{"id":13454562,"url":"https://github.com/Tuhinshubhra/CMSeeK","last_synced_at":"2025-03-24T06:30:54.884Z","repository":{"id":40336213,"uuid":"137285153","full_name":"Tuhinshubhra/CMSeeK","owner":"Tuhinshubhra","description":"CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs","archived":false,"fork":false,"pushed_at":"2024-04-09T13:40:52.000Z","size":712,"stargazers_count":2385,"open_issues_count":26,"forks_count":504,"subscribers_count":74,"default_branch":"master","last_synced_at":"2025-03-23T18:05:28.160Z","etag":null,"topics":["bruteforce","cms","cms-bruteforce","cms-detect","cms-detection","cms-framework","content-management-system","drupal","drupal-bruteforce","exploitation-framework","joomla","joomla-bruteforce","opencart-bruteforce","web-scanner","wordpress","wordpress-bruteforce","wordpress-scanner"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Tuhinshubhra.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-06-14T00:15:51.000Z","updated_at":"2025-03-21T06:43:26.000Z","dependencies_parsed_at":"2022-08-09T17:31:11.692Z","dependency_job_id":"fb2fe2c4-f830-4181-b936-ec6521aea598","html_url":"https://github.com/Tuhinshubhra/CMSeeK","commit_stats":{"total_commits":352,"total_committers":19,"mean_commits":"18.526315789473685","dds":"0.19318181818181823","last_synced_commit":"20f9780d2e682874be959cfd487045c92e3c73f4"},"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tuhinshubhra%2FCMSeeK","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tuhinshubhra%2FCMSeeK/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tuhinshubhra%2FCMSeeK/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tuhinshubhra%2FCMSeeK/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Tuhinshubhra","download_url":"https://codeload.github.com/Tuhinshubhra/CMSeeK/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245222307,"owners_count":20580129,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bruteforce","cms","cms-bruteforce","cms-detect","cms-detection","cms-framework","content-management-system","drupal","drupal-bruteforce","exploitation-framework","joomla","joomla-bruteforce","opencart-bruteforce","web-scanner","wordpress","wordpress-bruteforce","wordpress-scanner"],"created_at":"2024-07-31T08:00:55.405Z","updated_at":"2025-03-24T06:30:54.849Z","avatar_url":"https://github.com/Tuhinshubhra.png","language":"Python","funding_links":[],"categories":["CMS","Uncategorized","Python","\u003ca name=\"security\"\u003e\u003c/a\u003esecurity","Python (1887)","Tools","wordpress"],"sub_categories":["Open Redirect","Uncategorized","XSS"],"readme":"\u003cp align='center'\u003e\r\n  \u003cimg src=\"https://i.imgur.com/5VYs1m2.png\" alt=\"Logo\"\u003e \u003cbr\u003e\r\n  \u003ca href=\"https://github.com/Tuhinshubhra/CMSeeK/releases/tag/v.1.1.3\"\u003e\u003cimg src=\"https://img.shields.io/badge/Version-1.1.3-brightgreen.svg?style=style=flat-square\" alt=\"version\"\u003e\u003c/a\u003e\r\n  \u003ca href=\"https://github.com/Tuhinshubhra/CMSeeK/\"\u003e\u003cimg src=\"https://img.shields.io/badge/python-3-orange.svg?style=style=flat-square\" alt=\"Python Version\"\u003e\u003c/a\u003e\r\n  \u003ca href=\"https://github.com/Tuhinshubhra/CMSeeK/stargazers\"\u003e\u003cimg src=\"https://img.shields.io/github/stars/Tuhinshubhra/CMSeeK.svg\" alt=\"GitHub stars\" /\u003e\u003c/a\u003e\r\n  \u003ca href=\"https://github.com/Tuhinshubhra/CMSeeK/blob/master/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/github/license/Tuhinshubhra/CMSeeK.svg\" alt=\"GitHub license\" /\u003e\u003c/a\u003e\r\n  \u003ca href=\"https://twitter.com/r3dhax0r\"\u003e\u003cimg src=\"https://img.shields.io/twitter/url/https/github.com/Tuhinshubhra/CMSeeK.svg?style=social\" alt=\"Twitter\" /\u003e\u003c/a\u003e\r\n\u003c/p\u003e\r\n\r\n## What is a CMS?\r\n\u003e A content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: *WordPress, Joomla, Drupal etc*.\r\n\r\n## Release History\r\n```\r\n- Version 1.1.3 [25-07-2020]\r\n- Version 1.1.2 [19-05-2019]\r\n- Version 1.1.1 [01-02-2019]\r\n- Version 1.1.0 [28-08-2018]\r\n- Version 1.0.9 [21-08-2018]\r\n- Version 1.0.8 [14-08-2018]\r\n- Version 1.0.7 [07-08-2018]\r\n...