-
-
Notifications
You must be signed in to change notification settings - Fork 878
Module development
Commix supports modular design, making it easy to extend its capabilities or tailor its behavior by creating and integrating custom Python modules. This flexibility is useful for penetration testers, researchers, and developers who want to experiment with new exploitation techniques or automate specific tasks.
Assume we want to create a simple custom module named new_module.py that prints the message:
Hello world from the new module!
Create a new file named new_module.py and place it in the following directory:
/src/core/modules/
Inside this file, define the main() function as follows:
def main():
print("Hello world from the new module!")
# Additional logic can be added here.This function serves as the module's entry point and can include any Python logic relevant to your testing needs.
After creating the module, you must import and invoke it from within the commix codebase.
Open the file located at:
/src/core/module_handler.py
Locate the load_modules() function and modify it as follows:
def load_modules(url, http_request_method):
# Existing code...
from src.core.modules import new_module # Import your module
new_module.main() # Execute your module's entry point
# Existing code...This ensures your module is loaded and executed during Commix's module-handling phase.
To add a new module to Commix:
- Create a Python script (e.g.,
new_module.py) in/src/core/modules/. - Define a
main()function or any other callable function you plan to use. - Import the module and invoke it inside
load_modules()inmodule_handler.py.
This pattern supports rapid development and testing of new capabilities without deeply modifying the core logic of Commix. It also encourages clean separation of concerns and modular reuse of code.
- Custom payload generation
- Target-specific vulnerability fingerprinting
- Extended reporting or output formatting
- Integration with external tools or platforms
- Automated post-exploitation routines
By leveraging this extensibility, users can adapt Commix to fit specialized workflows or research requirements.
At the right side panel, you can find detailed information about Commix Project.
- Usage - Exhaustive breakdown of all options and switches together with examples
- Techniques - Techniques supported by commix
- Download and update - Keep it up-to-date
- Module development - Comprehensive guide for extending commix by developing custom modules
- Third party libraries - Breakdown of third-party components utilized in commix
- License - Copyright information
- Usage examples - Real-world examples of using commix across vulnerable applications
- Filters bypass examples - Payloads and techniques used to evade input filters
- Getting shells - Examples of using commix to gain shell
- Presentations - Conference talks, demos, and public presentations where commix has been featured or discussed.
- Screenshots - Visual examples of commix in action
- Third party references - References to commix in books, articles, research papers, blog posts, etc
- Command injection testbeds - A curated list of intentionally vulnerable web applications and platforms for safely testing commix