Commix

VERIFIED

Automated OS command injection exploitation tool

Web Application HackingOSS

Intermediate

LinuxWindowsmacOS

Description

Commix (Command Injection Exploiter) is an automated tool for detecting and exploiting command injection vulnerabilities in web applications. It supports results-based, blind time-based, and blind file-based command injection techniques across Unix and Windows targets.

Use Cases

Detect and exploit OS command injection vulnerabilities
Test web applications for blind command injection flaws
Automate command injection exploitation during penetration tests

Attack Phases

01. RECON

02. SCAN

03. EXPLOIT

04. PERSIST

05. COVER

MITRE ATT&CK Techniques (2)

T1059Command and Scripting Interpreter

Related Tools (3)

Burp Suite SQLMap OWASP ZAP