Artur Tyksinski - Sysadmin Blog

Artur Tyksinski - Sysadmin Blog


System Administration Blog by Artur Tyksinski. I talk about anything and everything technology. Mostly Virtualization, MSP, Cyber Security and Linux.

Share


Tags


avrt
Artur Tyksinski - Sysadmin Blog

Scanning WordPress for Vulnerabilities

CMSMap is a python based, open source CMS (Content Management System) scanner that automates the process of detecting security flaws. This guide shows you how to use it on Kali Linux. This will allow you to scan your own (or others) WordPress installations for public vulnerabilities.

Artur TyksinskiArtur Tyksinski

CMSMap is a python based, open source CMS (Content Management System) scanner that automates the process of detecting security flaws. This guide shows you how to use it on Kali Linux. This will allow you to scan your own (or others) WordPress installations for public vulnerabilities.

CMSMap Usage

Below you will find the basic commands to scan WordPress, Joomla and Drupal sites for vulnerabilities. I recommend using CMSMap in conjunction with WPScan for the best results. After downloading CMSMap from Github, you should go to the directory the python script is in and issue the following command:

./cmsmap.py url.tld

If you receive a prompt that 'ExploitDB and CMSmap plugins are not updated to the latest version' ensure that you update it before going further.

While the plugins are updating, you should see something along these lines:

CMSMap on Kali Linux updating plugins and ExploitDB

Once everything is done updating, re-run the command again. Patiently wait for your results and go from there. That's all there is to scanning WordPress for vulnerabilities.

View Comments