* Package name : commix * Version : 1.1~20160714~git33c8fa * Upstream Author : Anastasios Stasinopoulos * URL or Web page : http://www.commixproject.com/ * License : GPL-3.0+ * Description : Automated All-in-One OS Command Injection and Exploitation Tool It has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or string. Commix is written in Python programming language. Regards
I was going to package commix until i realized that it Depends on metasploit-framework (at least the Kali package does). This is a note for anyone wanting to package commix, you either have to drop that dependency (which probably isn't doable) or package metasploit-framework*. * I will probably package metasploit-framework, if i succeed i'll package commix too (if nobody steps ahead).
Samuel, I hope you are well. While trying to package commix for Debian, I noticed that there was already an RFP request from 2018 and that you had expressed interest in putting it on Debian. After all these years, the project remains active and there have been no updates from you regarding this bug, so I would like to express my interest in proceeding with the packaging. Regarding your comment about the Metasploit dependency observed in the Kali package: after investigating the upstream source code, I realized that this integration has been entirely optional since commit 3bbac0c4, dated October 21, 2016. The combined use with Metasploit can be done through the `--msf-path` option, which allows the user to specify the path where it is installed, but this does not prevent commix from working perfectly without it. As for dependencies, the only real external dependency is colorama (python3-colorama); all other imports are libraries from the Python stdlib. Given the time that has passed, is there any other reason preventing entry into Debian that hasn't been mentioned here? Would there be any problem proceeding with the packaging? If there are no objections, I will convert this RFP to ITP and continue with the packaging. Thank you! Nilson F. Silva
Hello Nilson, I don't know the project's current state, but I don't have any issues with you proceeding. Sure, go ahead, Regards,
Hi Samuel! Regarding its operation, the project is active and functional. I created a manual page for it and tested it with DVWA, and everything worked. Therefore, since you have no objections, I will convert the bug report into an ITP. Thanks! Nilson F. Silva I don't know the project's current state, but I don't have any issues with you proceeding. Sure, go ahead, Regards,
Hello, Bug #833397 in commix reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/pkg-security-team/commix/-/commit/080c90c02e49e44694bedd80594aa419f1ccda80 ------------------------------------------------------------------------ Import Debian changes 4.1-1 commix (4.1-1) unstable; urgency=medium . * Initial release. (Closes: #833397) ------------------------------------------------------------------------ (this message was generated automatically) -- Greetings https://bugs.debian.org/833397