A python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs

Related tags

CMS Cms_Scanner
Overview

CMSmap

CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool.

At the moment, CMSs supported by CMSmap are WordPress, Joomla, Drupal and Moodle.

Please note that this project is an early state. As such, you might find bugs, flaws or mulfunctions. Use it at your own risk!

Preview

Installation

You can download the latest version of CMSmap by cloning the GitHub repository:

 git clone https://github.com/Dionach/CMSmap

Then you need to configure the edbtype and edbpath settings in the cmsmap.conf. Use GIT if you have a local Git repository of Exploit-db :

[exploitdb]
edbtype = GIT
edbpath = /opt/exploitdb/

Alternatively, use APT if you have installed the debian exploitdb package. For Kali, use the following settings :

[exploitdb]
edbtype = APT
edbpath = /usr/share/exploitdb/

If you would like to run cmsmap from anywhere in your system you can install it with pip3 :

cd CMSmap
pip3 install .

To uninstall it :

pip3 uninstall cmsmap -y

Usage

usage: cmsmap [-f W/J/D] [-F] [-t] [-a] [-H] [-i] [-o] [-E] [-d] [-u] [-p]
              [-x] [-k] [-w] [-v] [-h] [-D] [-U W/J/D]
              [target]

CMSmap tool v1.0 - Simple CMS Scanner
Author: Mike Manzotti

Scan:
  target                target URL (e.g. 'https://example.com:8080/')
  -f W/J/D, --force W/J/D
                        force scan (W)ordpress, (J)oomla or (D)rupal
  -F, --fullscan        full scan using large plugin lists. False positives and slow!
  -t , --threads        number of threads (Default 5)
  -a , --agent          set custom user-agent
  -H , --header         add custom header (e.g. 'Authorization: Basic ABCD...')
  -i , --input          scan multiple targets listed in a given file
  -o , --output         save output in a file
  -E, --noedb           enumerate plugins without searching exploits
  -c, --nocleanurls     disable clean urls for Drupal only
  -s, --nosslcheck      don't validate the server's certificate
  -d, --dictattack      run low intense dictionary attack during scanning (5 attempts per user)

Brute-Force:
  -u , --usr            username or username file
  -p , --psw            password or password file
  -x, --noxmlrpc        brute forcing WordPress without XML-RPC

Post Exploitation:
  -k , --crack          password hashes file (Require hashcat installed. For WordPress and Joomla only)
  -w , --wordlist       wordlist file

Others:
  -v, --verbose         verbose mode (Default false)
  -h, --help            show this help message and exit
  -D, --default         rum CMSmap with default options
  -U, --update          use (C)MSmap, (P)lugins or (PC) for both

Examples:
  cmsmap.py https://example.com
  cmsmap.py https://example.com -f W -F --noedb -d
  cmsmap.py https://example.com -i targets.txt -o output.txt
  cmsmap.py https://example.com -u admin -p passwords.txt
  cmsmap.py -k hashes.txt -w passwords.txt

Contribution guidelines

If you want to contribute to CMSmap, be sure to review the contribution guidelines.

Disclaimer

Usage of CMSmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume NO liability and are NOT responsible for any misuse or damage caused by this program.

You might also like...
Open Source CRM based on Django

Django-CRM Django CRM is opensource CRM developed on django framework. It has all the basic features of CRM to start with. We welcome code contributio

 ConnectLearn is an easy to use and deploy Open-Source Project meant to make it easier for the right students to find the right teachers online.
ConnectLearn is an easy to use and deploy Open-Source Project meant to make it easier for the right students to find the right teachers online.

ConnectLearn ConnectLearn is an easy to use and deploy Open-Source Project meant to make it easier for the right students to find the right teachers o

wger Workout Manager is a free, open source web application that helps you manage your personal workouts, weight and diet plans and can also be used as a simple gym management utility.
wger Workout Manager is a free, open source web application that helps you manage your personal workouts, weight and diet plans and can also be used as a simple gym management utility.

wger (ˈvɛɡɐ) Workout Manager is a free, open source web application that helps you manage your personal workouts, weight and diet plans and can also be used as a simple gym management utility.

A modular, high performance, headless e-commerce platform built with Python, GraphQL, Django, and ReactJS.
A modular, high performance, headless e-commerce platform built with Python, GraphQL, Django, and ReactJS.

Saleor Commerce Customer-centric e-commerce on a modern stack A headless, GraphQL-first e-commerce platform delivering ultra-fast, dynamic, personaliz

Python scripts to interact with the CakeCMS API.

Python scripts to interact with the CakeCMS API. Installation of the python module Prerequisites The cakecms module has to be installed first. Install

Aircache is an open-source caching and security solution that can be integrated with most decoupled apps that use REST APIs for communicating.

AirCache Aircache is an open-source caching and security solution that can be integrated with most decoupled apps that use REST APIs for communicating

A collection of scripts to steal BTC from Lightning Network enabled custodial services. Only for educational purpose! Share your findings only when design flaws are fixed.

