Skip to content

Usage

Jump to bottom
Anastasios Stasinopoulos edited this page Feb 9, 2024 · 54 revisions 
Usage: python commix.py [option(s)]

Options:
  -h, --help            Show help and exit.

  General:
    These options relate to general matters.

    -v VERBOSE          Verbosity level (0-4, Default: 0).
    --install           Install commix to your system.
    --version           Show version number and exit.
    --update            Check for updates (apply if any) and exit.
    --output-dir=OUT..  Set custom output directory path.
    -s SESSION_FILE     Load session from a stored (.sqlite) file.
    --flush-session     Flush session files for current target.
    --ignore-session    Ignore results stored in session file.
    -t TRAFFIC_FILE     Log all HTTP traffic into a textual file.
    --time-limit=TIM..  Run with a time limit in seconds (e.g. 3600).
    --batch             Never ask for user input, use the default behaviour.
    --skip-heuristics   Skip heuristic detection for code injection.
    --codec=CODEC       Force codec for character encoding (e.g. 'ascii').
    --charset=CHARSET   Time-related injection charset (e.g.
                        '0123456789abcdef').
    --check-internet    Check internet connection before assessing the target.
    --answers=ANSWERS   Set predefined answers (e.g. 'quit=N,follow=N').

  Target:
    This options has to be provided, to define the target URL.

    -u URL, --url=URL   Target URL.
    --url-reload        Reload target URL after command execution.
    -l LOGFILE          Parse target from HTTP proxy log file.
    -m BULKFILE         Scan multiple targets given in a textual file.
    -r REQUESTFILE      Load HTTP request from a file.
    --crawl=CRAWLDEPTH  Crawl the website starting from the target URL
                        (Default: 1).
    --crawl-exclude=..  Regexp to exclude pages from crawling (e.g. 'logout').
    -x SITEMAP_URL      Parse target(s) from remote sitemap(.xml) file.
    --method=METHOD     Force usage of given HTTP method (e.g. 'PUT').

  Request:
    These options can be used to specify how to connect to the target URL.

    -d DATA, --data=..  Data string to be sent through POST.
    --host=HOST         HTTP Host header.
    --referer=REFERER   HTTP Referer header.
    --user-agent=AGENT  HTTP User-Agent header.
    --random-agent      Use a randomly selected HTTP User-Agent header.
    --param-del=PDEL    Set character for splitting parameter values.
    --cookie=COOKIE     HTTP Cookie header.
    --cookie-del=CDEL   Set character for splitting cookie values.
    -H HEADER, --hea..  Extra header (e.g. 'X-Forwarded-For: 127.0.0.1').
    --headers=HEADERS   Extra headers (e.g. 'Accept-Language: fr\nETag: 123').
    --proxy=PROXY       Use a proxy to connect to the target URL.
    --tor               Use the Tor network.
    --tor-port=TOR_P..  Set Tor proxy port (Default: 8118).
    --tor-check         Check to see if Tor is used properly.
    --auth-url=AUTH_..  Login panel URL.
    --auth-data=AUTH..  Login parameters and data.
    --auth-type=AUTH..  HTTP authentication type (Basic, Digest, Bearer).
    --auth-cred=AUTH..  HTTP authentication credentials (e.g. 'admin:admin').
    --ignore-code=IG..  Ignore (problematic) HTTP error code (e.g. 401).
    --force-ssl         Force usage of SSL/HTTPS.
    --ignore-proxy      Ignore system default proxy settings.
    --ignore-redirects  Ignore redirection attempts.
    --timeout=TIMEOUT   Seconds to wait before timeout connection (Default:
                        30).
    --retries=RETRIES   Retries when the connection timeouts (Default: 3).
    --drop-set-cookie   Ignore Set-Cookie header from response.

  Enumeration:
    These options can be used to enumerate the target host.

    --all               Retrieve everything.
    --current-user      Retrieve current user name.
    --hostname          Retrieve current hostname.
    --is-root           Check if the current user have root privileges.
    --is-admin          Check if the current user have admin privileges.
    --sys-info          Retrieve system information.
    --users             Retrieve system users.
    --passwords         Retrieve system users password hashes.
    --privileges        Retrieve system users privileges.
    --ps-version        Retrieve PowerShell's version number.

  File access:
    These options can be used to access files on the target host.

    --file-read=FILE..  Read a file from the target host.
    --file-write=FIL..  Write to a file on the target host.
    --file-upload=FI..  Upload a file on the target host.
    --file-dest=FILE..  Host's absolute filepath to write and/or upload to.

  Modules:
    These options can be used increase the detection and/or injection
    capabilities.

    --shellshock        The 'shellshock' injection module.

  Injection:
    These options can be used to specify which parameters to inject and to
    provide custom injection payloads.

    -p TEST_PARAMETER   Testable parameter(s).
    --skip=SKIP_PARA..  Skip testing for given parameter(s).
    --suffix=SUFFIX     Injection payload suffix string.
    --prefix=PREFIX     Injection payload prefix string.
    --technique=TECH    Specify injection technique(s) to use.
    --skip-technique..  Specify injection technique(s) to skip.
    --maxlen=MAXLEN     Set the max length of output for time-related
                        injection techniques (Default: 10000 chars).
    --delay=DELAY       Seconds to delay between each HTTP request.
    --time-sec=TIMESEC  Seconds to delay the OS response (Default: 1).
    --tmp-path=TMP_P..  Set the absolute path of web server's temp directory.
    --web-root=WEB_R..  Set the web server document root directory (e.g.
                        '/var/www').
    --alter-shell=AL..  Use an alternative os-shell (e.g. 'Python').
    --os-cmd=OS_CMD     Execute a single operating system command.
    --os=OS             Force back-end operating system (e.g. 'Windows' or
                        'Unix').
    --tamper=TAMPER     Use given script(s) for tampering injection data.
    --msf-path=MSF_P..  Set a local path where metasploit is installed.

  Detection:
    These options can be used to customize the detection phase.

    --level=LEVEL       Level of tests to perform (1-3, Default: 1).
    --skip-calc         Skip the mathematic calculation during the detection
                        phase.
    --skip-empty        Skip testing the parameter(s) with empty value(s).
    --failed-tries=F..  Set a number of failed injection tries, in file-based
                        technique.
    --smart             Perform thorough tests only if positive heuristic(s).

  Miscellaneous:
    --ignore-depende..  Ignore all required third-party library dependencies.
    --list-tampers      Display list of available tamper scripts.
    --alert=ALERT       Run host OS command(s) when injection point is found.
    --no-logging        Disable logging to a file.
    --purge             Safely remove all content from commix data directory.
    --skip-waf          Skip heuristic detection of WAF/IPS/IDS protection.
    --mobile            Imitate smartphone through HTTP User-Agent header.
    --offline           Work in offline mode.
    --wizard            Simple wizard interface for beginner users.
    --disable-coloring  Disable console output coloring.

At the right side panel, you can find detailed information about Commix Project.

Contents

User's manual

Exploitation

Miscellaneous

Clone this wiki locally