CMSmap is an open source project written in Python that helps automate the process of vulnerability scanning and detection in WordPress, Joomla, Drupal, and Moodle.
This tool is not only useful for detecting security flaws in these four popular CMS but also for running actual brute force attacks and launching exploits once a vulnerability has been found.
Main features include:
- Supports multiple scan threats
- Ability to set custom user-agent and header
- Support for SSL encryption.
- Verbose mode for debugging purposes
- Saves output in a text file.
CMSmap is a multithreading tool, and by default is set to 5 threads. This is to reduce the likelihood of causing denial of service on the target website. However, there is an option that allows a user to increase the number of threads, and thus the speed of scanning.
CMSmap is meant to be easy to use, in sense that the only mandatory option is the target URL. However, CMSmap includes a brute-forcing module as well. If the user wants to run a brute-forcing attack, password/username files must be provided along with the URL. By default, Drupal is the only CMS that will lockout user accounts after a certain number of failed attempts. This means that unless a specific security plugin is installed you are pretty much free to brute force WordPress and Joomla login forms.
You can download the latest version of CMSmap by cloning the GitHub repository:
git clone https://github.com/Dionach/CMSmap
Then you need to configure the
edbpath settings in the
GIT if you have a local Git repository of Exploit-db :
[exploitdb] edbtype = GIT edbpath = /opt/exploitdb/
APT if you have installed the
debian exploitdb package. For Kali, use the following settings :
[exploitdb] edbtype = APT edbpath = /usr/share/exploitdb/
If you would like to run
cmsmap from anywhere in your system you can install it with
cd CMSmap pip3 install .
To uninstall it :
Hope this article helpful for you. Thank You
If You Appreciate What We Do Here On Hackonology, You Should Consider:
Hackonology is the fastest growing and most trusted community site where you can find lots of courses, articles about Technology/Hacking/Cracking. Millions of people visit Hackonology! to search or browse the thousands of published articles available FREELY to all.
Let's be a part of Hacker's Community! Join our Hacking Team
We Are Indian We Are Great
pip3 uninstall cmsmap -y
usage: cmsmap [-f W/J/D] [-F] [-t] [-a] [-H] [-i] [-o] [-E] [-d] [-u] [-p] [-x] [-k] [-w] [-v] [-h] [-D] [-U W/J/D]
CMSmap tool v1.0 - Simple CMS Scanner Author: Mike Manzotti Scan: target target URL (e.g. 'https://example.com:8080/') -f W/J/D, --force W/J/D force scan (W)ordpress, (J)oomla or (D)rupal -F, --fullscan full scan using large plugin lists. False positives and slow! -t , --threads number of threads (Default 5) -a , --agent set custom user-agent -H , --header add custom header (e.g. 'Authorization: Basic ABCD...') -i , --input scan multiple targets listed in a given file -o , --output save output in a file -E, --noedb enumerate plugins without searching exploits -c, --nocleanurls disable clean urls for Drupal only -s, --nosslcheck don't validate the server's certificate -d, --dictattack run low intense dictionary attack during scanning (5 attempts per user)
-u , --usr username or username file -p , --psw password or password file -x, --noxmlrpc brute forcing WordPress without XML-RPC
-k , --crack password hashes file (Require hashcat installed. For WordPress and Joomla only) -w , --wordlist wordlist file
-v, --verbose verbose mode (Default false) -h, --help show this help message and exit -D, --default rum CMSmap with default options -U, --update use (C)MSmap, (P)lugins or (PC) for both
cmsmap.py https://example.com cmsmap.py https://example.com -f W -F --noedb -d cmsmap.py https://example.com -i targets.txt -o output.txt cmsmap.py https://example.com -u admin -p passwords.txt cmsmap.py -k hashes.txt -w passwords.txt