🛠️ CMS

Theory

Content Management System (CMS) is a software widely used for websites creation and management. It allows its users to create and manage websites such as blogs, forums, online stores, etc. Due to it's wide use by "non-tech" users, a lot of vulnerabilities can be found on websites using a CMS.

Practice

Tools

CMS scan for vulnerabilities on WordPress with WPScan.

Simple scan:

wpscan -url $URL
Enumerate users
Brute-force a single user
Brute-force all the users
Enumerate users
wpscan -url $URL -enumerate u
Brute-force a single user
wpscan -url $URL -wordlist wordlist.txt -username $username
Brute-force all the users
wpscan -url www.example.com -e u -wordlist wordlist.txt

CMS scan for vulnerabilities with droopescan.

Simple scan:

droopescan scan -u $URL

For known CMS:

droopescan scan $cms_name -u $URL

Other tools

Browser extension: Wappalyzer allows its user to identify technologies on websites (including CMS). Website: Whatcms.org which helps in answering the question "What CMS Is This Site Using?" by entering an URL. Source code and robots.txt: information about the CMS used can be written in these files.