AIO OS Command Injection and Exploitation Tool: Commix

ID N0WHERE:52648
Type n0where
Reporter N0where
Modified 2018-03-12T16:21:29


Commix (short for [ comm ]and [ i ]njection e[ x ]ploiter) is an automated tool written by Anastasios Stasinopoulos ( @ancst ) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header.


Easy to Use

It is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header(s).

Batteries Included

Everything you need to perform effective OS command injection attacks against multiple operating systems and applications is included.


You are able to develop and easily import your own modules in order to increase the capabilities of commix and/or adapt it to your needs.


It is compatible with multiple penetration testing tools and freamworks (i.e Metasploit Freamwork, BurpSuite, SQLMap etc) thereby the success rate of a penetration test is increased.

All Platforms

It is Written in Python! No need to compile anything, only Python (version 2.6.x or 2.7.x) is required to be installed for Commix to run over Linux ( _ ), Mac OSX ( _ ) and Windows ( _ _ ).

Free / Open Source

It is a free (as in beer!) and open source project licensed under the GPLv3 License


This tool is only for testing and academic purposes and can only be used where strict consent has been given. Do not use it for illegal purposes!


Python version 2.6.x or 2.7.x is required for running this program.


Download commix by cloning the Git repository:

git clone commix

Commix comes packaged on the official repositories of the following Linux distributions, so you can use the package manager to install it!

Commix also comes as a plugin , on the following penetration testing frameworks:

Supported Platforms

  • Linux
  • Mac OS X
  • Windows (experimental)


To get a list of all options and switches use:

python -h

Command Injection Exploiter: Commix presentation

Command Injection Exploiter: Commix download