CMSMap is a python based, open source CMS (Content Management System) scanner that automates the process of detecting security flaws. This guide shows you how to use it on Kali Linux. This will allow you to scan your own (or others) WordPress installations for public vulnerabilities.

CMSMap Usage

Below you will find the basic commands to scan WordPress, Joomla and Drupal sites for vulnerabilities. I recommend using CMSMap in conjunction with WPScan for the best results. After downloading CMSMap from Github, you should go to the directory the python script is in and issue the following command:

./cmsmap.py url.tld

If you receive a prompt that 'ExploitDB and CMSmap plugins are not updated to the latest version' ensure that you update it before going further.

While the plugins are updating, you should see something along these lines:

CMSMap on Kali Linux updating plugins and ExploitDB

Once everything is done updating, re-run the command again. Patiently wait for your results and go from there. That's all there is to scanning WordPress for vulnerabilities.