A comprehensive cross-platform GUI wrapper for Commix - Automated Command Injection Exploitation Tool.
- Complete Feature Coverage: All Commix CLI options available through intuitive GUI
- Cross-Platform: Works on Windows, Linux, and macOS
- User-Friendly: Organized tabs for different configuration categories
- Real-Time Output: Live output display with syntax highlighting
- Project Management: Save and load attack configurations
- Command Generation: View and copy generated Commix commands
- Modern Interface: Clean, professional PyQt6-based design
- Python 3.7 or higher
- PyQt6
- Commix (included in the
commix/directory)
git clone <repository-url>
cd Commix-GUICreating a virtual environment ensures clean dependency management and avoids conflicts:
Windows:
python -m venv venv
venv\Scripts\activateLinux/macOS:
python3 -m venv venv
source venv/bin/activatepip install -r requirements.txtOr install manually:
pip install PyQt6Use the cross-platform launcher:
python launch.pyThe launcher will:
- β Automatically detect if you're running as admin/root
- β Prompt you to elevate privileges if beneficial (y/n)
- β Check and install dependencies if missing
- β Detect if Commix is installed
- β Offer to install Commix from GitHub if not found
- β Launch the GUI in your current environment
Privilege Selection:
- Press 'y': Restart with admin/root privileges (recommended for system-wide installation)
- Press 'n': Continue in normal mode (user-level operations only)
The GUI includes an automatic installation system for Commix:
- On first launch, the GUI will detect if Commix is installed
- If not found, it will offer to install the latest version from GitHub
- With admin/root: Installs to system directories (
/opt/commixorProgram Files) - Without admin/root: Installs to user directories (
~/.local/commixor%APPDATA%)
For detailed installation instructions, see docs/INSTALLATION.md
Single Command - All Platforms:
python launch.pyWith Virtual Environment (Recommended):
# Activate venv first
# Windows: venv\Scripts\activate
# Linux/Mac: source venv/bin/activate
python launch.pyFeatures of the Launcher:
- Works from any directory
- Handles privileges intelligently
- Cross-platform compatible
- Auto-detects and installs dependencies
- No path or working directory issues
The launch.py script intelligently handles privileges across all platforms:
- Automatic Detection: Detects if you're already running as admin/root
- Interactive Prompt: Asks if you want to elevate (if not already elevated)
- Smart Elevation:
- Windows: Uses UAC to request admin rights
- Linux/macOS: Uses
sudoto request root privileges
- Continues Gracefully: If you decline or elevation fails, continues in normal mode
- β
System-wide Commix installation (to
/optorProgram Files) - β Creating system symlinks
- β Certain network scan types
- β System-level operations
- β
User-level Commix installation (to
~/.localor%APPDATA%) - β Most scan types
- β Testing and development
- β Standard command injection testing
Windows:
# Right-click command prompt β "Run as administrator", then:
python launch.pyLinux/macOS:
sudo python launch.pyNote: On Linux/macOS, the launcher automatically uses sudo internally when you select 'y' for elevation, so you don't need to run it with sudo manually unless you want to force root mode from the start.
-
Configure Target
- Navigate to the "π― Target" tab
- Enter target URL or load a request file
-
Set Request Options (Optional)
- Configure HTTP headers, cookies, and connection settings in "π‘ Request" tab
- Set up authentication if needed in "π Authentication" tab
-
Configure Injection (Optional)
- Customize injection parameters in "π Injection" tab
- Set detection options in "π Detection" tab
-
Select Post-Exploitation (Optional)
- Choose enumeration options in "π Enumeration" tab
- Configure file access in "π File Access" tab
-
Start Attack
- Click "π Start Attack" button
- Monitor real-time output in the console
-
Save Configuration (Optional)
- Use File β Save Project to save your configuration
- Load later with File β Open Project
- Target URL: Main target URL to test
- Request File: Load HTTP request from file
- Bulk Testing: Test multiple targets from file
- POST Data: Configure POST parameters
- Web Crawler: Enable crawling with depth control
- HTTP Headers: Custom User-Agent, Referer, Host, Cookie
- Connection Options: Timeout, retries, delay
- Proxy & Tor: Proxy configuration and Tor integration
- Error Handling: Abort/ignore specific HTTP codes
- HTTP Authentication: Basic, Digest, Bearer
- Form-Based Auth: Login URL and credentials
- Parameters: Specify which parameters to test/skip
- Payload Customization: Prefix, suffix
- Techniques: Classic, eval, time-based, file-based
- Tamper Scripts: Encoding and evasion scripts
- OS Options: Command execution settings
- Test Level: 1 (basic) to 3 (thorough)
- Smart Detection: Optimize testing based on heuristics
- Calculation Skip: Faster testing
- Empty Parameters: Skip empty value testing
- System Info: Hostname, OS, user information
- Privilege Check: Root/admin status
- User Enumeration: List users, passwords, privileges
- File Read: Read files from target
- File Write: Write content to target
- File Upload: Upload local files
- Shellshock: CVE-2014-6271 detection
- Verbosity: Output detail level (0-4)
- Session Management: Save/load attack sessions
- Logging: Traffic logging and output directory
- Advanced Options: Encoding, charset, time limits
Click "π Generate Command" to:
- View the exact Commix command
- Copy to clipboard for manual execution
- Verify configuration before running
Save configurations as .cproj files:
- All tab settings preserved
- Easy sharing between team members
- Quick setup for repeated tests
The output console provides:
- Color-coded messages (errors, warnings, info)
- Auto-scrolling during execution
- Save output to file
- Copy output to clipboard
This tool is provided for educational and authorized penetration testing purposes only. Users must:
- Only test systems you own or have explicit permission to test
- Comply with all applicable laws and regulations
- Understand that unauthorized access is illegal
- Use responsibly and ethically
The developers assume no liability for misuse or damage caused by this tool.
Ensure the commix/ directory is in the same folder as commix_gui.py:
Commix-GUI/
βββ commix/ β Must exist
β βββ commix.py
βββ commix_gui.py
Reinstall PyQt6:
pip uninstall PyQt6 PyQt6-Qt6 PyQt6-sip
pip install PyQt6Run with appropriate permissions:
sudo python3 commix_gui.py # Only if testing local servicesCheck Python version:
python --version # Should be 3.7+- Commix Documentation: https://commixproject.com
- Commix GitHub: https://github.com/commixproject/commix
- Commix Wiki: https://github.com/commixproject/commix/wiki
Contributions are welcome! Feel free to:
- Report bugs
- Suggest features
- Submit pull requests
- Improve documentation
This GUI wrapper follows the same license as Commix (GPL-3.0).
Commix is developed by Anastasios Stasinopoulos (@ancst).
Note: This is a GUI wrapper for Commix. All credit for the core Commix functionality goes to the original developers.
(Add screenshots here showing different tabs and features)
- Initial release
- All Commix features implemented
- Cross-platform support
- Project save/load functionality
- Real-time output display
- Command generation