{"id":3865,"date":"2015-03-01T01:07:33","date_gmt":"2015-02-28T17:07:33","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3865"},"modified":"2015-03-14T17:40:06","modified_gmt":"2015-03-14T09:40:06","slug":"cmsmap-content-management-system-security-scanner","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2015\/03\/cmsmap-content-management-system-security-scanner\/","title":{"rendered":"CMSmap &#8211; Content Management System Security Scanner"},"content":{"rendered":"<p>CMSmap is a Python open source Content Management System security scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool.<\/p>\n<p>At the moment, CMSs supported by CMSmap are WordPress, Joomla and Drupal. This is as opposed to tools like <a href=\"https:\/\/www.darknet.org.uk\/2011\/07\/wpscan-wordpress-securityvulnerability-scanner\/\">WPScan<\/a> or <a href=\"https:\/\/www.darknet.org.uk\/2015\/02\/droopescan-plugin-based-cms-security-scanner\/\">Droopescan<\/a> which just specialise in the security of a single CMS system.<\/p>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/farm9.staticflickr.com\/8680\/16671912651_a91343ae00.jpg\" alt=\"CMSmap - Content Management System Security Scanner\" \/><\/p>\n<p>Please note that this project is an early state. As such, you might find bugs, flaws or mulfunctions. Use it at your own risk!<\/p>\n<h3>Usage<\/h3>\n<pre>CMSmap tool v0.3 - Simple CMS Scanner\r\nAuthor: Mike Manzotti mike.manzotti@dionach.com\r\nUsage: cmsmap.py -t <URL>\r\n          -t, --target    target URL (e.g. 'https:\/\/abc.test.com:8080\/')\r\n          -v, --verbose   verbose mode (Default: false)\r\n          -T, --threads   number of threads (Default: 5)\r\n          -u, --usr       username or file \r\n          -p, --psw       password or file\r\n          -i, --input     scan multiple targets listed in a given text file\r\n          -o, --output    save output in a file\r\n          -k, --crack     password hashes file\r\n          -w, --wordlist  wordlist file (Default: rockyou.txt - WordPress only)       \r\n          -a, --agent     set custom user-agent  \r\n          -U, --update    (C)MSmap, (W)ordpress plugins and themes, (J)oomla components, (D)rupal modules\r\n          -f, --force     force scan (W)ordpress, (J)oomla or (D)rupal\r\n          -F, --fullscan  full scan using large plugin lists. Slow! (Default: false)\r\n          -h, --help      show this help   \r\n\r\nExample: cmsmap.py -t https:\/\/example.com\r\n         cmsmap.py -t https:\/\/example.com -f W -F\r\n         cmsmap.py -t https:\/\/example.com -i targets.txt -o output.txt\r\n         cmsmap.py -t https:\/\/example.com -u admin -p passwords.txt\r\n         cmsmap.py -k hashes.txt<\/pre>\n<p>You can grab CMSmap by cloning their Github repo:<\/p>\n<pre>git clone https:\/\/github.com\/Dionach\/CMSmap.git<\/pre>\n<p>Or read more <a href=\"https:\/\/github.com\/dionach\/CMSmap\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CMSmap is a Python open source Content Management System security scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool. At the moment, CMSs supported by CMSmap are WordPress, Joomla and Drupal. [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"CMSmap is a Python open-source Content Management System security scanner that supports scanning for flaws in WordPress, Joomla and Drupal.","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[9,15],"tags":[5391,284,899,910],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/3865"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=3865"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/3865\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=3865"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=3865"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=3865"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}