vlambda博客
学习文章列表

Python CMSmap漏洞扫描工具

CMSmap是一个python开源CMS扫描程序,它可以自动检测最流行CMS的安全漏洞。CMSmap的主要目的是在一个工具中集成针对不同类型CMS的常见漏洞。


目前,CMSmap支持的CMS是WordPress,Joomla,Drupal和Moodle。


安装

您可以通过克隆GitHub存储库来下载最新版本的CMSmap:

 git clone https://github.com/Dionach/CMSmap

然后,您需要在中配置edbtypeedbpath设置cmsmap.confGIT如果您具有Exploit-db的本地Git存储库,请使用

[exploitdb]
edbtype = GIT
edbpath = /opt/exploitdb/

或者,APT如果已安装debianexploitdb软件包,则使用对于Kali,请使用以下设置:

[exploitdb]
edbtype = APT
edbpath = /usr/share/exploitdb/

如果您想cmsmap从系统中的任何位置运行,可以使用以下命令进行安装pip3

cd CMSmap
pip3 install .

要卸载它:

pip3 uninstall cmsmap -y

用法

usage: cmsmap [-f W/J/D] [-F] [-t] [-a] [-H] [-i] [-o] [-E] [-d] [-u] [-p]
[-x] [-k] [-w] [-v] [-h] [-D] [-U W/J/D]
[target]

CMSmap tool v1.0 - Simple CMS Scanner
Author: Mike Manzotti

Scan:
target target URL (e.g. 'https://example.com:8080/')
-f W/J/D, --force W/J/D
force scan (W)ordpress, (J)oomla or (D)rupal
-F, --fullscan full scan using large plugin lists. False positives and slow!
-t , --threads number of threads (Default 5)
-a , --agent set custom user-agent
-H , --header add custom header (e.g. 'Authorization: Basic ABCD...')
-i , --input scan multiple targets listed in a given file
-o , --output save output in a file
-E, --noedb enumerate plugins without searching exploits
-c, --nocleanurls disable clean urls for Drupal only
-s, --nosslcheck don't validate the server's certificate
-d, --dictattack run low intense dictionary attack during scanning (5 attempts per user)

Brute-Force:
-u , --usr username or username file
-p , --psw password or password file
-x, --noxmlrpc brute forcing WordPress without XML-RPC

Post Exploitation:
-k , --crack password hashes file (Require hashcat installed. For WordPress and Joomla only)
-w , --wordlist wordlist file

Others:
-v, --verbose verbose mode (Default false)
-h, --help show this help message and exit
-D, --default rum CMSmap with default options
-U, --update use (C)MSmap, (P)lugins or (PC) for both

Examples:
cmsmap.py https://example.com
cmsmap.py https://example.com -f W -F --noedb -d
cmsmap.py https://example.com -i targets.txt -o output.txt
cmsmap.py https://example.com -u admin -p passwords.txt
cmsmap.py -k hashes.txt -w passwords.txt

点击 - 阅读原文观看使用教程