Cmseek V1.1.1 - Cms Detection In Addition To Exploitation Suite (Scan Wordpress, Joomla, Drupal In Addition To 150 Other Cmss)


What is a CMS?
H5N1 content management organization (CMS) manages the creation too modification of digital content. It typically supports multiple users inward a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc.

Release History
- Version 1.1.1 [01-02-2019] - Version 1.1.0 [28-08-2018] - Version 1.0.9 [21-08-2018] - Version 1.0.8 [14-08-2018] - Version 1.0.7 [07-08-2018] ...
Changelog File

Functions Of CMSeek:
  • Basic CMS Detection of over 155 CMS
  • Drupal version detection
  • Advanced Wordpress Scans
    • Detects Version
    • User Enumeration
    • Plugins Enumeration
    • Theme Enumeration
    • Detects Users (3 Detection Methods)
    • Looks for Version Vulnerabilities too much more!
  • Advanced Joomla Scans
    • Version detection
    • Backup files finder
    • Admin page finder
    • Core vulnerability detection
    • Directory listing check
    • Config leak detection
    • Various other checks
  • Modular bruteforce system
    • Use pre made bruteforce modules or exercise your ain too integrate amongst it

Requirements too Compatibility:
CMSeeK is built using python3, you lot volition ask python3 to run this tool too is compitable amongst unix based systems equally of now. Windows back upwardly volition last added later. CMSeeK relies on git for auto-update too then brand certain git is installed.

Installation too Usage:
It is fairly slowly to role CMSeeK, simply brand certain you lot convey python3 too git (just for cloning the repo) installed too role the next commands:
  • git clone https://github.com/Tuhinshubhra/CMSeeK
  • cd CMSeeK
  • pip/pip3 install -r requirements.txt
For guided scanning:
  • python3 cmseek.py
Else:
  • python3 cmseek.py -u [...]
Help carte from the program:
USAGE:        python3 cmseek.py (for a guided scanning) OR        python3 cmseek.py [OPTIONS]   SPECIFING TARGET:       -u URL, --url URL            Target Url       -l LIST, -list LIST          path of the file containing listing of sites                                    for multi-site scan (comma separated) RE-DIRECT:       --follow-redirect            Follows all/any redirect(s)       --no-redirect                Skips all redirects too tests the input target(s)  USER AGENT:       -r, --random-agent           Use a random user agent       --googlebot                  Use Google bot user agent       --user-agent USER_AGENT      Specify a custom user agent  OUTPUT:       -v, --verbose                Increase output verbosity  VERSION & UPDATING:       --update                     Update CMSeeK (Requires git)       --version                    Show CMSeeK version too leave of absence  HELP & MISCELLANEOUS:       -h, --help                   Show this assistance message too leave of absence       --clear-result               Delete all the scan effect  EXAMPLE USAGE:       python3 cmseek.py -u example.com                           # Scan example.com       python3 cmseek.py -l /home/user/target.txt                 # Scan the sites specified inward target.txt (comma separated)       python3 cmseek.py -u example.com --user-agent Mozilla 5.0  # Scan example.com using custom user-Agent Mozilla is 5.0 used hither       python3 cmseek.py -u example.com --random-agent            # Scan example.com using a random user-Agent       python3 cmseek.py -v -u example.com                        # enabling verbose output piece scanning example.com 

Checking For Update:
You tin forcefulness out banking corporation lucifer for update either from the brain carte or role python3 cmseek.py --update to banking corporation lucifer for update too apply motorcar update.
P.S: Please brand certain you lot convey git installed, CMSeeK uses git to apply motorcar update.

Detection Methods:
CMSeek detects CMS via the following:
  • HTTP Headers
  • Generator meta tag
  • Page source code
  • robots.txt

Supported CMSs:
CMSeeK currently tin forcefulness out notice 157 CMS. Check the listing here: cmss.py file which is acquaint inward the cmseekdb directory. All the cmss are stored inward the next way:
 cmsID = {    'name':'Name Of CMS',    'url':'Official URL of the CMS',    'vd':'Version Detection (0 for no, 1 for yes)',    'deeps':'Deep Scan (0 for no 1 for yes)'  }

Scan Result:
All of your scan results are stored inward a json file named cms.json, you lot tin forcefulness out divulge the logs within the Result\ directory, too equally of the bruteforce results they're stored inward a txt file nether the site's effect directory equally well.
Here is an illustration of the json written report log:


Bruteforce Modules:
CMSeek has a modular bruteforce organization pregnant you lot tin forcefulness out add together your custom made bruteforce modules to move amongst cmseek. H5N1 proper documentation for creating modules volition last created before long but inward instance you lot already figured out how to (pretty slowly ane time you lot analyze the pre-made modules) all you lot ask to exercise is this:
  1. Add a comment just similar this # Bruteforce module. This volition assistance CMSeeK to know the refer of the CMS using regex
  2. Add simply about other comment ### cmseekbruteforcemodule, this volition assistance CMSeeK to know it is a module
  3. Copy too glue the module inward the brutecms directory nether CMSeeK's directory
  4. Open CMSeeK too Rebuild Cache using U equally the input inward the commencement menu.
  5. If everything is done correct you'll come across something similar this (refer to screenshot below) too your module volition last listed inward bruteforce carte the side past times side fourth dimension you lot opened upwardly CMSeeK.


Need More Reasons To Use CMSeeK?
If non anything you lot tin forcefulness out ever relish exiting CMSeeK (please don't), it volition bid you lot goodbye inward a random goodbye message inward diverse languages.
Also you lot tin forcefulness out endeavor reading comments inward the code those are pretty random too weird!!!

Screenshots:

Main Menu


Scan Result

WordPress Scan Result

Guidelines for opening an issue:
Please brand certain you lot convey the next information attached when opening a novel issue:
  • Target
  • Exact re-create of mistake or screenshot of error
  • Your operating organization too python version
Issues without these informations mightiness non last answered!

Follow @r3dhax0r:
Twitter

Team:
Team : Virtually Unvoid Defensive (VUD)