Categories: Kali Linux

CMSeeK – CMS Detection And Exploitation Suite

CMSeeK is a CMS detection and exploitation suite where you can Scan WordPress, Joomla, Drupal and 100 other CMSs. CMS or content management system manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment.

Use Of CMSeek

Basic CMS Detection of over 80 CMS
Drupal version detection
Advanced WordPress Scans
1. Detects Version
2. User Enumeration
3. Plugins Enumeration
4. Theme Enumeration
5. Detects Users (3 Detection Methods)
6. Looks for Version Vulnerabilities and much more!
Advanced Joomla Scans
1. Version detection
2. Backup files finder
3. Admin page finder
4. Core vulnerability detection
5. Directory listing check
6. Config leak detection
7. Various other checks
Modular bruteforce system
1. Use pre made bruteforce modules or create your own and integrate with it

Also Read GitMiner – Tool For Advanced Mining For Content On Github

Requirements & Compatibility

Python3
Unix based systems
git

Installation

It is fairly easy to use CMSeeK, just make sure you have python3 and git (just for cloning the repo) installed and use the following commands:

git clone https://github.com/Tuhinshubhra/CMSeeK
cd CMSeeK

For guided scanning:

python3 cmseek.py

Else:

python3 cmseek.py -u <target_url> [...]

Usage

Help menu from the program:

USAGE:
       python3 cmseek.py (for a guided scanning) OR
       python3 cmseek.py [OPTIONS] <Target Specification>

SPECIFING TARGET:
      -u URL, --url URL            Target Url
      -l LIST, -list LIST          path of the file containing list of sites
                                   for multi-site scan (comma separated)

USER AGENT:
      -r, --random-agent           Use a random user agent
      --user-agent USER_AGENT      Specify custom user agent

OUTPUT:
      -v, --verbose                Increase output verbosity

VERSION & UPDATING:
      --update                     Update CMSeeK (Requires git)
      --version                    Show CMSeeK version and exit

HELP & MISCELLANEOUS:
      -h, --help                   Show this help message and exit
      --clear-result               Delete all the scan result

EXAMPLE USAGE:
      python3 cmseek.py -u example.com                           # Scan example.com
      python3 cmseek.py -l /home/user/target.txt                 # Scan the sites specified in target.txt (comma separated)
      python3 cmseek.py -u example.com --user-agent Mozilla 5.0  # Scan example.com using custom user-Agent Mozilla is 5.0 used here
      python3 cmseek.py -u example.com --random-agent            # Scan example.com using a random user-Agent
      python3 cmseek.py -v -u example.com                        # enabling verbose output while scanning example.com

Detection

CMSeek detects CMS via the following:

HTTP Headers
Generator meta tag
Page source code
robots.txt

Screenshots:

Main Menu

Scan Result

Disclaimer:

Usage of CMSeeK for testing or exploiting websites without prior mutual consistency can be considered as an illegal activity. It is the final user’s responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program.

Credit :@r3dhax0r, Virtually Unvoid Defensive (VUD)

R K