\r\n```\r\n[Changelog File](https://github.com/Tuhinshubhra/CMSeeK/blob/master/CHANGELOG)\r\n\r\n## Functions Of CMSeek:\r\n\r\n- Basic CMS Detection of over 180 CMS\r\n- Drupal version detection\r\n- Advanced Wordpress Scans\r\n  - Detects Version\r\n  - User Enumeration\r\n  - Plugins Enumeration\r\n  - Theme Enumeration\r\n  - Detects Users (3 Detection Methods)\r\n  - Looks for Version Vulnerabilities and much more!\r\n- Advanced Joomla Scans\r\n  - Version detection\r\n  - Backup files finder\r\n  - Admin page finder\r\n  - Core vulnerability detection\r\n  - Directory listing check\r\n  - Config leak detection\r\n  - Various other checks\r\n- Modular bruteforce system\r\n  - Use pre made bruteforce modules or create your own and integrate with it\r\n\r\n## Requirements and Compatibility:\r\n\r\nCMSeeK is built using **python3**, you will need python3 to run this tool and is compitable with **unix based systems** as of now. Windows support will be added later. CMSeeK relies on **git** for auto-update so make sure git is installed.\r\n\r\n## Installation and Usage:\r\n\r\nIt is fairly easy to use CMSeeK, just make sure you have python3 and git (just for cloning the repo) installed and use the following commands:\r\n\r\n- git clone `https://github.com/Tuhinshubhra/CMSeeK`\r\n- cd CMSeeK\r\n- pip/pip3 install -r requirements.txt\r\n\r\nFor guided scanning:\r\n\r\n- python3 cmseek.py\r\n\r\nElse:\r\n\r\n- python3 cmseek.py -u \u003ctarget_url\u003e [...]\r\n\r\nHelp menu from the program:\r\n\r\n```\r\nUSAGE:\r\n       python3 cmseek.py (for guided scanning) OR\r\n       python3 cmseek.py [OPTIONS] \u003cTarget Specification\u003e\r\n\r\nSPECIFING TARGET:\r\n      -u URL, --url URL            Target Url\r\n      -l LIST, --list LIST         Path of the file containing list of sites\r\n                                   for multi-site scan (comma separated or one-per-line)\r\n\r\nMANIPULATING SCAN:\r\n      -i cms, --ignore--cms cms    Specify which CMS IDs to skip in order to\r\n                                   avoid flase positive. separated by comma \",\"\r\n\r\n      --strict-cms cms             Checks target against a list of provided\r\n                                   CMS IDs. separated by comma \",\"\r\n\r\n      --skip-scanned               Skips target if it's CMS was previously detected.\r\n\r\nRE-DIRECT:\r\n      --follow-redirect            Follows all/any redirect(s)\r\n      --no-redirect                Skips all redirects and tests the input target(s)\r\n\r\nUSER AGENT:\r\n      -r, --random-agent           Use a random user agent\r\n      --googlebot                  Use Google bot user agent\r\n      --user-agent USER_AGENT      Specify a custom user agent\r\n\r\nOUTPUT:\r\n      -v, --verbose                Increase output verbosity\r\n\r\nVERSION \u0026 UPDATING:\r\n      --update                     Update CMSeeK (Requires git)\r\n      --version                    Show CMSeeK version and exit\r\n\r\nHELP \u0026 MISCELLANEOUS:\r\n      -h, --help                   Show this help message and exit\r\n      --clear-result               Delete all the scan result\r\n      --batch                      Never ask you to press enter after every site in a list is scanned\r\n\r\nEXAMPLE USAGE:\r\n      python3 cmseek.py -u example.com                           # Scan example.com\r\n      python3 cmseek.py -l /home/user/target.txt                 # Scan the sites specified in target.txt (comma separated)\r\n      python3 cmseek.py -u example.com --user-agent Mozilla 5.0  # Scan example.com using custom user-Agent Mozilla is 5.0 used here\r\n      python3 cmseek.py -u example.com --random-agent            # Scan example.com using a random user-Agent\r\n      python3 cmseek.py -v -u example.com                        # enabling verbose output while scanning example.com\r\n\r\n```\r\n\r\n## Checking For Update:\r\n\r\nYou can check for update either from the main menu or use `python3 cmseek.py --update` to check for update and apply auto update.