CMSmap
======
CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate common vulnerabilities
for different types of CMSs in a single tool.
At the moment, CMSs supported by CMSmap are WordPress, Joomla and Drupal.
Please note that this project is an early state. As such, you might find bugs, flaws or mulfunctions.
Use it at your own risk!
Installation
=====
You can download the latest version of CMSmap by cloning the GitHub repository:
git clone https://github.com/Dionach/CMSmap.git
Usage
=====
CMSmap tool v0.6 - Simple CMS Scanner
Author: Mike Manzotti mike.manzotti@dionach.com
Usage: cmsmap.py -t <URL>
Targets:
-t, --target target URL (e.g. 'https://example.com:8080/')
-f, --force force scan (W)ordpress, (J)oomla or (D)rupal
-F, --fullscan full scan using large plugin lists. False positives and slow!
-a, --agent set custom user-agent
-T, --threads number of threads (Default: 5)
-i, --input scan multiple targets listed in a given text file
-o, --output save output in a file
--noedb enumerate plugins without searching exploits
Brute-Force:
-u, --usr username or file
-p, --psw password or file
--noxmlrpc brute forcing WordPress without XML-RPC
Post Exploitation:
-k, --crack password hashes file (Require hashcat installed. For WordPress and Joomla only)
-w, --wordlist wordlist file
Others:
-v, --verbose verbose mode (Default: false)
-U, --update (C)MSmap, (W)ordpress plugins and themes, (J)oomla components, (D)rupal modules, (A)ll
-h, --help show this help
Examples:
cmsmap.py -t https://example.com
cmsmap.py -t https://example.com -f W -F --noedb
cmsmap.py -t https://example.com -i targets.txt -o output.txt
cmsmap.py -t https://example.com -u admin -p passwords.txt
cmsmap.py -k hashes.txt -w passwords.txt
Notes
=====
30/03/2015: Created a new repo to remove big wordlist. Users who have originally cloned the previous repo are invited to clone the new one.
Disclaimer
=====
Usage of CMSmap for attacking targets without prior mutual consent is illegal.
It is the end user's responsibility to obey all applicable local, state and federal laws.
Developers assume NO liability and are NOT responsible for any misuse or damage caused by this program.
没有合适的资源?快使用搜索试试~ 我知道了~
CMSmap-master.zip
共23个文件
txt:15个
py:4个
zip:3个
需积分: 22 2 下载量 47 浏览量
2017-10-24
09:48:37
上传
评论 1
收藏 432KB ZIP 举报
温馨提示
1.其可以检测目标网站的cms基本类型,CMSmap默认自带一个WordPress,Joomla和Drupal插件列表,所以其也可以检测目标网站的插件种类; 2.Cmsmap是一个多线程的扫描工具,默认线程数为5; 3.工具使用比较简单,命令行的默认的强制选项为target URL; 4.工具还集成了暴力破解模块; 5.CMSmap的核心是检测插件漏洞,其主要是通过查询数据库漏洞网站(www.exploit-db.com)提供了潜在的漏洞列表。
资源推荐
资源详情
资源评论
收起资源包目录
CMSmap-master.zip (23个子文件)
CMSmap-master
shell
joo-shell.zip 3KB
dru-shell.zip 1KB
wp-shell.zip 611B
data
dru_plugins_small.txt 3KB
wp_plugins.txt 953KB
joo_plugins_small.txt 9KB
joo_plugins.txt 9KB
joo_versions.txt 641B
dru_versions.txt 592B
dru_plugins.txt 145KB
wp_versions.txt 535B
wp_themes_small.txt 426B
wp_plugins_small.txt 4KB
wp_timthumbs.txt 117KB
wp_themes.txt 92KB
common_files.txt 3KB
cmsmap.py 97KB
thirdparty
multipart
__init__.py 0B
multipartpost.py 3KB
__init__.py 0B
README.md 2KB
LICENSE.txt 662B
DISCLAIMER.txt 274B
共 23 条
- 1
资源评论
夜不洛
- 粉丝: 24
- 资源: 86
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功