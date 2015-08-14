

CMSmap is an open source Python-based CMS scanner that automates the process of detecting security flaws of the most popular CMSs.

It supports WordPress, Joomla, and Drupal.

Installation

You can download the latest version of CMSmap by cloning the GitHub repository:

git clone https://github.com/Dionach/CMSmap.git

Usage:

CMSmap tool v0.6 - Simple CMS Scanner Author: Mike Manzotti mike.manzotti@dionach.com Usage: cmsmap.py -t <URL> Targets: -t, --target target URL (e.g. 'https://example.com:8080/') -f, --force force scan (W)ordpress, (J)oomla or (D)rupal -F, --fullscan full scan using large plugin lists. False positives and slow! -a, --agent set custom user-agent -T, --threads number of threads (Default: 5) -i, --input scan multiple targets listed in a given text file -o, --output save output in a file --noedb enumerate plugins without searching exploits Brute-Force: -u, --usr username or file -p, --psw password or file --noxmlrpc brute forcing WordPress without XML-RPC Post Exploitation: -k, --crack password hashes file (Require hashcat installed. For WordPress and Joomla only) -w, --wordlist wordlist file Others: -v, --verbose verbose mode (Default: false) -U, --update (C)MSmap, (W)ordpress plugins and themes, (J)oomla components, (D)rupal modules, (A)ll -h, --help show this help Examples: cmsmap.py -t https://example.com cmsmap.py -t https://example.com -f W -F --noedb cmsmap.py -t https://example.com -i targets.txt -o output.txt cmsmap.py -t https://example.com -u admin -p passwords.txt cmsmap.py -k hashes.txt -w passwords.txt