Cmseek V1.1.1 - Cms Detection In Addition To Exploitation Suite (Scan Wordpress, Joomla, Drupal In Addition To 150 Other Cmss)
H5N1 content management organization (CMS) manages the creation too modification of digital content. It typically supports multiple users inward a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc.
Release History
- Version 1.1.1 [01-02-2019] - Version 1.1.0 [28-08-2018] - Version 1.0.9 [21-08-2018] - Version 1.0.8 [14-08-2018] - Version 1.0.7 [07-08-2018] ...Functions Of CMSeek:
- Basic CMS Detection of over 155 CMS
- Drupal version detection
- Advanced Wordpress Scans
- Detects Version
- User Enumeration
- Plugins Enumeration
- Theme Enumeration
- Detects Users (3 Detection Methods)
- Looks for Version Vulnerabilities too much more!
- Advanced Joomla Scans
- Version detection
- Backup files finder
- Admin page finder
- Core vulnerability detection
- Directory listing check
- Config leak detection
- Various other checks
- Modular bruteforce system
- Use pre made bruteforce modules or exercise your ain too integrate amongst it
Requirements too Compatibility:
CMSeeK is built using python3, you lot volition ask python3 to run this tool too is compitable amongst unix based systems equally of now. Windows back upwardly volition last added later. CMSeeK relies on git for auto-update too then brand certain git is installed.
Installation too Usage:
It is fairly slowly to role CMSeeK, simply brand certain you lot convey python3 too git (just for cloning the repo) installed too role the next commands:
- git clone
https://github.com/Tuhinshubhra/CMSeeK - cd CMSeeK
- pip/pip3 install -r requirements.txt
- python3 cmseek.py
- python3 cmseek.py -u
[...]
USAGE: python3 cmseek.py (for a guided scanning) OR python3 cmseek.py [OPTIONS] SPECIFING TARGET: -u URL, --url URL Target Url -l LIST, -list LIST path of the file containing listing of sites for multi-site scan (comma separated) RE-DIRECT: --follow-redirect Follows all/any redirect(s) --no-redirect Skips all redirects too tests the input target(s) USER AGENT: -r, --random-agent Use a random user agent --googlebot Use Google bot user agent --user-agent USER_AGENT Specify a custom user agent OUTPUT: -v, --verbose Increase output verbosity VERSION & UPDATING: --update Update CMSeeK (Requires git) --version Show CMSeeK version too leave of absence HELP & MISCELLANEOUS: -h, --help Show this assistance message too leave of absence --clear-result Delete all the scan effect EXAMPLE USAGE: python3 cmseek.py -u example.com # Scan example.com python3 cmseek.py -l /home/user/target.txt # Scan the sites specified inward target.txt (comma separated) python3 cmseek.py -u example.com --user-agent Mozilla 5.0 # Scan example.com using custom user-Agent Mozilla is 5.0 used hither python3 cmseek.py -u example.com --random-agent # Scan example.com using a random user-Agent python3 cmseek.py -v -u example.com # enabling verbose output piece scanning example.com Checking For Update:
You tin forcefulness out banking corporation lucifer for update either from the brain carte or role
python3 cmseek.py --update to banking corporation lucifer for update too apply motorcar update.P.S: Please brand certain you lot convey
git installed, CMSeeK uses git to apply motorcar update.Detection Methods:
CMSeek detects CMS via the following:
- HTTP Headers
- Generator meta tag
- Page source code
- robots.txt
Supported CMSs:
CMSeeK currently tin forcefulness out notice 157 CMS. Check the listing here: cmss.py file which is acquaint inward the
cmseekdb directory. All the cmss are stored inward the next way: cmsID = { 'name':'Name Of CMS', 'url':'Official URL of the CMS', 'vd':'Version Detection (0 for no, 1 for yes)', 'deeps':'Deep Scan (0 for no 1 for yes)' }Scan Result:
All of your scan results are stored inward a json file named
cms.json, you lot tin forcefulness out divulge the logs within the Result\ directory, too equally of the bruteforce results they're stored inward a txt file nether the site's effect directory equally well.Here is an illustration of the json written report log:
Bruteforce Modules:
CMSeek has a modular bruteforce organization pregnant you lot tin forcefulness out add together your custom made bruteforce modules to move amongst cmseek. H5N1 proper documentation for creating modules volition last created before long but inward instance you lot already figured out how to (pretty slowly ane time you lot analyze the pre-made modules) all you lot ask to exercise is this:
- Add a comment just similar this
#. This volition assistance CMSeeK to know the refer of the CMS using regexBruteforce module
- Add simply about other comment
### cmseekbruteforcemodule, this volition assistance CMSeeK to know it is a module
- Copy too glue the module inward the
brutecmsdirectory nether CMSeeK's directory
- Open CMSeeK too Rebuild Cache using
Uequally the input inward the commencement menu.
- If everything is done correct you'll come across something similar this (refer to screenshot below) too your module volition last listed inward bruteforce carte the side past times side fourth dimension you lot opened upwardly CMSeeK.
If non anything you lot tin forcefulness out ever relish exiting CMSeeK (please don't), it volition bid you lot goodbye inward a random goodbye message inward diverse languages.
Also you lot tin forcefulness out endeavor reading comments inward the code those are pretty random too weird!!!
Screenshots:
WordPress Scan Result
Guidelines for opening an issue:
Please brand certain you lot convey the next information attached when opening a novel issue:
- Target
- Exact re-create of mistake or screenshot of error
- Your operating organization too python version
Follow @r3dhax0r:
Team:
Team : Virtually Unvoid Defensive (VUD)
