Injection: Command Injection¶

Identifier: command_injection_agent

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Command injection vulnerabilities occur when an application passes unsafe user-supplied data to a system shell, allowing attackers to execute arbitrary operating system commands on the server.

How we test: We use AI-powered analysis to craft OS command injection payloads and test injection points across request parameters, headers, and bodies. We test for blind and output-based command injection using various shell metacharacters and command separators.

References:

https://portswigger.net/web-security/os-command-injection

Configuration¶

Example¶

Example configuration:

---
security_tests:
  command_injection_agent:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.