commix
Commix (short for [comm]and [i]njection e[x]ploiter) is an open-source penetration testing tool, written by Anastasios Stasinopoulos (@ancst), that automates the detection and exploitation of command injection vulnerabilities.
Details
Category: Vulnerabilities
Publisher: trickest
Created Date: 9/7/2021
Container: quay.io/trickest/commix:fc5febe-patch-3
Source URL: https://github.com/commixproject/commix
Parameters
os
string
Command:
--os - Force back-end operating system (e.g. 'Windows' or 'Unix').all
boolean
Command:
--all - Retrieve everything.tor
boolean
Command:
--tor - Use the Tor network.url
string
requiredCommand:
data
string
Command:
--data - Data string to be sent through POST.host
string
Command:
--host - HTTP Host header.skip
string
Command:
--skip - Skip testing for given parameter(s).urls
file
requiredCommand:
alert
string
Command:
--alert - Run host OS command(s) when injection point is found.codec
string
Command:
--codec - Force codec for character encoding (e.g. 'ascii').crawl
boolean
Command:
--crawl - Crawl the website starting from the target URLdelay
string
Command:
--delay - Seconds to delay between each HTTP request.level
string
Command:
--level - Level of tests to perform (1-3, Default: 1).proxy
string
Command:
--proxy - Use a proxy to connect to the target URL.purge
boolean
Command:
--purge - Safely remove all content from commix data directory.smart
boolean
Command:
--smart - Perform thorough tests only if positive heuristic(s).users
boolean
Command:
--users - Retrieve system users.cookie
string
Command:
--cookie - HTTP Cookie header.header
string
Command:
--header - Extra header (e.g. 'X-Forwarded-For: 127.0.0.1').maxlen
string
Command:
--maxlen - Set the max length of output for time-relatedmethod
string
Command:
--method - Force usage of given HTTP method (e.g. PUT)mobile
boolean
Command:
--mobile - Imitate smartphone through HTTP User-Agent header.os-cmd
string
Command:
--os-cmd - Execute a single operating system command.prefix
string
Command:
--prefix - Injection payload prefix string.suffix
string
Command:
--suffix - Injection payload suffix string.tamper
string
Command:
--tamper - Use given script(s) for tampering injection data.answers
string
Command:
--answers - Set predefined answers (e.g. quit=N,follow=N)charset
string
Command:
--charset - Time-related injection charset (e.g. 0123456789abcdef)headers
string
Command:
--headers - Extra headers (e.g. 'Accept-Language: fr
ETag: 123').is-root
boolean
Command:
--is-root - Check if the current user have root privileges.offline
boolean
Command:
--offline - Work in offline mode.referer
string
Command:
--referer - HTTP Referer header.request
file
Command:
-r - Load HTTP request from a file.retries
string
Command:
--retries - Retries when the connection timeouts (Default: 3).session
file
Command:
-s - Load session from a stored (.sqlite) file.sitemap
boolean
Command:
-x - Parse target(s) from remote sitemap(.xml) file.timeout
string
Command:
--timeout - Seconds to wait before timeout connection (Default:auth-url
string
Command:
--auth-url - Login panel URL.hostname
boolean
Command:
--hostname - Retrieve current hostname.is-admin
boolean
Command:
--is-admin - Check if the current user have admin privileges.log-file
file
Command:
-l - Parse target from HTTP proxy log file.skip-waf
boolean
Command:
--skip-waf - Skip heuristic detection of WAF/IPS/IDS protection.sys-info
boolean
Command:
--sys-info - Retrieve system information.time-sec
string
Command:
--time-sec - Seconds to delay the OS response (Default: 1).tmp-path
string
Command:
--tmp-path - Set the absolute path of web server's temp directory.tor-port
string
Command:
--tor-port - Set Tor proxy port (Default: 8118).web-root
string
Command:
--web-root - Set the web server document root directory (e.g. '/var/www').auth-cred
string
Command:
--auth-cred - HTTP authentication credentials (e.g. 'admin:admin').auth-data
string
Command:
--auth-data - Login parameters and data.auth-type
string
Command:
--auth-type - HTTP authentication type (Basic, Digest, Bearer).file-dest
string
Command:
--file-dest - Host's absolute filepath to write and/or upload to.file-read
string
Command:
--file-read - Read a file from the target host.force-ssl
boolean
Command:
--force-ssl - Force usage of SSL/HTTPS.param-del
string
Command:
--param-del - Set character for splitting parameter values.parameter
string
Command:
-p - Testable parameter(s).passwords
boolean
Command:
--passwords - Retrieve system users password hashes.skip-calc
boolean
Command:
--skip-calc - Skip the mathematic calculation during the detectiontechnique
string
Command:
--technique - Specify injection technique(s) to use.tor-check
boolean
Command:
--tor-check - Check to see if Tor is used properly.verbosity
string
Command:
-v - Verbosity level (0-4, Default: 0).cookie-del
string
Command:
--cookie-del - Set character for splitting cookie values.file-write
string
Command:
--file-write - Write to a file on the target host.no-logging
boolean
Command:
--no-logging - Disable logging to a file.privileges
boolean
Command:
--privileges - Retrieve system users privileges.ps-version
boolean
Command:
--ps-version - Retrieve PowerShell's version number.shellshock
boolean
Command:
--shellshock - The 'shellshock' injection module.skip-empty
boolean
Command:
--skip-empty - Skip testing the parameter(s) with empty value(s).url-reload
boolean
Command:
--url-reload - Reload target URL after command execution.user-agent
string
Command:
--user-agent - HTTP User-Agent header.alter-shell
string
Command:
--alter-shell - Use an alternative os-shell (e.g. 'Python').file-upload
string
Command:
--file-upload - Upload a file on the target host.ignore-code
string
Command:
--ignore-code - Ignore (problematic) HTTP error code (e.g. 401).current-user
boolean
Command:
--current-user - Retrieve current user name.failed-tries
string
Command:
--failed-tries - Set a number of failed injection tries, in file-basedignore-proxy
boolean
Command:
--ignore-proxy - Ignore system default proxy settings.list-tampers
boolean
Command:
--list-tampers - Display list of available tamper scripts.random-agent
boolean
Command:
--random-agent - Use a randomly selected HTTP User-Agent header.crawl-exclude
string
Command:
--crawl-exclude - Regexp to exclude pages from crawling (e.g. logout).flush-session
boolean
Command:
--flush-session - Flush session files for current target.check-internet
boolean
Command:
--check-internet - Check internet connection before assessing the target.ignore-session
boolean
Command:
--ignore-session - Ignore results stored in session file.skip-technique
string
Command:
--skip-technique - Specify injection technique(s) to skip.drop-set-cookie
boolean
Command:
--drop-set-cookie - Ignore Set-Cookie header from response.skip-heuristics
boolean
Command:
--skip-heuristics - Skip heuristic detection for code injection.ignore-redirects
boolean
Command:
--ignore-redirects - Ignore redirection attempts.ignore-dependencies
boolean
Command:
--ignore-dependencies - Ignore all required third-party library dependencies.