Home Security Tools CMSEEK- CMS Detection and Exploitation suite – Scan WordPress, Joomla, Drupal Platform Web sites

CMSEEK- CMS Detection and Exploitation suite – Scan WordPress, Joomla, Drupal Platform Web sites

by ethhack
CMSEEK- CMS Detection and Exploitation suite

CMS Detection and Exploitation suite – Scan WordPress, Joomla, Drupal and 150 different CMSs 

What’s CMS?

A content material administration system (CMS) manages the creation and modification of digital content material. It usually helps a number of customers in a collaborative atmosphere. Some notable examples are: WordPress, Joomla, Drupal and many others.

Features Of CMSeek:

  1. Fundamental CMS Detection of over 155 CMS
  2. Drupal model detection
  3. Superior WordPress Scans
  • Detects Model
  • Person Enumeration
  • Plugins Enumeration
  • Theme Enumeration
  • Detects Customers (three Detection Strategies)
  • Seems to be for Model Vulnerabilities and far more!

Superior Joomla Scans

  • Model detection
  • Backup information finder
  • Admin web page finder
  • Core vulnerability detection
  • Listing itemizing examine
  • Config leak detection
  • Numerous different checks

Modular bruteforce system

  • Use pre made bruteforce modules or create your individual and combine with it

Necessities and Compatibility:

CMSeeK is constructed utilizing python3, you have to python3 to run this device and is compitable with unix primarily based techniques as of now. Home windows help might be added later. CMSeeK depends on git for auto-update so ensure git is put in.

Set up and Utilization:

It’s pretty straightforward to make use of CMSeeK, simply be sure to have python3 and git (only for cloning the repo) put in and use the next instructions:

git clone https://github.com/Tuhinshubhra/CMSeeK
cd CMSeeK
pip/pip3 set up -r necessities.txt

For guided scanning:

python3 cmseek.py


python3 cmseek.py -u […]

Assist menu from this system:

       python3 cmseek.py (for a guided scanning) OR
       python3 cmseek.py [OPTIONS]

      -u URL, –url URL            Goal Url
      -l LIST, -list LIST          path of the file containing checklist of web sites
                                   for multi-site scan (comma separated)
      –follow-redirect            Follows all/any redirect(s)
      –no-redirect                Skips all redirects and checks the enter goal(s)

      -r, –random-agent           Use a random consumer agent
      –googlebot                  Use Google bot consumer agent
      –user-agent USER_AGENT      Specify a customized consumer agent

      -v, –verbose                Improve output verbosity

      –update                     Replace CMSeeK (Requires git)
      –version                    Present CMSeeK model and exit

      -h, –help                   Present this assist message and exit
      –clear-result               Delete all of the scan consequence

      python3 cmseek.py -u instance.com                           # Scan instance.com
      python3 cmseek.py -l /residence/consumer/goal.txt                 # Scan the websites laid out in goal.txt (comma separated)
      python3 cmseek.py -u instance.com –user-agent Mozilla 5.0  # Scan instance.com utilizing customized user-Agent Mozilla is 5.Zero used right here
      python3 cmseek.py -u instance.com –random-agent            # Scan instance.com utilizing a random user-Agent
      python3 cmseek.py -v -u instance.com                        # enabling verbose output whereas scanning instance.com

Checking For Replace:

You may examine for replace both from the primary menu or use python3 cmseek.py –update to examine for replace and apply auto replace.

P.S: Please be sure to have git put in, CMSeeK makes use of git to use auto replace.

Detection Strategies:

CMSeek detects CMS by way of the next:

  • HTTP Headers
  • Generator meta tag
  • Web page supply code
  • robots.txt

Supported CMSs:
CMSeeK at present can detect 157 CMS. Verify the checklist right here: cmss.py file which is current within the cmseekdb listing. All of the cmss are saved within the following approach:

 cmsID = {
   ‘identify’:’Title Of CMS’,
   ‘url’:’Official URL of the CMS’,
   ‘vd’:’Model Detection (Zero for no, 1 for sure)’,
   ‘deeps’:’Deep Scan (Zero for no 1 for sure)’

Scan Consequence:
Your whole scan outcomes are saved in a json file named cms.json, you will discover the logs contained in the Consequence listing, and as of the bruteforce outcomes they’re saved in a txt file beneath the location’s consequence listing as effectively.

Right here is an instance of the json report log:

Bruteforce Modules:

CMSeek has a modular bruteforce system which means you possibly can add your customized made bruteforce modules to work with cmseek. A correct documentation for creating modules might be created shortly however in case you already discovered (fairly straightforward when you analyze the pre-made modules) all you might want to do is that this:

Add a remark precisely like this # Bruteforce module. This may assist CMSeeK to know the identify of the CMS utilizing regex

Add one other remark ### cmseekbruteforcemodule, it will assist CMSeeK to know it’s a module

Copy and paste the module within the brutecms listing beneath CMSeeK’s listing

Open CMSeeK and Rebuild Cache utilizing U because the enter within the first menu.

If every thing is completed proper you may see one thing like this (check with screenshot under) and your module might be listed in bruteforce menu the following time you open CMSeeK.

Want Extra Causes To Use CMSeeK?

If not something you possibly can at all times get pleasure from exiting CMSeeK (please do not), it is going to bid you goodbye in a random goodbye message in numerous languages.

Download CMSEEK


Predominant Males

Scan Consequence

WordPress Scan Consequence

Utilization of CMSeeK for testing or exploiting web sites with out prior mutual consistency may be thought-about as an criminality. It’s the last consumer’s accountability to obey all relevant native, state and federal legal guidelines. Authors assume no legal responsibility and should not answerable for any misuse or injury attributable to this program.

Source link

Related Articles

Leave a Comment