CMSeeK - CMS Detection And Exploitation Suite


What is a CMS?
A content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc.

Release History
- Version 1.0.0 [15-06-2018]

Functions Of CMSeek:
  • Basic CMS Detection of over 20 CMS
  • Advanced Wordpress Scans
    • Detects Version
    • Detects Users (3 Detection Methods)
    • Looks for Version Vulnerabilities and much more!
  • Modular bruteforce system
    • Use pre made bruteforce modules or create your own and integrate with it

Requirements and Compatibility:
CMSeeK is built using python3, you will need python3 to run this tool and is compitable with unix based systems as of now. Windows support will be added later.

Installation and Usage:
It is fairly easy to use CMSeeK, just make sure you have python3 and git (just for cloning the repo) installed and use the following commands:
  • git clone https://github.com/Tuhinshubhra/CMSeeK
  • cd CMSeeK
  • python3 cmseek.py
The rest should be pretty self explanotory.

Detection Methods:
CMSeek uses mainly 2 things for detection:
  • HTTP Headers
  • Page Source Code

Supported CMSs:
CMSeeK currently can detect 22 CMSs, you can find the list on cmss.py file which is present in the cmseekdb directory. All the cmss are stored in the following way:
 cmsID = {
   'name':'Name Of CMS',
   'url':'Official URL of the CMS',
   'vd':'Version Detection (0 for no, 1 for yes)',
   'deeps':'Deep Scan (0 for no 1 for yes)'
 }

Scan Result:
All of your scan results are stored in a json file named cms.json, you can find the logs inside the Result\<Target Site> directory, and as of the bruteforce results they're stored in a txt file under the site's result directory as well.

Here is an example of the json report log:



Bruteforce Modules:
CMSeek has a modular bruteforce system meaning you can add your custom made bruteforce modules to work with cmseek. A proper documentation for creating modules will be created shortly but in case you already figured out how to (pretty easy once you analyze the pre-made modules) all you need to do is this:
  1. Add a comment exactly like this # <Name Of The CMS> Bruteforce module. This will help CMSeeK to know the name of the CMS using regex
  2. Add another comment ### cmseekbruteforcemodule, this will help CMSeeK to know it is a module
  3. Copy and paste the module in the brutecms directory under CMSeeK's directory
  4. Open CMSeeK and Rebuild Cache using U as the input in the first menu.
  5. If everything is done right you'll see something like this (refer to screenshot below) and your module will be listed in bruteforce menu the next time you open CMSeeK.
Need More Reasons To Use CMSeeK?
If not anything you can always enjoy exiting CMSeeK (please don't), it will bid you goodbye in a random goodbye message in various languages.
Also you can try reading comments in the code those are pretty random and weird!!!

Screenshots:

Main Menu

Scan Result

WordPress Scan Result


CMSeeK - CMS Detection And Exploitation Suite CMSeeK - CMS Detection And Exploitation Suite Reviewed by Lydecker Black on 5:35 PM Rating: 5