CMSeeK v1.1.1 – CMS Detection And Exploitation Suite (Scan WordPress, Joomla, Drupal And 150 Other CMSs)

0
6
CMSeeK v1.1.1 - CMS Detection And Exploitation Suite (Scan WordPress, Joomla, Drupal And 150 Other CMSs)

What is a CMS?

A content material administration system (CMS) manages the creation and modification of digital content material. It usually helps a number of customers in a collaborative surroundings. Some noteable examples are: WordPress, Joomla, Drupal and so on.


Release History

- Version 1.1.1 [01-02-2019]
- Version 1.1.0 [28-08-2018]
- Version 1.0.9 [21-08-2018]
- Version 1.0.8 [14-08-2018]
- Version 1.0.7 [07-08-2018]
...

Changelog File

Functions Of CMSeek:

  • Basic CMS Detection of over 155 CMS
  • Drupal model detection
  • Advanced WordPress Scans
    • Detects Version
    • User Enumeration
    • Plugins Enumeration
    • Theme Enumeration
    • Detects Users (3 Detection Methods)
    • Looks for Version Vulnerabilities and rather more!
  • Advanced Joomla Scans
    • Version detection
    • Backup information finder
    • Admin web page finder
    • Core vulnerability detection
    • Directory itemizing test
    • Config leak detection
    • Various different checks
  • Modular bruteforce system
    • Use pre made bruteforce modules or create your individual and combine with it

Requirements and Compatibility:
CMSeeK is constructed utilizing python3, you will have python3 to run this software and is compitable with unix based mostly methods as of now. Windows assist will probably be added later. CMSeeK depends on git for auto-replace so be sure git is put in.

Installation and Usage:
It is pretty simple to make use of CMSeeK, simply ensure you have python3 and git (only for cloning the repo) put in and use the next instructions:

  • git clone https://github.com/Tuhinshubhra/CMSeeK
  • cd CMSeeK
  • pip/pip3 set up -r necessities.txt

For guided scanning:
Else:

  • python3 cmseek.py -u <target_url> […]

Help menu from this system:

USAGE:
       python3 cmseek.py (for a guided scanning) OR
       python3 cmseek.py [OPTIONS] <Target Specification>

SPECIFING TARGET:
      -u URL, --url URL            Target Url
      -l LIST, -list LIST          path of the file containing checklist of web sites
                                   for multi-website scan (comma separated)
RE-DIRECT:
      --follow-redirect            Follows all/any redirect(s)
      --no-redirect                Skips all redirects and checks the enter goal(s)

USER AGENT:
      -r, --random-agent           Use a random consumer agent
      --googlebot                  Use Google bot consumer agent
      --user-agent USER_AGENT      Specify a customized consumer agent

OUTPUT:
      -v, --verbose                Increase output verbosity

VERSION & UPDATING:
      --update                     Update CMSeeK (Requires git)
      --version                    Show CMSeeK model and exit

HELP & MISCELLANEOUS:
      -h, --help                   Show this assist message and exit
      --clear-consequence               Delete all of the scan consequence

EXAMPLE USAGE:
      python3 cmseek.py -u instance.com                           # Scan instance.com
      python3 cmseek.py -l /dwelling/consumer/goal.txt                 # Scan the websites laid out in goal.txt (comma separated)
      python3 cmseek.py -u instance.com --user-agent Mozilla 5.0  # Scan instance.com utilizing customized user-Agent Mozilla is 5.Zero used right here
      python3 cmseek.py -u instance.com --random-agent            # Scan instance.com utilizing a random user-Agent
      python3 cmseek.py -v -u instance.com                        # enabling verbose output whereas scanning instance.com

Checking For Update:
You can test for replace both from the primary menu or use python3 cmseek.py --update to test for replace and apply auto replace.
P.S: Please ensure you have git put in, CMSeeK makes use of git to use auto replace.

Detection Methods:
CMSeek detects CMS by way of the next:

  • HTTP Headers
  • Generator meta tag
  • Page supply code
  • robots.txt

Supported CMSs:
CMSeeK at the moment can detect 157 CMS. Check the checklist right here: cmss.py file which is current within the cmseekdb listing. All the cmss are saved within the following approach:

 cmsID = {
   'title':'Name Of CMS',
   'url':'Official URL of the CMS',
   'vd':'Version Detection (Zero for no, 1 for sure)',
   'deeps':'Deep Scan (Zero for no 1 for sure)'
 }

Scan Result:
All of your scan outcomes are saved in a json file named cms.json, you will discover the logs contained in the Result<Target Site> listing, and as of the bruteforce outcomes they’re saved in a txt file underneath the location’s consequence listing as nicely.
Here is an instance of the json report log:

Bruteforce Modules:
CMSeek has a modular bruteforce system that means you may add your customized made bruteforce modules to work with cmseek. A correct documentation for creating modules will probably be created shortly however in case you already discovered find out how to (fairly simple when you analyze the pre-made modules) all you must do is that this:

  1. Add a remark precisely like this # <Name Of The CMS> Bruteforce module. This will assist CMSeeK to know the title of the CMS utilizing regex
  2. Add one other remark ### cmseekbruteforcemodule, this can assist CMSeeK to know it’s a module
  3. Copy and paste the module within the brutecms listing underneath CMSeeK’s listing
  4. Open CMSeeK and Rebuild Cache utilizing U because the enter within the first menu.
  5. If every little thing is finished proper you may see one thing like this (confer with screenshot beneath) and your module will probably be listed in bruteforce menu the following time you open CMSeeK.

Need More Reasons To Use CMSeeK?
If not something you may all the time get pleasure from exiting CMSeeK (please do not), it can bid you goodbye in a random goodbye message in numerous languages.
Also you may strive studying feedback within the code these are fairly random and peculiar!!!

Screenshots:

Main Menu


Scan Result

WordPress Scan Result

Guidelines for opening a difficulty:
Please ensure you have the next data hooked up when opening a brand new subject:

  • Target
  • Exact copy of error or screenshot of error
  • Your working system and python model

Issues with out these informations may not be answered!

Follow @r3dhax0r:
Twitter

Team:
Team : Virtually Unvoid Defensive (VUD)

MoreTip.com MoreTip.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.