-
Notifications
You must be signed in to change notification settings - Fork 5
/
_commix
128 lines (124 loc) · 6.05 KB
/
_commix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
#compdef commix
local args error_codes
args=(
'-v[Verbosity level (0-4, default: 0)]:()'
'--version[Show version number and exit]'
'--output-dir[Set custom output directory path]:select file:_files -/'
'-s[Load session from a stored (.sqlite) file]:select file:_files'
'--flush-session[Flush session files for current target]'
'--ignore-session[Ignore results stored in session file]'
'-t[Log all HTTP traffic into a textual file]:select file:_files'
'--batch[Never ask for user input, use the default behaviour]'
'--encoding[Force character encoding used for data retrieval (e.g. GBK)]:()'
'--charset[Time-related injection charset (e.g. "0123456789abcdef")]:()'
'--check-internet[Check internet connection before assessing the target]'
{'(--url)-u','(-u)--url'}'[Target URL]:()'
'--url-reload[Reload target URL after command execution]'
'-l[Parse target from HTTP proxy log file]:select file:_files'
'-m[Scan multiple targets given in a textual file]:select file:_files'
'-r[Load HTTP request from a file]:select file:_files'
'--crawl[Crawl the website starting from the target URL (1-2, default: 0)]:()'
'-x[Parse target(s) from remote sitemap(.xml) file]:()'
{'(--data)-d','(-d)--data'}'[Data string to be sent through POST]:()'
'--host[HTTP Host header]:()'
'--referer[HTTP Referer header]:()'
'--user-agent[HTTP User-Agent header]:()'
'--random-agent[Use a randomly selected HTTP User-Agent header]'
'--param-del[Set character for splitting parameter values]:()'
'--cookie[HTTP Cookie header]:()'
'--cookie-del[Set character for splitting cookie values]:()'
{'(--header)-H','(-H)--header'}'[Extra header in format "Header: Value"]:()'
'--headers[Extra headers in format "Header1: Value1\\nHeader2: Value2..."]:()'
'--proxy[Proxy URL to connect to the target URL]:()'
'--tor[Use the Tor network]'
'--tor-port[Set Tor proxy port (default: 8118)]:()'
'--tor-check[Check to see if Tor is used properly]'
'--auth-url[Login panel URL]:()'
'--auth-data[Login parameters and data]:()'
'--auth-type[HTTP authentication type]:select auth type:_values auth_type Basic Digest'
'--auth-cred[HTTP authentication credentials (e.g. 'admin:admin')]:()'
'--ignore-code[Ignore (problematic) HTTP error code (e.g. 401)]:select error code:_values error_code $error_codes'
'--force-ssl[Force usage of SSL/HTTPS]'
'--ignore-redirects[Ignore redirection attempts]'
'--retries[Retries when the connection timeouts (default: 3)]:()'
'--all[Retrieve everything]'
'--current-user[Retrieve current user name]'
'--hostname[Retrieve current hostname]'
'--is-root[Check if the current user have root privileges]'
'--is-admin[Check if the current user have admin privileges]'
'--sys-info[Retrieve system information]'
'--users[Retrieve system users]'
'--passwords[Retrieve system users password hashes]'
'--privileges[Retrieve system users privileges]'
'--ps-version[Retrieve PowerShells version number]'
'--file-read[Read a file from the target host]:()'
'--file-write[Upload a file from local file system on the target host]:select file:_files'
'--file-upload[Upload a file from web on the target host]:()'
'--file-dest[Hosts absolute filepath to write and/or upload to]:()'
'--icmp-exfil[The ICMP exfiltration injection module. (e.g. "ip_src=192.168.178.1,ip_dst=192.168.178.3")]:()'
'--dns-server[The DNS exfiltration injection module. (domain name used for DNS exfiltration attack)]:()'
'--shellshock[The "shellshock" injection module]'
'-p[Comma separated testable parameter(s)]:()'
'--skip[Skip testing for comma separated given parameter(s)]:()'
'--suffix[Injection payload suffix string]:()'
'--prefix[Injection payload prefix string]:()'
'--technique[Specify injection technique(s) to use]:()'
'--skip-technique[Specify injection technique(s) to skip]:()'
'--maxlen[Set the max length of output for time-related injection techniques (default: 10000 chars)]:()'
'--delay[Seconds to delay between each HTTP request]:()'
'--time-sec[Seconds to delay the OS response (default: 1)]:()'
'--tmp-path[Set the absolute path of web servers temp directory]:()'
'--web-root[Set the web server document root directory (e.g. "/var/www")]:()'
'--alter-shell[Use an alternative os-shell (e.g. "Python")]:()'
'--os-cmd[Execute a single operating system command]:()'
'--os[Force back-end operating system (e.g. "Windows" or "Unix")]:()'
'--tamper[Use given script(s) for tampering injection data]:()'
'--msf-path[Set a local path where metasploit is installed]:select file:_files -/'
'--backticks[Use backticks instead of "$()", for commands substitution]'
'--level[Level of tests to perform (1-3, default: 1)]:()'
'--skip-calc[Skip the mathematic calculation during the detection phase]'
'--skip-empty[Skip testing the parameter(s) with empty value(s)]'
'--failed-tries[Set a number of failed injection tries, in file-based technique]:()'
'--dependencies[Check for third-party (non-core) dependencies]'
'--list-tampers[Display list of available tamper scripts]'
'--purge[Safely remove all content from commix data directory]'
'--skip-waf[Skip heuristic detection of WAF/IPS/IDS protection]'
'--mobile[Imitate smartphone through HTTP User-Agent header]'
'--offline[Work in offline mode]'
'--wizard[Simple wizard interface for beginner users]'
'--disable-coloring[Disable console output coloring]'
)
error_codes=(
'400[Bad Request]'
'401[Unauthorized]'
'402[Payment Required]'
'403[Forbidden]'
'404[Not Found]'
'405[Method Not Allowed]'
'406[Not Acceptable]'
'407[Proxy Authentication Required]'
'408[Request Timeout]'
'409[Conflict]'
'410[Gone]'
'411[Length Required]'
'412[Precondition Failed]'
'413[Payload Too Large]'
'414[URI Too Long]'
'415[Unsupported Media Type]'
'416[Range Not Satisfiable]'
'417[Expectation Failed ]'
'418[I’m a teapot]'
'419[Authentication Timeout]'
'421[Misdirected Request]'
'422[Unprocessable Entity]'
'423[Locked]'
'424[Failed Dependency]'
'426[Upgrade Required]'
'428[Precondition Required]'
'429[Too Many Requests]'
'431[Request Header Fields Too Large]'
'449[Retry With]'
'451[Unavailable For Legal Reasons]'
'499[Client Closed Request]'
)
_arguments $args && return 0