commix
Commix (short for [comm]and [i]njection e[x]ploiter) is an open-source penetration testing tool, written by Anastasios Stasinopoulos (@ancst), that automates the detection and exploitation of command injection vulnerabilities.
Details
Category: Vulnerabilities
Publisher: trickest
Created Date: 9/7/2021
Container: quay.io/trickest/commix:fc5febe-patch-3
Source URL: https://github.com/commixproject/commix
Parameters
Command:
--os
- Force back-end operating system (e.g. 'Windows' or 'Unix').Command:
--all
- Retrieve everything.Command:
--tor
- Use the Tor network.Command:
- Target URL.Command:
--data
- Data string to be sent through POST.Command:
--host
- HTTP Host header.Command:
--skip
- Skip testing for given parameter(s).Command:
- Scan multiple targets given in a textual file.Command:
--alert
- Run host OS command(s) when injection point is found.Command:
--codec
- Force codec for character encoding (e.g. 'ascii').Command:
--crawl
- Crawl the website starting from the target URLCommand:
--delay
- Seconds to delay between each HTTP request.Command:
--level
- Level of tests to perform (1-3, Default: 1).Command:
--proxy
- Use a proxy to connect to the target URL.Command:
--purge
- Safely remove all content from commix data directory.Command:
--smart
- Perform thorough tests only if positive heuristic(s).Command:
--users
- Retrieve system users.Command:
--cookie
- HTTP Cookie header.Command:
--header
- Extra header (e.g. 'X-Forwarded-For: 127.0.0.1').Command:
--maxlen
- Set the max length of output for time-relatedCommand:
--method
- Force usage of given HTTP method (e.g. PUT)Command:
--mobile
- Imitate smartphone through HTTP User-Agent header.Command:
--os-cmd
- Execute a single operating system command.Command:
--prefix
- Injection payload prefix string.Command:
--suffix
- Injection payload suffix string.Command:
--tamper
- Use given script(s) for tampering injection data.Command:
--answers
- Set predefined answers (e.g. quit=N,follow=N)Command:
--charset
- Time-related injection charset (e.g. 0123456789abcdef)Command:
--headers
- Extra headers (e.g. 'Accept-Language: fr
ETag: 123').Command:
--is-root
- Check if the current user have root privileges.Command:
--offline
- Work in offline mode.Command:
--referer
- HTTP Referer header.Command:
-r
- Load HTTP request from a file.Command:
--retries
- Retries when the connection timeouts (Default: 3).Command:
-s
- Load session from a stored (.sqlite) file.Command:
-x
- Parse target(s) from remote sitemap(.xml) file.Command:
--timeout
- Seconds to wait before timeout connection (Default:Command:
--auth-url
- Login panel URL.Command:
--hostname
- Retrieve current hostname.Command:
--is-admin
- Check if the current user have admin privileges.Command:
-l
- Parse target from HTTP proxy log file.Command:
--skip-waf
- Skip heuristic detection of WAF/IPS/IDS protection.Command:
--sys-info
- Retrieve system information.Command:
--time-sec
- Seconds to delay the OS response (Default: 1).Command:
--tmp-path
- Set the absolute path of web server's temp directory.Command:
--tor-port
- Set Tor proxy port (Default: 8118).Command:
--web-root
- Set the web server document root directory (e.g. '/var/www').Command:
--auth-cred
- HTTP authentication credentials (e.g. 'admin:admin').Command:
--auth-data
- Login parameters and data.Command:
--auth-type
- HTTP authentication type (Basic, Digest, Bearer).Command:
--file-dest
- Host's absolute filepath to write and/or upload to.Command:
--file-read
- Read a file from the target host.Command:
--force-ssl
- Force usage of SSL/HTTPS.Command:
--param-del
- Set character for splitting parameter values.Command:
-p
- Testable parameter(s).Command:
--passwords
- Retrieve system users password hashes.Command:
--skip-calc
- Skip the mathematic calculation during the detectionCommand:
--technique
- Specify injection technique(s) to use.Command:
--tor-check
- Check to see if Tor is used properly.Command:
-v
- Verbosity level (0-4, Default: 0).Command:
--cookie-del
- Set character for splitting cookie values.Command:
--file-write
- Write to a file on the target host.Command:
--no-logging
- Disable logging to a file.Command:
--privileges
- Retrieve system users privileges.Command:
--ps-version
- Retrieve PowerShell's version number.Command:
--shellshock
- The 'shellshock' injection module.Command:
--skip-empty
- Skip testing the parameter(s) with empty value(s).Command:
--url-reload
- Reload target URL after command execution.Command:
--user-agent
- HTTP User-Agent header.Command:
--alter-shell
- Use an alternative os-shell (e.g. 'Python').Command:
--file-upload
- Upload a file on the target host.Command:
--ignore-code
- Ignore (problematic) HTTP error code (e.g. 401).Command:
--current-user
- Retrieve current user name.Command:
--failed-tries
- Set a number of failed injection tries, in file-basedCommand:
--ignore-proxy
- Ignore system default proxy settings.Command:
--list-tampers
- Display list of available tamper scripts.Command:
--random-agent
- Use a randomly selected HTTP User-Agent header.Command:
--crawl-exclude
- Regexp to exclude pages from crawling (e.g. logout).Command:
--flush-session
- Flush session files for current target.Command:
--check-internet
- Check internet connection before assessing the target.Command:
--ignore-session
- Ignore results stored in session file.Command:
--skip-technique
- Specify injection technique(s) to skip.Command:
--drop-set-cookie
- Ignore Set-Cookie header from response.Command:
--skip-heuristics
- Skip heuristic detection for code injection.Command:
--ignore-redirects
- Ignore redirection attempts.Command:
--ignore-dependencies
- Ignore all required third-party library dependencies.