Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header.

With each commix run end users are obligated to agree with the following prelude message:

(!) Legal disclaimer: Usage of commix for attacking targets without prior mutual consent is illegal. 
It is the end user's responsibility to obey all applicable local, state and federal laws. 
Developers assume no liability and are not responsible for any misuse or damage caused by this program.

You can download commix on any platform by cloning the official Git repository :

$ git clone https://github.com/commixproject/commix.git commix

Note: Python (version 2.6, 2.7 or 3.x) is required for running commix.

To get a list of all options and switches use:

$ python commix.py -h

To get an overview of commix available options, switches and/or basic ideas on how to use commix, check usage and usage examples wiki pages.

Commix is the outcome of many hours of work and total personal dedication. Feel free to donate via PayPal to donations@commixproject.com and instantly prove your ♥ for it!

• User's manual: https://github.com/commixproject/commix/wiki
• Issues tracker: https://github.com/commixproject/commix/issues