks to our friend Anastasios Stasinopoulos, for sharing this tool with us.

Tags: , , , , ,


About the Author

www.artssec.com @maxisoler



Back to Top ↑