CMSeeK – CMS Detection and Exploitation suite

CMSeeK is a content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc.

CMSeeK - CMS Detection and Exploitation suite
CMSeeK – CMS Detection and Exploitation suite

The tool allow security tester to have the following functions:

  • Basic CMS Detection of over 170 CMS
  • Drupal version detection
  • Advanced WordPress Scans
    • Detects Version
    • User Enumeration
    • Plugins Enumeration
    • Theme Enumeration
    • Detects Users (3 Detection Methods)
    • Looks for Version Vulnerabilities and much more!
  • Advanced Joomla Scans
    • Version detection
    • Backup files finder
    • Admin page finder
    • Core vulnerability detection
    • Directory listing check
    • Config leak detection
    • Various other checks
  • Modular bruteforce system
    • Use pre made bruteforce modules or create your own and integrate with it .

The tool detects CMS via the following:

  • HTTP Headers
  • Generator meta tag
  • Page source code
  • robots.txt

It will be possible to configure the bruteforce module once the CMS is detected and login page is identified. there are several scripts for bruteforce in the cmsbrute directory and there is a wordlist file that user may update with additional passwords according to his need.

cmsbrute include the following files “dru: Drupal”, “joom :Joomla”, “oc: OpenCart”, “wp: WordPress”, “wpxmlrpc: WordPress XML-RPC”.

You can read more and download this tool over here: https://github.com/Tuhinshubhra/CMSeeK

Share