CMS-Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.

Additionally, CMS-Explorer can be used to aid in security testing. While it performs no direct security checks, the “explore” option can be used to reveal hidden/library files which are not typically accessed by web clients but are nonetheless accessible. This is done by retrieving the module’s current source tree and then requesting those file names from the target system. These requests can be sent through a distinct proxy to help “bootstrap” security testing tools like Burp, Paros, Webinspect, etc.



cms-explorer -url url -type type [options]


	-bsproxy+ 	Proxy to route findings through (fmt: host:port)
	-explore	Look for files in the theme/plugin dir
	-help           This screen
	-osvdb		Do OSVDB check for finds
	-plugins	Look for plugins (default: on)
	-pluginfile+	Plugin file list
	-proxy+ 	Proxy for requests (fmt: host:port)
	-themes		Look for themes (default: on)
	-themefile+	Theme file list (default: themes.txt)
	-type+*		CMS type: Drupal, WordPress, Joomla, Mambo
	-update 	Update lists from WordPress/Drupal (over-writes text files)
	-url+*		Full url to app's base directory
	-verbosity+ 	1-3

	+ Requires value
	* Required option


cyborg@cyborg:~$ sudo cms-explorer -url http://www.*******.*** -type Joomla
[sudo] password for cyborg: 
WARNING: No API key defined, searches will be disabled.

Beginning run against http://www.*******.***/...
Testing themes from joomla_themes.txt...
Theme Installed:		templates/system/
Testing plugins...
Plugin Installed:		components/com_banners/
Plugin Installed:		components/com_contact/
Plugin Installed:		components/com_content/
Plugin Installed:		components/com_eventlist/
Plugin Installed:		components/com_mailto/
Plugin Installed:		components/com_media/
Plugin Installed:		components/com_newsfeeds/

Leave a reply


We're are building as a community and a team. Be a part of it.


©2018 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?