CMSmap – CMS Security Scanner

CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of this tool is to integrate common vulnerabilities for different types of CMSs in a single tool. at the moment there is support for WordPress, Joomla, Drupal and Moodle.

CMSmap - CMS Security Scanner
CMSmap – CMS Security Scanner

The tool will provide to run the scan with the following options:

  • Full scan using large plugin lists. False positives and slow
  • Number of threads (Default 5) for faster scan user may increase the number.
  • Set custom user-agent
  • Add custom header (e.g. ‘Authorization: Basic ABCD…’)
  • scan multiple targets listed in a given file
  • save output in a file
  • enumerate plugins without searching exploits
  • skip server’s certificate validation
  • run low intense dictionary attack during scanning (5 attempts per user)

There are also other modules to bruteforce user account and run a post-exploitation attack.

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments