Zum Inhalt springen
1337skills 1337skills - Referenzen

CMSeeK

Overview

Abschnitt betitelt „Overview“

CMSeeK is a powerful CMS detection and exploitation suite designed for penetration testers and security researchers. It automatically identifies 180+ content management systems (WordPress, Joomla, Drupal, Magento, etc.) and provides vulnerability scanning with automatic exploit suggestions. The tool streamlines reconnaissance and vulnerability assessment during security audits.

Installation

Abschnitt betitelt „Installation“

Prerequisites

Abschnitt betitelt „Prerequisites“
  • Python 3.x
  • Git
  • pip

Basic Installation

Abschnitt betitelt „Basic Installation“
git clone https://github.com/Tuhinshubhra/CMSeeK.git
cd CMSeeK
pip install -r requirements.txt
python3 cmseek.py

On Linux/macOS

Abschnitt betitelt „On Linux/macOS“
chmod +x cmseek.py
python3 cmseek.py -u http://target.com

Docker Installation

Abschnitt betitelt „Docker Installation“
docker pull tuhinshubhra/cmseek
docker run -it tuhinshubhra/cmseek python3 cmseek.py -u http://target.com

Basic Usage

Abschnitt betitelt „Basic Usage“
CommandDescription
python3 cmseek.py -u <url>Detect CMS on target URL
python3 cmseek.py -u <url> -vVerbose output with detailed info
python3 cmseek.py -u <url> --followFollow redirects
python3 cmseek.py -u <url> --timeout 20Set custom timeout in seconds
python3 cmseek.py --helpDisplay help menu

CMS Detection

Abschnitt betitelt „CMS Detection“

Single URL Detection

Abschnitt betitelt „Single URL Detection“
python3 cmseek.py -u http://example.com

Output includes:

  • CMS name and version
  • Detection confidence
  • Admin panel location
  • Vulnerable components
  • Recommended exploits

With Custom User-Agent

Abschnitt betitelt „With Custom User-Agent“
python3 cmseek.py -u http://example.com -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"

Scan Multiple URLs from File

Abschnitt betitelt „Scan Multiple URLs from File“
python3 cmseek.py -l urls.txt

Create urls.txt:

http://target1.com
http://target2.com
http://target3.com

Vulnerability Scanning

Abschnitt betitelt „Vulnerability Scanning“

Basic Vulnerability Scan

Abschnitt betitelt „Basic Vulnerability Scan“
python3 cmseek.py -u http://example.com --cms wordpress

Force CMS Type

Abschnitt betitelt „Force CMS Type“
python3 cmseek.py -u http://example.com --force-cms joomla

Supported CMS platforms:

  • WordPress
  • Joomla
  • Drupal
  • Magento
  • OpenCart
  • PrestaShop
  • Concrete5
  • Ghost
  • Typo3

Output Results

Abschnitt betitelt „Output Results“
python3 cmseek.py -u http://example.com -o report.html

Advanced Options

Abschnitt betitelt „Advanced Options“

Proxy Configuration

Abschnitt betitelt „Proxy Configuration“
python3 cmseek.py -u http://example.com --proxy http://127.0.0.1:8080

SOCKS5 Proxy

Abschnitt betitelt „SOCKS5 Proxy“
python3 cmseek.py -u http://example.com --socks5 127.0.0.1:1080

SSL/TLS Options

Abschnitt betitelt „SSL/TLS Options“
python3 cmseek.py -u https://example.com --no-ssl-verify
python3 cmseek.py -u https://example.com --cert /path/to/cert.pem

Batch Scanning with Options

Abschnitt betitelt „Batch Scanning with Options“
python3 cmseek.py -l urls.txt --follow --timeout 15 -v

WordPress Detection

Abschnitt betitelt „WordPress Detection“

WordPress-Specific Scanning

Abschnitt betitelt „WordPress-Specific Scanning“
python3 cmseek.py -u http://example.com --cms wordpress

CMSeeK detects:

  • WordPress version
  • Active plugins
  • Active themes
  • Vulnerable plugins
  • Admin panel location (usually /wp-admin/)

WordPress Enumeration

Abschnitt betitelt „WordPress Enumeration“
python3 cmseek.py -u http://example.com -e wordpress

Joomla Detection

Abschnitt betitelt „Joomla Detection“

Joomla CMS Detection

Abschnitt betitelt „Joomla CMS Detection“
python3 cmseek.py -u http://example.com --cms joomla

Identifies:

  • Joomla version
  • Installed components
  • Vulnerable extensions
  • Administrator panel

Joomla-Specific Vulnerability Check

Abschnitt betitelt „Joomla-Specific Vulnerability Check“
python3 cmseek.py -u http://example.com --force-cms joomla --vuln

Drupal Detection

Abschnitt betitelt „Drupal Detection“

Drupal CMS Identification

Abschnitt betitelt „Drupal CMS Identification“
python3 cmseek.py -u http://example.com --cms drupal

Detects:

  • Drupal version
  • Installed modules
  • Vulnerable modules
  • Core vulnerabilities

Module Enumeration

Abschnitt betitelt „Module Enumeration“
python3 cmseek.py -u http://example.com -e drupal-modules

Vulnerability Exploitation

Abschnitt betitelt „Vulnerability Exploitation“

Automatic Exploit Suggestions

Abschnitt betitelt „Automatic Exploit Suggestions“
python3 cmseek.py -u http://example.com --exploit

CMSeeK provides:

