Skip to content

thenameisnigel-old/commix

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

135 Commits

readme

readme

 
 

src

src

 
 

README.md

README.md

 
 

commix.py

commix.py

 
 

Repository files navigation

                                       __
   ___    ___     ___ ___     ___ ___ /\_\   __  _ 
  /'___\ / __`\ /' __` __`\ /' __` __`\/\ \ /\ \/'\
 /\ \__//\ \L\ \/\ \/\ \/\ \/\ \/\ \/\ \ \ \\/>  </
 \ \____\ \____/\ \_\ \_\ \_\ \_\ \_\ \_\ \_\/\_/\_\
  \/____/\/___/  \/_/\/_/\/_/\/_/\/_/\/_/\/_/\//\/_/ { v0.1b }

+--
Automated All-in-One OS Command Injection and Exploitation Tool
Copyright (c) 2015 Anastasios Stasinopoulos (@ancst)
+--

#General Information Commix (short for [comm]and [i]njection e[x]ploiter) has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or string. Commix is written in Python programming language.

#Disclaimer The tool is only for testing and academic purposes and can only be used where strict consent has been given. Do not use it for illegal purposes!!

#Requirements Python version 2.6.x or 2.7.x is required for running this program.

#Installation Commix comes packaged on the official repositories, of the following Linux distributions:

Download commix by cloning the Git repository:

git clone https://github.com/stasinopoulos/commix.git commix

#Usage Usage : python commix.py [options]

####Options -h, --help Show help and exit. --verbose Enable the verbose mode. --install Install 'commix' to your system. --version Show version number and exit. --update Check for updates (apply if any) and exit.

####Target This options has to be provided, to define the target URL.

--url=URL           Target URL
--url-reload        Reload target URL after command execution.

####Request These options can be used, to specify how to connect to the target URL.

--host=HOST         HTTP Host header.
--referer=REFERER   HTTP Referer header.
--user-agent=AGENT  HTTP User-Agent header.
--cookie=COOKIE     HTTP Cookie header.
--random-agent      Use a randomly selected HTTP User-Agent header.
--headers=HEADERS   Extra headers (e.g. 'Header1:Value1\nHeader2:Value2').
--proxy=PROXY       Use a HTTP proxy (e.g. '127.0.0.1:8080').
--auth-url=AUTH_..  Login panel URL.
--auth-data=AUTH..  Login parameters and data.
--auth-type=AUTH..  HTTP authentication type (e.g. 'basic').
--auth-cred=AUTH..  HTTP Authentication credentials (e.g. 'admin:admin').

####Enumeration These options can be used, to enumerate the target host.

--current-user      Retrieve current user name.
--hostname          Retrieve current hostname.
--is-root           Check if the current user have root privs.
--sys-info          Retrieve system information.
--users             Retrieve system users.
--passwords         Retrieve system users password hashes.
--privileges        Retrieve system users privileges.

####File access These options can be used to access files on the target host.

--file-read=FILE..  Read a file from the target host.
--file-write=FIL..  Write to a file on the target host.
--file-upload=FI..  Upload a file on the target host.
--file-dest=FILE..  Host's absolute filepath to write and/or upload to.

####Injection These options can be used, to specify which parameters to inject and to provide custom injection payloads.

--data=DATA         POST data to inject (use 'INJECT_HERE' tag to specify
                    the testable parameter).
--suffix=SUFFIX     Injection payload suffix string.
--prefix=PREFIX     Injection payload prefix string.
--technique=TECH    Specify a certain injection technique : 'classic',
                    'eval-based', 'time-based' or 'file-based'.
--maxlen=MAXLEN     The length of the output on time-based technique
                    (Default: 10000 chars).
--delay=DELAY       Set Time-delay for time-based and file-based
                    techniques (Default: 1 sec).
--base64            Use Base64 (enc)/(de)code trick to prevent false-
                    positive results.
--tmp-path=TMP_P..  Set remote absolute path of temporary files directory.
--root-dir=SRV_R..  Set remote absolute path of web server's root
                    directory (Default: /var/www/).
--icmp-exfil=IP_..  Use the ICMP exfiltration technique (e.g.
                    'ip_src=192.168.178.1,ip_dst=192.168.178.3').
--alter-shell=AL..  Use an alternative os-shell (e.g. Python).
--os-cmd=OS_CMD     Execute a single operating system command.

####Usage Examples So, do you want to get some ideas on how to use commix? Just go and check 'usage examples' wiki page, where there are several test cases / attack scenarios.

####Upload shells Commix enables you to upload web-shells (e.g metasploit PHP meterpreter) easily on target host. For more, check 'upload shells' wiki page.

####Command injection testbeds A collection of pwnable VMs, that includes web apps vulnerable to command injections.

####Exploitation Demos

####Bugs and enhancements For bug reports or enhancements, please open an issue here.

####Supported platforms

  • Linux
  • Mac OS X

[![][img]][txt] [img]: https://cdn3.iconfinder.com/data/icons/peelicons-vol-1/50/Twitter-32.png (Follow @commixproject :)) [txt]: http://www.twitter.com/commixproject

About

Automated All-in-One OS Command Injection and Exploitation Tool

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%