CMSeeK: CMS Detection and Exploitation Suite
Overview
CMSeeK is a powerful tool designed to detect and exploit vulnerabilities in a wide range of Content Management Systems (CMS). It supports scanning for over 180 different CMSs, making it an essential tool for web security professionals.
Functions of CMSeeK
Basic CMS Detection
CMSeeK can detect over 180 CMSs through various methods.
Drupal Scans
- Version detection
Advanced WordPress Scans
- Version detection
- User enumeration (3 detection methods)
- Plugins enumeration
- Theme enumeration
- Version vulnerability detection and more
Advanced Joomla Scans
- Version detection
- Backup files finder
- Admin page finder
- Core vulnerability detection
- Directory listing check
- Config leak detection
- Various other checks
Modular Bruteforce System
CMSeeK includes a modular bruteforce system, allowing you to use pre-made bruteforce modules or create and integrate your own.
Requirements and Compatibility
CMSeeK is built using Python 3 and is compatible with Unix-based systems. Windows support will be added in the future. CMSeeK relies on git for auto-update, so make sure git is installed.
Installation and Usage
Follow these steps to install and use CMSeeK:
Installation
git clone https://github.com/Tuhinshubhra/CMSeeKcd CMSeeKpip/pip3 install -r requirements.txt
Usage
For guided scanning, use:
python3 cmseek.py
For scanning a specific target:
python3 cmseek.py -u <target_url>
Checking for Updates
You can check for updates from the main menu or by using:
python3 cmseek.py --update
Ensure git is installed, as CMSeeK uses it to apply updates automatically.
Detection Methods
CMSeeK uses the following methods to detect CMSs:
- HTTP Headers
- Generator meta tag
- Page source code
- robots.txt
- Directory check
Disclaimer
This tool is for educational purposes only. Usage of CMSeeK for attacking targets without prior mutual consent is illegal. Developers assume no liability and are not responsible for any misuse or damage caused by this program.