CMS stands for Content Management System. Using CMS people can create digital content, it doesn't require any coding or programming knowledge.
This is really insane that people can create their own website using some plugins and drag and drop their contents. Some examples of CMS are : WordPress, Drupal, Joomla, Wix etc.
But as we know peoples are ignorant, they don't update the plugins and CMS versions regularly,for this reason their are some unpatched vulnerabilities. If the attacker knows that witch version of CMS and which plugins are used, and the version of plugins then they can be try to exploit the vulnerabilities related to the CMS version or plugins. In this case CMSeeK will help us.
In this tutorial we will learn how to use CMSeeK. CMSeeK is a CMS detection and exploitation tool, which is written in python3.
CMSeeK allows us to run both and simple CMS scan and deep scans, we can also perform multiple site scans. We can run CMSeeK on our Kali Linux (or any Unix based system) and macOS, very soon it will available for windows.
CMSeeK have tons of features:-
This is really insane that people can create their own website using some plugins and drag and drop their contents. Some examples of CMS are : WordPress, Drupal, Joomla, Wix etc.
But as we know peoples are ignorant, they don't update the plugins and CMS versions regularly,for this reason their are some unpatched vulnerabilities. If the attacker knows that witch version of CMS and which plugins are used, and the version of plugins then they can be try to exploit the vulnerabilities related to the CMS version or plugins. In this case CMSeeK will help us.
In this tutorial we will learn how to use CMSeeK. CMSeeK is a CMS detection and exploitation tool, which is written in python3.
CMSeeK allows us to run both and simple CMS scan and deep scans, we can also perform multiple site scans. We can run CMSeeK on our Kali Linux (or any Unix based system) and macOS, very soon it will available for windows.
CMSeeK have tons of features:-
- Basic CMS detection of over 170 CMS.
- Drupal version detection.
- Advanced WordPress scan.
- Detects Version.
- User Enumeration.
- Plugins Enumeration.
- Theme Enumeration.
- Detects users (3 Detection methods).
- Looks for version Vulnerabilities and much more.
- Advanced Joomla Scan
- Version Detection.
- Backup files finder.
- Admin page finder.
- Core vulnerability detection.
- Directory listing Check.
- Config leak detection.
- Various other checks.
- Modular brute-force system
- Use pre-made brute-force modules or create our own and integrate with it.
We need Python version 3 in our Kali Linux to run this tool. So how to install CMSeeK ? We just need to clone it from it's GitHub repository. To do that we will use following command :
The screenshot is following:
Now we go to the CMSeeK folder by using cd command:
Then we install all our requirements to run CMSeeK tool, by using following command:
The screenshot is following:
This process can take some time depends on our internet speed.
After installing this tool we can run CMSeek by applying following command:
The screenshot of the command is following:
Here we got some options in the main menu of CMSeeK. We choose 1 to perform a CMS detection and deep scan. The screenshot is following:
Here we need to choose a target to scan. We choose a friend's old CMS website with permission. So we typed the URL of the website and press Enter. The screenshot is following:
If CMSeeK prompt for user agent, we choose random user agent by pressing Enter.
We can see that CMSeeK is scanning the target website for the version of CMS and the plugins. It also scan for vulnerabilities and check for admin users. When the scans complete CMSeek will show us the result as following:
Here we got some vulnerability and we can know about the vulnerability by opening given links.
So, we always need to update regularly our CMS version and plugins to stay safe. With the help of Bruteforce CMSs menu attacker can attack our CMS site, if we have weak password then it have a chance to be cracked.
This is how we can scan vulnerabilities on our CMS or any others. For any queries or any suggestion, leave a comment in the comment section.