The following tool could be a nice addition to assist pentesters in manual exploitation.
I would suggest to add this as a link to an external command injection plugin:
https://github.com/stasinopoulos/commix
I don't think it would be smart to throw this at a website by default (would slow scans for nothing most of the time, these things are typically best when you find a promising page), although maybe we could have an "aggressive" mode where we do this in a future phase as an active plugin too.
The following tool could be a nice addition to assist pentesters in manual exploitation.
I would suggest to add this as a link to an external command injection plugin:
https://github.com/stasinopoulos/commix
I don't think it would be smart to throw this at a website by default (would slow scans for nothing most of the time, these things are typically best when you find a promising page), although maybe we could have an "aggressive" mode where we do this in a future phase as an active plugin too.