๐Ÿ› ๏ธ CMS

Theory

Content Management System (CMS) is a software widely used for websites creation and management. It allows its users to create and manage websites such as blogs, forums, online stores, etc. Due to it's wide use by "non-tech" users, a lot of vulnerabilities can be found on websites using a CMS.

Practice

Tools

CMS scan for vulnerabilities on WordPress with WPScan.
Simple scan:
1
wpscan -url $URL
Copied!
Enumerate users
Brute-force a single user
Brute-force all the users
1
wpscan -url $URL -enumerate u
Copied!
1
wpscan -url $URL -wordlist wordlist.txt -username $username
Copied!
1
wpscan -url www.example.com -e u -wordlist wordlist.txt
Copied!
CMS scan for vulnerabilities with droopescan.
Simple scan:
1
droopescan scan -u $URL
Copied!
For known CMS:
1
droopescan scan $cms_name -u $URL
Copied!

Other tools

Browser extension: Wappalyzer allows its user to identify technologies on websites (including CMS). Website: Whatcms.org which helps in answering the question "What CMS Is This Site Using?" by entering an URL. Source code and robots.txt: information about the CMS used can be written in these files.
Last modified 3mo ago