CMSeeK -- Detect CMS and Exploitation Suit

CMS stands for Content Management System. Using CMS people can create digital content, it doesn't require any coding or programming knowledge.

This is really insane that people can create their own website using some plugins and drag and drop their contents. Some examples of CMS are : WordPress, Drupal, Joomla, Wix etc.

But as we know peoples are ignorant, they don't update the plugins and CMS versions regularly,for this reason their are some unpatched vulnerabilities. If the attacker knows that witch version of CMS and which plugins are used, and the version of plugins then they can be try to exploit the vulnerabilities related to the CMS version or plugins. In this case CMSeeK will help us.

cmseek kali linux


In this tutorial we will learn how to use CMSeeK. CMSeeK is a CMS detection and exploitation tool, which is written in python3.

CMSeeK allows us to run both and simple CMS scan and deep scans, we can also perform multiple site scans. We can run CMSeeK on our Kali Linux (or any Unix based system) and macOS, very soon it will available for windows.

CMSeeK have tons of features:-
  • Basic CMS detection of over 170 CMS.
  • Drupal version detection.
  • Advanced WordPress scan.
  1. Detects Version.
  2. User Enumeration.
  3. Plugins Enumeration.
  4. Theme Enumeration.
  5. Detects  users (3 Detection methods).
  6. Looks for version Vulnerabilities and much more.
  • Advanced Joomla Scan
  1. Version Detection.
  2. Backup files finder.
  3. Admin page finder.
  4. Core vulnerability detection.
  5. Directory listing Check.
  6. Config leak detection.
  7. Various other checks.
  • Modular brute-force system
  1. Use pre-made brute-force modules or create our own and integrate with it.

We need Python version 3 in our Kali Linux to run this tool. So how to install CMSeeK ? We just need to clone it from it's GitHub repository. To do that we will use following command :

git clone https://github.com/Tuhinshubhra/CMSeeK
The screenshot is following:

cmseek github


Now we go to the CMSeeK folder by using cd command:

cd CMSeeK
Then we install all our requirements to run CMSeeK tool, by using following command:

pip3 install -r requirements.txt
The screenshot is following:

pip3 install -r requirements.txt in CMSeeK

This process can take some time depends on our internet speed.

After installing this tool we can run CMSeek by applying following command:

python3 cmseek.py
The screenshot of the command is following:

cmseek main menu


Here we got some options in the main menu of CMSeeK. We choose 1 to perform a CMS detection and deep scan. The screenshot is following:

cmseek enter site


Here we need to choose a target to scan. We choose a friend's old CMS website with permission. So we typed the URL of the website and press Enter. The screenshot is following:



If CMSeeK prompt for user agent, we choose random user agent by pressing Enter.
We can see that CMSeeK is scanning the  target website for the version of CMS and the plugins. It also scan for vulnerabilities and check for admin users. When the scans complete CMSeek will show us the result as following:

cmseek kali linux complete scan


Here we got some vulnerability and we can know about the vulnerability by opening given links.
So, we always need to update regularly our CMS version and plugins  to stay safe. With the help of Bruteforce CMSs menu attacker can attack our CMS site, if we have weak password then it have a chance to be cracked.

This is how  we can scan vulnerabilities on our CMS or any others. For any queries or any suggestion, leave a comment in the comment section.
CMSeeK -- Detect CMS and Exploitation Suit CMSeeK -- Detect CMS and Exploitation Suit Reviewed by Kali Linux on August 07, 2019 Rating: 5

1 comment:

Powered by Blogger.