The Hacker Recipes
GitHubTwitterExegolTools
Search…
Introduction
Active Directory
Reconnaissance
Movement
Persistence
Web services
Reconnaissance
HTTP response headers
Comments and metadata
Error messages
Site crawling
Directory fuzzing
Subdomains enumeration
Virtual host fuzzing
Web Application Firewall (WAF)
Content Management System (CMS)
Other technologies
Known vulnerabilities
Configuration
Accounts and sessions
User inputs
Systems & services
Reconnaissance
Movement
Privilege escalation
Pivoting
🛠️ Physical
Locks
Networking
Machines
Super secret zones
🛠️ Intelligence gathering
CYBINT
OSINT
GEOINT
🛠️ RADIO
RFID
Bluetooth
Wi-Fi
Wireless keyboard/mouse
🛠️ mobile apps
Android
iOS
Powered By GitBook
Content Management System (CMS)

Theory

A Content Management System (CMS) is a type of software widely used for websites creation and management. It the allows its users to easily create and manage websites such as blogs, forums and online stores. Among web applications, the large usage of CMS makes those software a huge target.
Here is a shortlist of the most common CMS: WordPress, Joomla, Shopify, Drupal, Magento, Typo3.

Practice

The use of a CMS on a web application is usually quite easy to spot with visual elements:
  • Credits at the bottom or corner of pages
  • HTTP headers
  • Common files (e.g. robots.txt, sitemap.xml)
  • Comments and metadata (HTML, CSS, JavaScript)
  • Stack traces and verbose error messages
Automated scanning tools can also help identify which technologies are used, and if known vulnerabilities may be present. Tools vary depending on the CMS technology to audit.
  • WPScan (Ruby) can be used for sites that use WordPress
  • droopescan (Python) supports Drupal, SilverStripe and WordPress and partially supports Joomla and Moodle.
  • Wappalyzer is a browser extension that can detect the use of certain software including CMS
  • Whatcms.org can help answering the question "What CMS is this site using?" but needs the target website to be accessible from the Internet.
WPScan
droopescan
For web applications built with WordPress, WPScan (Ruby) can be used to enumerate information and potential vulnerabilities. Appart from bruteforce and enumeration operations, WPScan doesn't implement exploits.
1
# simple scan (no exploitation)
2
wpscan --url $URL
3
4
# enumerate users
5
wpscan --url $URL --enumerate u
6
7
# enumerate a range of users
8
wpscan --url $URL --enumerate u1-100
9
10
# bruteforce a user
11
wpscan --url $URL --username $username --passwords "/path/to/wordlist.txt"
12
13
# enumerate and bruteforce users
14
wpscan --url $URL --enumerate u --passwords "/path/to/wordlist.txt"
Copied!
For web applications built with Drupal, SilverStripe, WordPress, Joomla or Moodle, droopescan (Python) can be used to enumerate information and potential vulnerabilities. Apart from bruteforce and enumeration operations, WPScan doesn't implement exploits.
1
# CMS identification
2
droopescan scan -u $URL
3
4
# Basic scan (known CMS)
5
droopescan scan $cms_name -u $URL
Copied!
Previous
Web Application Firewall (WAF)
Next
Other technologies
Last modified 3mo ago
Copy link
Contents
Theory
Practice