mg-cmdinject

Purpose

Detects OS command injection using three strategies: blind OOB detection (reads callbacks from mg-oob), error-based detection via known error strings in responses, and time-based blind detection with sequential per-parameter baselining. Endpoints are sourced from the crawl corpus.

Output

• cmdinject/results-<timestamp>.json — per-parameter findings with strategy, payload, and evidence.

CLI

mg-cmdinject acme-bounty
mg-cmdinject acme-bounty --oob-url https://oob.example.com/token

Notes

• Blind OOB mode requires mg-oob running to capture inbound callbacks.
• Time-based probes baseline each parameter first, then run sequentially to avoid load-induced false positives.
• Run mg-crawl first to populate the endpoint corpus.