Penetration Testing
Command Injection Tester
Comprehensive payload library for testing OS command injection vulnerabilities. Educational tool for security researchers and developers.
Ethical Use Only: These payloads are for authorized security testing and educational purposes only. Unauthorized access to computer systems is illegal.
Payload Categories
Basic Command Chaining
Execute commands after the original command
; ls -laOS: Linux, macOS
Pipe to Command
Pipe output to another command
| cat /etc/passwdOS: Linux, macOS
Command Substitution
Execute command and substitute result
`whoami`OS: Linux, macOS
Subshell Execution
Execute command in subshell
$(id)OS: Linux, macOS
AND Operator
Execute if previous command succeeds
&& cat /etc/shadowOS: Linux, macOS
OR Operator
Execute if previous command fails
|| whoamiOS: Linux, macOS
Background Execution
Run command in background
& sleep 10OS: Linux, macOS
Newline Injection
Inject newline to execute command
cat /etc/passwdOS: Linux, macOS
Prevention Tips: Always validate and sanitize user input. Use parameterized commands or safe APIs. Avoid shell execution when possible. Implement proper input validation, whitelisting, and least privilege principles.