Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilitiesrelated to command injection attacks.
By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header.
Changelog v2.5
- Fixed: Multiple bug-fixes regarding several reported unhandled exceptions.
- Revised: Improvement regarding identifying the appropriate format parameters, in the provided POST data.
- Added: Support regarding recognition of generic “your ip has been blocked” messages.
- Added: Support regarding checking for potential browser verification protection mechanism.
- Added: Support regarding checking for potential CAPTCHA protection mechanism.
- Revised: The separators list, has been shortly revised.
- Revised: Minor improvement regarding the extracted HTTP response headers.
- Added: New tamper script “nested.py” that adds double quotes around of the generated payloads (for *nix targets).
- Fixed: Minor bug-fix regarding performing injections through HTTP Headers (e.g User-Agent, Referer, Host etc).
- Fixed: Major bug-fixes regarding testing time-related (“time-based”/”tempfile-based”) payloads.
- Added: New tamper script “backslashes.py” that adds back slashes () between the characters of the generated payloads (for *nix targets).
- Fixed: Minor bug-fix regarding unicode decode exception error due to invalid codec, during connection on target host.
- Revised: Improvement regarding combining tamper script “multiplespaces.py” with other space-related tamper script(s).
- Added: New tamper script “multiplespaces.py” that adds multiple spaces around OS commands.
Source :
Copyright (c) 2014-2018 Anastasios Stasinopoulos
Hello, Viewers We offer timely analysis and in-person experiences that form the basis of our professional articles. Our editorial section is a reflection of the emerging technology trends. Our tagline “Fresh News of Technology and More” tries to address the same diversity. 
No comments:
Post a Comment