CMSeeK v1.0.7 – CMS Detection And Exploitation Suite (Scan WordPress, Joomla, Drupal And 50 Other CMSs)

What is a CMS?

A content material subject material regulate ^(http://www.kitploit.com/search/label/Management) device (CMS) manages the appearance and modification of digital content material subject material. It maximum incessantly is helping a few consumers in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal and so forth.

Changelog File ^(https://github.com/Tuhinshubhra/CMSeeK/blob/master/CHANGELOG)

Functions Of CMSeek:

  • Elementary CMS Detection of over 30 CMS
  • Drupal version detection
  • Difficult WordPress Scans
    • Detects Type
    • Client Enumeration
    • Plugins Enumeration
    • Theme Enumeration
    • Detects Consumers (3 Detection Methods)
    • Seems to be like for Type Vulnerabilities and much more!
  • Difficult Joomla Scans
    • Type detection
    • Backup files finder
    • Admin internet web page finder
    • Core vulnerability ^(http://www.kitploit.com/search/label/Vulnerability) detection
    • List tick list check
    • Config leak detection
    • Quite a lot of other checks
  • Modular bruteforce device
    • Use pre made bruteforce modules or create your individual and mix with it

Must haves and Compatibility:
CMSeeK is built using python3, you’ll need python3 to run this instrument and is compitable with unix based totally strategies as of now. House home windows enhance shall be added later. CMSeeK relies on git for auto-update so make certain that git is installed.

Arrange and Usage:
It is slightly easy to use CMSeeK, merely you’ll want to have python3 and git (just for cloning the repo) installed and use the following directions:

  • git clone https://github.com/Tuhinshubhra/CMSeeK
  • cd CMSeeK

For guided scanning:

  • python3 cmseek.py

Else:

  • python3 cmseek.py -u […]

Have the same opinion menu from the program:

USAGE:
python3 cmseek.py (for a guided scanning) OR
python3 cmseek.py [OPTIONS]

SPECIFING TARGET:
-u URL, --url URL Purpose Url
-l LIST, -list LIST path of the report containing report of internet websites
for multi-site scan (comma separated)

USER AGENT:
-r, --random-agent Use a random client agent
--user-agent USER_AGENT Specify custom designed client agent

OUTPUT:
-v, --verbose Increase output verbosity

VERSION & UPDATING:
--update Exchange CMSeeK (Requires git)
--version Show CMSeeK version and pass out

HELP & MISCELLANEOUS:
-h, --help Show this lend a hand message and pass out
--clear-result Delete all the scan result

EXAMPLE USAGE:
python3 cmseek.py -u example.com # Scan example.com
python3 cmseek.py -l /space/client/objective.txt # Scan the internet sites specified by objective.txt (comma separated)
python3 cmseek.py -u example.com --user-agent Mozilla 5.0 # Scan example.com using custom designed user-Agent Mozilla is 5.0 used proper right here
python3 cmseek.py -u example.com --random-agent # Scan example.com using a random user-Agent
python3 cmseek.py -v -u example.com # enabling verbose output while scanning example.com

Checking For Exchange:
You are able to check for change each from the main menu or use python3 cmseek.py --update to check for change and apply auto change.
P.S: Please you’ll want to have git installed, CMSeeK uses git to make use of auto change.

Detection Methods:
CMSeek detects CMS by means of the following:

  • HTTP Headers
  • Generator meta tag
  • Internet web page provide code
  • robots.txt

Supported CMSs:
CMSeeK at the present time can hit upon 40 CMSs, you can to seek out the report on cmss.py ^(https://github.com/Tuhinshubhra/CMSeeK/blob/master/cmseekdb/cmss.py) report which is supply inside the cmseekdb checklist. The entire cmss are stored inside the following manner:

 cmsID = 
'identify':'Establish Of CMS',
'url':'Official URL of the CMS',
'vd':'Type Detection (0 for no, 1 evidently)',
'deeps':'Deep Scan (0 for no 1 evidently)'

Scan Consequence:
All your scan results are stored in a json report named cms.json, you can to seek out the logs all through the Consequence checklist, and as of the bruteforce results they’re stored in a txt report beneath the site’s result checklist as well.
That is an example of the json record log:

Bruteforce Modules:
CMSeek has a modular bruteforce device which means that you can add your custom designed made bruteforce modules to artwork with cmseek. A right kind documentation for rising modules shall be created shortly on the other hand when you occur to already found out find out how to (pretty easy each time you analyze the pre-made modules) all you want to do is this:

  1. Add a commentary exactly like this # Bruteforce ^(http://www.kitploit.com/search/label/Bruteforce) module. This will now and again lend a hand CMSeeK to know the identify of the CMS using regex
  2. Add any other commentary ### cmseekbruteforcemodule, this may increasingly most probably lend a hand CMSeeK to know it is a module
  3. Copy and paste the module inside the brutecms checklist beneath CMSeeK’s checklist
  4. Open CMSeeK and Rebuild Cache using U for the reason that input inside the first menu.
  5. If the whole thing is finished correct you’ll see one factor like this (seek advice from screenshot beneath) and your module shall be listed in bruteforce menu the next time you open CMSeeK.

Need Additional Reasons To Use CMSeeK?
If not anything you can at all times revel in exiting CMSeeK (please don’t), it will bid you goodbye in a random goodbye message in relatively numerous languages.
Moreover you can check out finding out comments inside the code those are pretty random and ordinary!!!

Screenshots:

^(https://camo.githubusercontent.com/ca4d179a21e284542deebd4624120a0c0f11a96f/68747470733a2f2f692e696d6775722e636f6d2f4b645253597a502e706e67)
Download CMSeeK ^(https://github.com/Tuhinshubhra/CMSeeK)