Lightning Network Fee Siphoning Attack LN-fee-siphoning is a collection of scripts to subtract BTC from Lightning Network enabled custodial services b

A collection of scripts to steal BTC from Lightning Network enabled custodial services. Only for educational purpose! Share your findings only when design flaws are fixed.

Lightning Network Fee Siphoning Attack LN-fee-siphoning is a collection of scripts to subtract BTC from Lightning Network enabled custodial services b

A python script that enables a raspberry pi sd card through the CLI and automates the process of configuring network details and ssh.

This project is one script (wpa_helper.py) written in python that will allow for the user to automate the proccess of setting up a new boot disk and configuring ssh and network settings for the pi

FFPuppet is a Python module that automates browser process related tasks to aid in fuzzing
FFPuppet is a Python module that automates browser process related tasks to aid in fuzzing

FFPuppet FFPuppet is a Python module that automates browser process related tasks to aid in fuzzing. Happy bug hunting! Are you fuzzing the browser? G

Django CMS Project for quicksetup with minimal installation process.

Django CMS Project for quicksetup with minimal installation process.

An open source CMS, in python and integrable in Django

Python CMS based on the Django Framework

Automates the process to obtain an appointment for NIE in spain.

get-nie-appointment A Python script that automates the process of getting an appointment for NIE assignation. It can be modified in order to change th

This is a Python bot, which automates logging in, purchasing and planting the seeds. Open source bot and completely free.
This is a Python bot, which automates logging in, purchasing and planting the seeds. Open source bot and completely free.

🌻 Sunflower Land Bot 🌻 ⚠️ Warning I am not responsible for any penalties incurred by those who use the bot, use it at your own risk. This BOT is com

An automated header extensive scanner for detecting log4j RCE CVE-2021-44228

log4j An automated header extensive scanner for detecting log4j RCE CVE-2021-44228 Usage $ python3 log4j.py -l urls.txt --dns-log REPLACE_THIS.dnslog.

USSR-Scanner - USSR Scanner with python
USSR-Scanner - USSR Scanner with python

Purposes ? Hey there is abosolutely no need to do this we do it only to irritate

Sukoku-solver Python About Sudoku is one of the most popular puzzle games of all time
Sukoku-solver Python About Sudoku is one of the most popular puzzle games of all time

Sukoku-solver Python About Sudoku is one of the most popular puzzle games of all time. As a logic puzzle, Sudoku is also an excellent brain game. Bein

Js File Scanner This is Js File Scanner
Js File Scanner This is Js File Scanner

Js File Scanner This is Js File Scanner . Which are scan in js file and find juicy information Toke,Password Etc.

Owner
RazzorBack
"Silent Is Better Than Bullshit."
RazzorBack
An open source CMS, in python and integrable in Django

Python CMS based on the Django Framework

Titouan Bénard 0 Sep 10, 2021
Ella is a CMS based on Python web framework Django with a main focus on high-traffic news websites and Internet magazines.

Ella CMS Ella is opensource CMS based on Django framework, designed for flexibility. It is composed from several modules: Ella core is the main module

null 295 Oct 16, 2022
A Django-based CMS with a focus on extensibility and concise code

FeinCMS - An extensible Django-based CMS When was the last time, that a pre-built software package you wanted to use got many things right, but in the

FeinCMS 847 Jan 7, 2023
Kotti is a high-level, Pythonic web application framework based on Pyramid and SQLAlchemy. It includes an extensible Content Management System called the Kotti CMS.

Kotti Kotti is a high-level, Pythonic web application framework based on Pyramid and SQLAlchemy. It includes an extensible Content Management System c

Kotti 394 Jan 7, 2023
CMS framework for Django

Created by Stephen McDonald Overview Mezzanine is a powerful, consistent, and flexible content management platform. Built using the Django framework,

Stephen McDonald 4.6k Dec 29, 2022
The easy-to-use and developer-friendly CMS

django CMS Open source enterprise content management system based on the Django framework and backed by the non-profit django CMS Association. Get inv

django CMS Association 9.1k Jan 4, 2023
The easy-to-use and developer-friendly CMS

django CMS Open source enterprise content management system based on the Django framework and backed by the non-profit django CMS Association. Get inv

django CMS Association 9.1k Jan 8, 2023
The Plone CMS: root integration package

About Plone Plone is a mature, secure and user-friendly Content Management System (CMS). Plone - and the Open Source community behind it - aggregates

Plone Foundation 200 Jan 8, 2023
Random tarot card generator + rudimentary Django CMS

TAROT JUICER This is a rudimentary Django-based CMS which dynamically presents tarot-related content placed onto unconventional but familiar contexts

Kyle Rafa Lazaro 7 Apr 26, 2022
A plugin for Wagtail CMS, to have Icon Blocks (Fontawesome support)

WAGTAIL ICONIFY Library developed for Wagtail CMS, its purpose is to provide icon blocks from various libraries Special thanks to Alex Gleason, as wel

null 2 Jun 7, 2022