Skip to content

CMSMap

https://github.com/Dionach/CMSmap

CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.

The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool.

At the moment, CMSs supported by CMSmap are WordPress, Joomla, Drupal and Moodle.

Usage: cmsmap [options]

Options

Scan:

target-f W/J/D, –force W/J/D               target URL (e.g.’https://example.com:8080/’)force scan (W)ordpress (J)oomla or (D)rupal
  -F  –fullscanfull scan using large plugin lists. False positives and slow!
  -t   –threads        number of threads (Default 5)
  -a  –agentset custom user-agent
  -H  –header       add custom header (e.g. ‘Authorization: Basic ABCD…’)
  -i   –input            scan multiple targets listed in a given file
  -o  –output         save output in a file
  -E  –noedb          enumerate plugins without searching exploits
  -c  –nocleanurls  disable clean urls for Drupal only
  -s  –nosslcheck   don’t validate the server’s certificate
  -d  –dictattack     run low intense dictionary attack during scanning(5attemptsperuser) 


Brute-Force:

  -u     –usrusername or username file
  -p     –pswpassword or password file
  -x     –noxmlrpcbrute forcing WordPress without XML-RPC


Post Exploitation:

  -k      –crackpassword hashes file (Require hashcat installed. For WordPress   and Joomla only)
  -w     –wordlistwordlist file


Others:

  -v   –verboseverbose mode (Default false)
  -h   –helpshow this help message and exit
  -D   –defaultrum CMSmap with default options
  -U   –updateuse (C)MSmap, (P)lugins or (PC) for both

Examples:

Run cmsmap with verbose enabled:

  cmsmap.py -v https://example.com

Run full scan on Joomla target

  cmsmap.py https://example.com -f J -F

Run cmsmap on targets listed in targets.txt file and save the results in output.txt file

  cmsmap.py https://example.com -i targets.txt -o output.txt

Run cmsmap on target with username as admin and use passwords as listed in passwords.txt file

  cmsmap.py https://example.com -u admin -p passwords.txt

Run cmsmap for cracking passwords using hashes and passwords listed in hashes.txt and passwords.txt files

  cmsmap.py -k hashes.txt -w passwords.txt