\r\n\r\nP.S: Please make sure you have `git` installed, CMSeeK uses git to apply auto update.\r\n\r\n## Detection Methods:\r\n\r\nCMSeek detects CMS via the following:\r\n- HTTP Headers\r\n- Generator meta tag\r\n- Page source code\r\n- robots.txt\r\n- Directory check\r\n\r\n## Supported CMSs:\r\n\r\nCMSeeK currently can detect **170+** CMS. Check the list here: [cmss.py](https://github.com/Tuhinshubhra/CMSeeK/blob/master/cmseekdb/cmss.py) file which is present in the `cmseekdb` directory.\r\nAll the cmss are stored in the following way:\r\n```\r\n cmsID = {\r\n   'name':'Name Of CMS',\r\n   'url':'Official URL of the CMS',\r\n   'vd':'Version Detection (0 for no, 1 for yes)',\r\n   'deeps':'Deep Scan (0 for no 1 for yes)'\r\n }\r\n```\r\n\r\n## Scan Result:\r\n\r\nAll of your scan results are stored in a json file named `cms.json`, you can find the logs inside the `Result\\\u003cTarget Site\u003e` directory, and as of the bruteforce results they're stored in a txt file under the site's result directory as well.\r\n\r\nHere is an example of the json report log:\r\n\r\n![Json Log](https://i.imgur.com/5dA9jQg.png)\r\n\r\n## Bruteforce Modules:\r\n\r\nCMSeek has a modular bruteforce system meaning you can add your custom made bruteforce modules to work with cmseek. A proper documentation for creating modules will be created shortly but in case you already figured out how to (pretty easy once you analyze the pre-made modules) all you need to do is this:\r\n\r\n1. Add a comment exactly like this `# \u003cName Of The CMS\u003e Bruteforce module`. This will help CMSeeK to know the name of the CMS using regex\r\n\r\n2. Add another comment `### cmseekbruteforcemodule`, this will help CMSeeK to know it is a module\r\n\r\n3. Copy and paste the module in the `brutecms` directory under CMSeeK's directory\r\n\r\n4. Open CMSeeK and Rebuild Cache using `R` as the input in the first menu.\r\n\r\n5. If everything is done right you'll see something like this (refer to screenshot below) and your module will be listed in bruteforce menu the next time you open CMSeeK.\r\n\r\n\u003cp align='center'\u003e\r\n  \u003cimg alt=\"Cache Rebuild Screenshot\" width=\"600px\" src=\"https://i.imgur.com/yhdzTYr.png\" /\u003e\r\n\u003c/p\u003e\r\n\r\n## Need More Reasons To Use CMSeeK?\r\n\r\nIf not anything you can always enjoy exiting CMSeeK *(please don't)*, it will bid you goodbye in a random goodbye message in various languages.\r\n\r\nAlso you can try reading comments in the code those are pretty random and weird!!!\r\n\r\n## Screenshots:\r\n\r\n\u003cp align=\"center\"\u003e\r\n  \u003cimg alt=\"Main Menu\" src=\"https://i.imgur.com/Eij6QvX.png\" /\u003e\r\n  \u003cbr\u003e\u003cem\u003eMain Menu\u003c/em\u003e\u003cbr\u003e\r\n  \u003cimg alt=\"Scan Result\" src=\"https://i.imgur.com/u0iyLdB.png\" /\u003e\r\n  \u003cbr\u003e\u003cem\u003eScan Result\u003c/em\u003e\u003cbr\u003e\r\n  \u003cimg alt=\"WordPress Scan Result\" src=\"https://i.imgur.com/cOtCJLj.png\" /\u003e\r\n  \u003cbr\u003e\u003cem\u003eWordPress Scan Result\u003c/em\u003e\u003cbr\u003e\r\n\u003c/p\u003e\r\n\r\n## Guidelines for opening an issue:\r\n\r\nPlease make sure you have the following info attached when opening a new issue:\r\n- Target\r\n- Exact copy of error or screenshot of error\r\n- Your operating system and python version\r\n\r\n**Issues without these informations might not be answered!**\r\n\r\n## Disclaimer:\r\n\r\n**Usage of CMSeeK for testing or exploiting websites without prior mutual consistency can be considered as an illegal activity. It is the final user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program.**\r\n\r\n## License:\r\n\r\nCMSeeK is licensed under [GNU General Public License v3.0](https://github.com/Tuhinshubhra/CMSeeK/blob/master/LICENSE)\r\n\r\n## Follow Me @r3dhax0r:\r\n\r\n[Twitter](https://twitter.com/r3dhax0r)   \r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FTuhinshubhra%2FCMSeeK","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FTuhinshubhra%2FCMSeeK","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FTuhinshubhra%2FCMSeeK/lists"}