Commix - Automatic Command Injection Exploiter Tool


Commix (short for [comm]and [i]njection e[x]ploiter) is an open-source penetration testing tool, written by Anastasios Stasinopoulos (@ancst), that automates the detection and exploitation of command injection vulnerabilities.


You can download commix on any platform by cloning the official Git repository :

 $ git clone commix 

Alternatively, you can download the latest tarballor zipball.

Note: Python (version 2.6, 2.7 or 3.x) is required for running commix.


To get a list of all options and switches use:

 $ python -h 

To get an overview of commix available options, switches and/or basic ideas on how to use commix, check usage, usage examples and filters bypasses wiki pages.