WHAT IS CMS?
CMS stands for Content Management Systems. CMS provide to help webmaster processing their website easier, it is also the most critical success of every website. A content management system support creation, management, distribution, publishing and discovery of corporate information. It is also provide the ability to manage structure of the site pages or contents, appearance, and navigation. You may familiar with these most famous CMS :
I will not explain more detail about CMS here, our main focus here is how could we know or identify if website has certain CMS on it. That’s it, by knowing what CMS running or target, we could then processing for further penetration test. Such scan if the target has vulnerabilities on that CMS version or on others functionality like plugin, etc.
HOW TO SCAN WEBSITE CMS?
I will show you tools which is useful to gain information especially of course to identify it’s CMS. Kali linux actually has this built-in tool. It is whatweb, therefore whatweb is just collecting a general information, it is also able to detect the CMS on site running. Other tool which is designed to this particular purpose is called CMSmap. You need to install it before to use it later.
DETECT WEBSITE CMS WITH WHATWEB
STEP 1: Open Terminal, fire up whatweb
Lets just read what this tool is able to do, run this command to display the help message.
You can read it by yourself, anyway, whatweb has a lot information on that.
STEP 2: Scan the target
Although whatweb has a lot arguments to use, we could just simply run this command pattern to simplify our progress.
$ whatweb [url]
As shown above, the target has wordpress installed on his server. Easy right? just as simple as that. Next i will show you the other tool i mentioned earlier, CMSmap.
DETECT WEBSITE CMS WITH CMSmap
STEP 1: Installing CMSmap
Enter the following command to download CMSmap tool:
git clone https://github.com/Dionach/CMSmap.git
After you downloaded CMSmap files, now enter CMSmap directory using cd.
CMSmap is written using python V2, you might notice some errors if you run CMSmap using python V3 or latest. Run CMSmap using this command
<span style="color: #ff0000;">root@localhost:/home/TheHackToday/CMSmap#</span> python2.7 cmsmap.py
CMSmap tool v0.6 - Simple CMS Scanner
Author: Mike Manzotti firstname.lastname@example.org
Usage: cmsmap.py -t &lt;URL&gt;
-t, --target target URL (e.g. 'https://example.com:8080/')
-f, --force force scan (W)ordpress, (J)oomla or (D)rupal
-F, --fullscan full scan using large plugin lists. False positives and slow!
-a, --agent set custom user-agent
-T, --threads number of threads (Default: 5)
-i, --input scan multiple targets listed in a given text file
-o, --output save output in a file
--noedb enumerate plugins without searching exploits
-u, --usr username or file
-p, --psw password or file
--noxmlrpc brute forcing WordPress without XML-RPC
-k, --crack password hashes file (Require hashcat installed. For WordPress and Joomla only)
-w, --wordlist wordlist file
-v, --verbose verbose mode (Default: false)
-U, --update (C)MSmap, (W)ordpress plugins and themes, (J)oomla components, (D)rupal modules, (A)ll
-h, --help show this help
cmsmap.py -t https://example.com
cmsmap.py -t https://example.com -f W -F --noedb
cmsmap.py -t https://example.com -i targets.txt -o output.txt
cmsmap.py -t https://example.com -u admin -p passwords.txt
cmsmap.py -k hashes.txt -w passwords.txt
CMSmap is able to scan multiple target listed on file, and scan availabe plugins. By the way this tool kinda outdated, i dont know why the developer of this tool does not improve CMSmap again, since 2015 i guess. But it is useful thou in other way.
So, after you already known what CMS is running, then your next step is to scan the vulnerability against it’s CMS. If you are lucky you may found some bugs which are able to be exploited further. I remain you to be a good person, OK