Feature Request: API #27
Assignees
Labels
Comments
|
@ajinabraham thank you for your suggestion. |
|
Does commix have api now? I need it too. |
|
@3xp10it there is no API available (yet), but this is actually on my todo-list. |
|
Hopefully this gets bumped up the todo-list. I develop a Burp extension for integrating sqlmap with Burp, using the sqlmapapi that comes with the tool. I intend to write an extension for commix as well if the API for commix ever gets developed. |
|
:-( |
|
This tool is gold and is designed with a purpose. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Like SQLMap for SQLi, I think Commix is the de facto standard tool for Command Injection.
I am working on a project for automated mobile application security assessment called Mobile Security Framework (MobSF)
https://github.com/ajinabraham/Mobile-Security-Framework-MobSF
So I have a module for Web API testing named the API Fuzzer that will fuzz and uncover security vulnerabilities in the web and backend APIs of mobile apps. I think it's always right to use/integrate existing tools that work great than to reinvent the wheel.
Mobile Security Framework's API Fuzzer can generate random URL / POST Body fuzz points and I think commix works on a single URL/ Body Fuzz field. If we combine the crawling and fuzzing capabilities of MobSF's API Fuzzer and the command injection detection and exploitation of Commix, I think it would become a great product for the community.
If this sounds good to you, All I need from you is an API for commix to which I can send URLs with fuzz point and this api returns an ID and later I can poll back to an API with this ID to see if commix detected a Command Injection. Let me know about your thoughts.
The text was updated successfully, but these errors were encountered: