Web Application

Commix

Automated command-injection exploitation.

webrce

commix — terminal

$ commix -u 'https://site/ping?host=127.0.0.1'

What it does

Commix finds and exploits OS command-injection vulnerabilities in web apps, automating payloads and dropping shells. A focused complement to broader web scanners.

Source

https://github.com/commixproject/commix ↗

More Web Application tools

SQLMapAutomated SQL injection and database takeover.ffufFast web fuzzer for content and parameter discovery.FuzzDBAttack-payload and discovery wordlist library.BeEFBrowser exploitation framework.

Need hosted scanning instead of local tooling?

Run a scan in the browser →