Now a days, the developer make the things easy for general people that love to you IT stuff. Like something really crazy if people say that they just created their own website, just by drag and drop some contains as per their requirements. Things doesn’t require any coding or programming knowledge. This kind of stuff people can also use online or offline like CMS, because of these lots of people go with default options or some misconfiguration that may not good thing for security perspectives.
What is CMS ?
A content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some examples are: WordPress, Joomla, Drupal etc.
There are may some vulnerabilities related to the CMS or the various plugins used by the user. So the hacker can enumeration of their specific target, and then try to exploit the vulnerabilities related to the CMS version or plugins.
In this post, we are going to learn about enumeration of CMS i.e. nothing but gather information about the CMS use by the target website. For that we are using a tool called CMSeek : CMS Detection and Exploitation Suite, which having lots of features :
- Basic CMS Detection of over 130 CMS
- Drupal version detection
- Advanced WordPress Scans
- Detects Version
- User Enumeration
- Plugins Enumeration
- Theme Enumeration
- Detects Users (3 Detection Methods)
- Looks for Version Vulnerabilities and much more!
- Advanced Joomla Scans
- Version detection
- Backup files finder
- Admin page finder
- Core vulnerability detection
- Directory listing check
- Config leak detection
- Various other checks
Download CMSeek from github :
git clone https://github.com/Tuhinshubhra/CMSeeK.git
Run CMSeek :
cd CMSeek pip/pip3 install -r requirements.txt python3 cmseek.py Examples : python3 cmseek.py -u example.com # Scan example.com python3 cmseek.py -l /home/user/target.txt # Scan the sites specified in target.txt (comma separated)