CMSeeK
Tool and Usage
Project details
Project health
Why this tool?
CMSeeK is a security scanner for content management systems (CMS). It can perform a wide range of functions starting from the detection of the CMS, up to vulnerability scanning. The tool claims to support over 100 different CMS tools, with extensive support for the commonly used ones like Drupal, Joomla, and WordPress.
The scans performed by CMSeeK include version detection. It can also do enumeration of users, plugins, and themes. This might be useful to see what users or components are available. The tool includes admin page discovery, file discovery, and directory listing. Anything that might be useful to a penetration test or security assessment, might be displayed.
How it works
CMSeeK uses a command line interface to start a scan. By just starting the tool with any argument, a text-based interface (TUI) is used and provides an interactive menu. The first option provides a deep scan after just asking for the domain name.
Usage and audience
CMSeeK is commonly used for penetration testing, software exploitation, software identification, or vulnerability scanning. Target users for this tool are pentesters and security professionals.
Features
- Colored output
- Command line interface
- JSON output supported
Example usage and output
python3 cmseek.py (for a guided scanning) OR
python3 cmseek.py [OPTIONS] <Target Specification>
SPECIFING TARGET:
-u URL, --url URL Target Url
-l LIST, -list LIST path of the file containing list of sites
for multi-site scan (comma separated)
USER AGENT:
-r, --random-agent Use a random user agent
--user-agent USER_AGENT Specify custom user agent
OUTPUT:
-v, --verbose Increase output verbosity
VERSION & UPDATING:
--update Update CMSeeK (Requires git)
--version Show CMSeeK version and exit
HELP & MISCELLANEOUS:
-h, --help Show this help message and exit
--clear-result Delete all the scan result
EXAMPLE USAGE:
python3 cmseek.py -u example.com # Scan example.com
python3 cmseek.py -l /home/user/target.txt # Scan the sites specified in target.txt (comma separated)
python3 cmseek.py -u example.com --user-agent Mozilla 5.0 # Scan example.com using custom user-Agent Mozilla is 5.0 used here
python3 cmseek.py -u example.com --random-agent # Scan example.com using a random user-Agent
python3 cmseek.py -v -u example.com # enabling verbose output while scanning example.com
| | | __|___ ___| | | by @r3dhax0r
| --| | | |__ | -_| -_| -| Release name: Diablo Dragon
|_____|_|_|_|_____|___|___|__|__| Version 1.0.9
[+] Deep Scan Results [+]
┏━Target: mywebsite.example
┃
┠── CMS: WordPress
┃ │
┃ ╰── URL: https://wordpress.org
┃
┠──[WordPress Deepscan]
┃ │
┃ ├── Usernames harvested: 2
┃ │ │
┃ │ ├── testing
┃ │ ╰── michael
┃ │
┃
┠── Result: /home/michael/cmseek/mywebsite.example/cms.json
┃
┗━Scan Completed in 20.35 Seconds, using 43 Requests
CMSeeK says ~ Aabar dekha hobey
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
Strengths
- + The source code of this software is available
Weaknesses
- - Full name of author is unknown
Installation
Supported operating systems
CMSeeK is known to work on Linux.
CMSeeK alternatives
Similar tools to CMSeeK:
SQLMate
SQLMate is a security tool that calls itself a friend of SQLMap. It has similar functionality, yet comes with additional features like finding an admin panel and improved hash cracking. The tool can find possible vulnerable targets, with the option to save the results and feed it to others, like SQLMap.
JoomScan
JoomScan is an open source project written in Perl. It can detect Joomla CMS vulnerabilities helps to analyze them.
ZAP
The OWASP Zed Attack Proxy (ZAP) helps to find security vulnerabilities in web applications during development and testing.
This tool page was updated at . Found an improvement? Help the community by submitting an update.
Related tool information
Categories
This tool is categorized as a CMS scanner, CMS vulnerability scanner, admin page scanner, web application information gathering tool, web application scanner, web application security scanner, and website reconnaissance tool.