Command injection is likely the most dangerous of all known web application attack vectors. Most attackers seek to exploit vulnerabilities in the hope that they will ultimately find a way to execute arbitrary commands on the underlying operating system. Command-execution vulnerabilities provide that capability without any additional steps. In this recipe, we will discuss how to write a custom script for validating remote code-execution vulnerabilities with ICMP traffic.