CMSMap

The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool.

At the moment, CMSs supported by CMSmap are WordPress, Joomla, Drupal and Moodle.

Usage: cmsmap [options]

Options

Scan:

target-f W/J/D, –force W/J/D	target URL (e.g.’https://example.com:8080/’)force scan (W)ordpress (J)oomla or (D)rupal
-F  –fullscan	full scan using large plugin lists. False positives and slow!
-t   –threads	number of threads (Default 5)
-a  –agent	set custom user-agent
-H  –header	add custom header (e.g. ‘Authorization: Basic ABCD…’)
-i   –input	scan multiple targets listed in a given file
-o  –output	save output in a file
-E  –noedb	enumerate plugins without searching exploits
-c  –nocleanurls	disable clean urls for Drupal only
-s  –nosslcheck	don’t validate the server’s certificate
-d  –dictattack	run low intense dictionary attack during scanning(5attemptsperuser)

Brute-Force:

-u     –usr	username or username file
-p     –psw	password or password file
-x     –noxmlrpc	brute forcing WordPress without XML-RPC

Post Exploitation:

-k      –crack	password hashes file (Require hashcat installed. For WordPress   and Joomla only)
-w     –wordlist	wordlist file

Others:

-v   –verbose	verbose mode (Default false)
-h   –help	show this help message and exit
-D   –default	rum CMSmap with default options
-U   –update	use (C)MSmap, (P)lugins or (PC) for both

Examples:

Run cmsmap with verbose enabled:

  cmsmap.py -v https://example.com

Run full scan on Joomla target

  cmsmap.py https://example.com -f J -F

Run cmsmap on targets listed in targets.txt file and save the results in output.txt file

  cmsmap.py https://example.com -i targets.txt -o output.txt

Run cmsmap on target with username as admin and use passwords as listed in passwords.txt file

  cmsmap.py https://example.com -u admin -p passwords.txt

Run cmsmap for cracking passwords using hashes and passwords listed in hashes.txt and passwords.txt files

  cmsmap.py -k hashes.txt -w passwords.txt