12/8/15

CMSMAP

CMSmap  es un escaneador open source escrito en python, esta diseñado para detectar posibles vulnerabilidades y brechas de seguridad en los CMS mas populares como WordPress, Joomla y Drupal.

https://github.com/Dionach/CMSmap

La intalacion es Sencilla:

git clone https://github.com/Dionach/CMSmap.git
 
USO:
 
CMSmap tool v0.6 - Simple CMS Scanner
Author: Mike Manzotti mike.manzotti@dionach.com
Usage: cmsmap.py -t 
Targets:
     -t, --target    target URL (e.g. 'https://example.com:8080/')
     -f, --force     force scan (W)ordpress, (J)oomla or (D)rupal
     -F, --fullscan  full scan using large plugin lists. False positives and slow!
     -a, --agent     set custom user-agent
     -T, --threads   number of threads (Default: 5)
     -i, --input     scan multiple targets listed in a given text file
     -o, --output    save output in a file
     --noedb         enumerate plugins without searching exploits

Brute-Force:
     -u, --usr       username or file
     -p, --psw       password or file
     --noxmlrpc      brute forcing WordPress without XML-RPC

Post Exploitation:
     -k, --crack     password hashes file (Require hashcat installed. For WordPress and Joomla only)
     -w, --wordlist  wordlist file

Others:
     -v, --verbose   verbose mode (Default: false)
     -U, --update    (C)MSmap, (W)ordpress plugins and themes, (J)oomla components, (D)rupal modules, (A)ll
     -h, --help      show this help

Examples:
     cmsmap.py -t https://example.com
     cmsmap.py -t https://example.com -f W -F --noedb
     cmsmap.py -t https://example.com -i targets.txt -o output.txt
     cmsmap.py -t https://example.com -u admin -p passwords.txt
     cmsmap.py -k hashes.txt -w passwords.txt
 
 
  

No hay comentarios.: