CMSmap - Open Source CMS Scanner

CMSmap is an open source Python-based CMS scanner that automates the process of detecting security flaws of the most popular CMSs.

It supports WordPress, Joomla, and Drupal.

Installation

You can download the latest version of CMSmap by cloning the GitHub repository:

  git clone http://ift.tt/1DwiC05  

Usage:

  CMSmap tool v0.6 - Simple CMS Scanner
Author: Mike Manzotti mike.manzotti@dionach.com
Usage: cmsmap.py -t 
Targets:
       -t, --target    target URL (e.g. 'http://ift.tt/1hNQUnF')
   -f, --force     force scan (W)ordpress, (J)oomla or (D)rupal
        -F, --fullscan  full scan using large plugin lists. False positives and slow!
       -a, --agent     set custom user-agent
       -T, --threads   number of threads (Default: 5)
      -i, --input     scan multiple targets listed in a given text file
   -o, --output    save output in a file
       --noedb         enumerate plugins without searching exploits

Brute-Force:
    -u, --usr       username or file
    -p, --psw       password or file
    --noxmlrpc      brute forcing WordPress without XML-RPC

Post Exploitation:
   -k, --crack     password hashes file (Require hashcat installed. 
                         For WordPress and Joomla only)
        -w, --wordlist  wordlist file

Others:
        -v, --verbose   verbose mode (Default: false)
       -U, --update    (C)MSmap, (W)ordpress plugins and themes, (J)oomla components, 
                         (D)rupal modules, (A)ll
         -h, --help      show this help

Examples:
     cmsmap.py -t https://example.com
    cmsmap.py -t https://example.com -f W -F --noedb
    cmsmap.py -t https://example.com -i targets.txt -o output.txt
       cmsmap.py -t https://example.com -u admin -p passwords.txt
  cmsmap.py -k hashes.txt -w passwords.txt  

Download CMSmap

You might also like:

• Wireless Network Watcher - Free Wireless Network Tool
• Angry IP Scanner - A Fast Network Scanning Tool
• Aircrack-ng - WiFi Network Security Suite (Monitoring, Attacking, Testing, and Cracking)
• OpenStego - A Free Tool For Data Hiding and Digital Watermarking
• Wfuzz - Web Application Password Cracking Tool
• WebSploit Framework - Tool For Vulnerability Assessment & Exploitation
• Social-Engineer Toolkit - A Must Have Tool For Penetration Testers
• The Sleuth Kit - Digital Forensic Tool
• Autopsy - Digital Forensic Tool
• Zed Attack Proxy - Web Application Penetration Testing Tool
• Nmap - Network Security Audit Tool
• Noriben - Python Based Malware Analysis Sandbox
• D-TECT - Command-line Based Web Application Penetration Testing Tool
• BruteXSS - Cross-Site Scripting BruteForcer
• BruteForcer - Client-Server Multithreaded Tool To Crack RAR File Passwords
• Cain & Abel - Tool For Hackers
• JPassword Recovery - Free Tool To Crack Password Protected Archives (zip, rar, 7z)

from Effect Hacking full article here