command-injection
OfficialExploit OS command injection vulnerabilities.
Software Engineering#penetration testing#command injection#rce#vulnerability exploitation#blind injection#os command execution
Authorblacklanternsecurity
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps penetration testers identify and exploit vulnerabilities where user input is passed unsafely to an operating system shell, enabling arbitrary command execution.
Core Features & Use Cases
- OS Command Injection Exploitation: Guides users through identifying and exploiting command injection flaws in web applications.
- Payload Generation: Provides a comprehensive list of operators and bypass techniques for various injection scenarios (Linux/Windows, quoted/unquoted, space/character filters).
- Blind Injection Handling: Offers strategies for time-based and out-of-band (OOB) data exfiltration when command output is not directly visible.
- Use Case: A penetration tester discovers a parameter in a web application that seems to accept shell commands. They use this Skill to test for injection, bypass filters, and ultimately execute commands like
idorwhoamion the target server.
Quick Start
Use the command-injection skill to test for OS command injection in the 'ip' parameter of the URL 'http://example.com/ping?ip=127.0.0.1'.
Dependency Matrix
Required Modules
commix
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: command-injection Download link: https://github.com/blacklanternsecurity/red-run/archive/main.zip#command-injection Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.