Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

CMS漏洞检测工具 CMSmap

$
0
0

CMSmap是一个python编写的针对开源CMS(内容管理系统)的安全扫描器,它可以自动检测当前国外最流行的CMS的安全漏洞。CMSmap主要是在一个单一的工具集合了不同类型的CMS的常见的漏洞。CMSmap目前只支持WordPress,Joomla和Drupal。

安装

Cloning最新 CMSmap版本:

gitclone https://github.com/Dionach/CMSmap.git 使用 CMSmaptoolv0.6 - SimpleCMSScanner Author: MikeManzottimike.manzotti@dionach.com Usage: cmsmap.py -t <URL> Targets: -t, --targettargetURL (e.g. 'https://example.com:8080/') -f, --forceforcescan (W)ordpress, (J)oomlaor (D)rupal -F, --fullscanfullscanusinglargepluginlists. False positivesand slow! -a, --agentsetcustomuser-agent -T, --threadsnumberofthreads (Default: 5) -i, --inputscanmultipletargetslistedin a giventextfile -o, --outputsaveoutputin a file --noedbenumeratepluginswithoutsearchingexploits Brute-Force: -u, --usrusernameor file -p, --pswpasswordor file --noxmlrpcbruteforcingWordPresswithoutXML-RPC PostExploitation: -k, --crackpasswordhashesfile (Requirehashcatinstalled. For WordPressand Joomlaonly) -w, --wordlistwordlistfile Others: -v, --verboseverbosemode (Default: false) -U, --update(C)MSmap, (W)ordpresspluginsand themes, (J)oomlacomponents, (D)rupalmodules, (A)ll -h, --helpshowthis help Examples: cmsmap.py -t https://example.com cmsmap.py -t https://example.com -f W -F --noedb cmsmap.py -t https://example.com -i targets.txt -o output.txt cmsmap.py -t https://example.com -u admin -p passwords.txt cmsmap.py -k hashes.txt -w passwords.txt

下载地址: https://github.com/dionach/CMSmap


Viewing all articles
Browse latest Browse all 12749

Trending Articles