-
Notifications
You must be signed in to change notification settings - Fork 144
/
CMS Vulnerability Scanners
49 lines (33 loc) · 2.65 KB
/
CMS Vulnerability Scanners
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
---------------------------------CMSmap-----------------------------
1. CMSmap - CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool.
-------------------------------Droopescan----------------------------
2. Droopescan - A plugin-based scanner that aids security researchers in identifying issues with several CMS:
- Drupal.
- SilverStripe
- Wordpress
-----------------------------Joomla Scanner-----------------------------
3. OWASP Joomla Vulnerability Scanner - Joomla! is probably the most widely-used CMS out there due to its flexibility, user-friendlinesss, extensibility to name a few.
So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.
It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites.
No web security scanner is dedicated only one CMS.
--------------------------------Wpscan-----------------------------------
4. Wpscan - WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find
security issues.
--url http://yourwebsite.com
–enumerate vp (Checking for Vulnerable Plugins)
–enumerate vt (Checking for Vulnerable Themes)
–enumerate u (Checking User Enumeration)
--url http://yourwebsite.com --wordlist passwords.txt threads 50 (Password Guessing)
If you have a list of passwords, WPScan can use the list to try logging in to each user account that it finds.
https://www.dionach.com/blog/a-case-study-with-wordpress <--- tutorial jak manualnie atakowac wordpressa
Lokalizacja pluginów http://example.com/wp-content/plugins/_name_of_the_plugin_/readme.txt
-------------------------------VbScan------------------------------------
5. VbScan - VBScan is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them.
vBulletin (vB) – popularny komercyjny skrypt internetowego forum dyskusyjnego.
Oprócz typowej funkcji forum dyskusyjnego skrypt używany jest również na stronach firm w celu otrzymywania komentarzy na temat swoich działań i produktów.
-------------------------------MSsc4n--------------------------------------
6. CMSsc4n - Tool to identify if a domain is a CMS such as Wordpress, Moodle, Joomla, Drupal or Prestashop
-------------------------------CMS-Explorer--------------------------------------
7. CMS-Explorer
https://raw.githubusercontent.com/crsftw/OSCP-cheat-sheet/master/ENUMERATION/CMS/cms-explorer-1.0/cms-explorer.pl