  • CVE numbers
  • Vulnerability descriptions
  • PoC links
  • Remediation steps

Get Exploits for Detected Vulnerabilities

Abschnitt betitelt „Get Exploits for Detected Vulnerabilities“
python3 cmseek.py -u http://example.com -e all

Custom Exploit Database

Abschnitt betitelt „Custom Exploit Database“
python3 cmseek.py -u http://example.com --db /custom/exploits/

Output and Reporting

Abschnitt betitelt „Output and Reporting“

HTML Report Generation

Abschnitt betitelt „HTML Report Generation“
python3 cmseek.py -u http://example.com -o results.html

JSON Output

Abschnitt betitelt „JSON Output“
python3 cmseek.py -u http://example.com -j results.json

CSV Export

Abschnitt betitelt „CSV Export“
python3 cmseek.py -l urls.txt -c results.csv

Verbose Console Output

Abschnitt betitelt „Verbose Console Output“
python3 cmseek.py -u http://example.com -v

Configuration

Abschnitt betitelt „Configuration“

Config File Location

Abschnitt betitelt „Config File Location“
~/.cmseek/config.conf

Common Settings

Abschnitt betitelt „Common Settings“
[DEFAULT]
timeout = 10
follow_redirects = true
user_agent = custom_ua
proxy = http://127.0.0.1:8080
threads = 5

Custom Configuration File

Abschnitt betitelt „Custom Configuration File“
python3 cmseek.py -u http://example.com --config custom.conf

Performance Tuning

Abschnitt betitelt „Performance Tuning“

Multi-threading for Batch Operations

Abschnitt betitelt „Multi-threading for Batch Operations“
python3 cmseek.py -l urls.txt --threads 10

Timeout Configuration

Abschnitt betitelt „Timeout Configuration“
python3 cmseek.py -u http://example.com --timeout 30

Connection Pooling

Abschnitt betitelt „Connection Pooling“
python3 cmseek.py -l urls.txt --keepalive

Security Headers Detection

Abschnitt betitelt „Security Headers Detection“

Scan Security Headers

Abschnitt betitelt „Scan Security Headers“
python3 cmseek.py -u http://example.com --headers

Checks for:

  • X-Frame-Options
  • Content-Security-Policy
  • X-Content-Type-Options
  • HSTS

Custom Header Scanning

Abschnitt betitelt „Custom Header Scanning“
python3 cmseek.py -u http://example.com --header "Authorization: Bearer token"

Filtering and Targeting

Abschnitt betitelt „Filtering and Targeting“

Skip Certain CMS Types

Abschnitt betitelt „Skip Certain CMS Types“
python3 cmseek.py -u http://example.com --skip wordpress,joomla

Target Specific CMS Only

Abschnitt betitelt „Target Specific CMS Only“
python3 cmseek.py -u http://example.com --only drupal

URL Pattern Filtering

Abschnitt betitelt „URL Pattern Filtering“
python3 cmseek.py -l urls.txt --filter "*.edu"

Common Workflows

Abschnitt betitelt „Common Workflows“

Complete Reconnaissance

Abschnitt betitelt „Complete Reconnaissance“
python3 cmseek.py -u http://example.com -v -e all -o report.html

Batch Site Auditing

Abschnitt betitelt „Batch Site Auditing“
python3 cmseek.py -l sites.txt --threads 5 -o results.html

Vulnerability Assessment

Abschnitt betitelt „Vulnerability Assessment“
python3 cmseek.py -u http://example.com --cms wordpress --vuln --exploit

CMS Version Detection Only

Abschnitt betitelt „CMS Version Detection Only“
python3 cmseek.py -u http://example.com --version-only

Troubleshooting

Abschnitt betitelt „Troubleshooting“

Connection Timeout Issues

Abschnitt betitelt „Connection Timeout Issues“
python3 cmseek.py -u http://example.com --timeout 60 --follow

SSL Certificate Errors

Abschnitt betitelt „SSL Certificate Errors“
python3 cmseek.py -u https://example.com --no-ssl-verify

Proxy Authentication

Abschnitt betitelt „Proxy Authentication“
python3 cmseek.py -u http://example.com --proxy http://user:pass@127.0.0.1:8080

Update Exploit Database

Abschnitt betitelt „Update Exploit Database“
python3 cmseek.py --update-db

Detection Signatures

Abschnitt betitelt „Detection Signatures“

WordPress Detection Methods

Abschnitt betitelt „WordPress Detection Methods“
# Checks wp-content directory
# Looks for wp-includes files
# Scans readme.html
# Identifies wp-admin panel

Joomla Detection Methods

Abschnitt betitelt „Joomla Detection Methods“
# Checks media/jui/css
# Scans robots.txt patterns
# Looks for administrator panel
# Detects Joomla version patterns

General Detection

Abschnitt betitelt „General Detection“

CMSeeK uses:

  • HTTP header analysis
  • Source code fingerprinting
  • Cookie patterns
  • Directory enumeration
  • Version detection signatures

Best Practices

Abschnitt betitelt „Best Practices“
  1. Always obtain authorization before scanning production systems
  2. Use appropriate timeouts to avoid overwhelming target servers
  3. Respect rate limits when scanning multiple URLs
  4. Review results carefully - false positives can occur
  5. Keep exploit database updated regularly
  6. Use proxies/VPNs to maintain operational security
  7. Document all findings in reports
Abschnitt betitelt „Legal Considerations“

CMSeeK is designed for authorized security testing only. Ensure you have explicit permission from the system owner before conducting vulnerability assessments. Unauthorized access to computer systems is illegal.

Resources

Abschnitt betitelt „Resources“