• Breaking News

    CMS - CMS Detection & Exploitation Suite

    What is a CMS?

    A content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc.

    Functions Of CMSeek:

    • Basic CMS Detection of over 170 CMS
    • Drupal version detection
    • Advanced Wordpress Scans
      • Detects Version
      • User Enumeration
      • Plugins Enumeration
      • Theme Enumeration
      • Detects Users (3 Detection Methods)
      • Looks for Version Vulnerabilities and much more!
    • Advanced Joomla Scans
      • Version detection
      • Backup files finder
      • Admin page finder
      • Core vulnerability detection
      • Directory listing check
      • Config leak detection
      • Various other checks
    • Modular bruteforce system
      • Use pre made bruteforce modules or create your own and integrate with it

    Requirements and Compatibility:

    CMSeeK is built using python3, you will need python3 to run this tool and is compitable with unix based systems as of now. Windows support will be added later. CMSeeK relies on git for auto-update so make sure git is installed.

    Installation and Usage:

    It is fairly easy to use CMSeeK, just make sure you have python3 and git (just for cloning the repo) installed and use the following commands:
    • git clone https://github.com/Tuhinshubhra/CMSeeK
    • cd CMSeeK
    • pip/pip3 install -r requirements.txt
    For guided scanning:
    • python3 cmseek.py
    • python3 cmseek.py -u <target_url> [...]
    Checking For Update:
    You can check for update either from the main menu or use python3 cmseek.py --update to check for update and apply auto update.

    P.S: Please make sure you have git installed, CMSeeK uses git to apply auto update.

    Detection Methods:
    CMSeek detects CMS via the following:

    HTTP Headers
    Generator meta tag
    Page source code

    Bruteforce Modules:

    CMSeek has a modular bruteforce system meaning you can add your custom made bruteforce modules to work with cmseek. A proper documentation for creating modules will be created shortly but in case you already figured out how to (pretty easy once you analyze the pre-made modules) all you need to do is this:
    1. Add a comment exactly like this # <Name Of The CMS> Bruteforce module. This will help CMSeeK to know the name of the CMS using regex
    2. Add another comment ### cmseekbruteforcemodule, this will help CMSeeK to know it is a module
    3. Copy and paste the module in the brutecms directory under CMSeeK's directory
    4. Open CMSeeK and Rebuild Cache using R as the input in the first menu.
    5. If everything is done right you'll see something like this (refer to screenshot below) and your module will be listed in bruteforce menu the next time you open CMSeeK.
    Cache Rebuild Screenshot

    Need More Reasons To Use CMSeeK?

    If not anything you can always enjoy exiting CMSeeK (please don't), it will bid you goodbye in a random goodbye message in various languages.


    No comments

    Post Bottom Ad