LSE toolsLSE toolsCMSmap (300)CMSmap (300)

Tool and Usage

Project details
Programming languagePython
AuthorMike Manzotti
Latest releaseNo release found

Project health

This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

CMSmap helps saving time in the process of detecting what CMS is used for a given web application. It performs reconnaissance and can do additional vulnerability scanning.

How it works

CMSmap scans a web application by looking at HTTP headers and returned HTML code. Upon detection of the used CMS, the tool will start more specific tests for that CMS. It may go for the detection of particular themes, user names, or plugins.

Background information

Supported CMS:

  • WordPress
  • Joomla
  • Drupal

Usage and audience

CMSmap is commonly used for application testing, information gathering, vulnerability scanning, or web application analysis. Target users for this tool are pentesters, security professionals, and system administrators.

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + The source code of this software is available

Author and Maintainers

CMSmap is under development by Mike Manzotti.


Supported operating systems

CMSmap is known to work on Linux.

Installation options

To use CMSmap, install it via the following method below.


git clone

After installation, check the version number of the program and compare it with the one on this page. Be aware of versions that are outdated, as they may contain bugs or even security vulnerabilities.

CMSmap alternatives

Similar tools to CMSmap:



Vane is a forked project of the now non-free popular WordPress vulnerability scanner WPScan.



Archery is a Django-based application to perform vulnerability assessments and do vulnerability management.



Dagda is a security tool to perform static analysis of known vulnerabilities, malware and threats in Docker images and containers. It monitors both the Docker daemon and running containers to find anomalies and suspicious activities.

All CMSmap alternatives

Found an improvement? Help the community by submitting an update.