CMS Explorer v1.0 released - Discover the CMS components behind the site -

CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.

Additionally, CMS Explorer can be used to aid in security testing. While it performs no direct security checks, the "explore" option can be used to reveal hidden/library files which are not typically accessed by web clients but are nonetheless accessible. This is done by retrieving the module’s current source tree and then requesting those file names from the target system. These requests can be sent through a distinct proxy to help "bootstrap" security testing tools like Burp, Paros, Webinspect, etc.

CMS Explorer can also search OSVDB for vulnerabilities with the installed components.

CMS Explorer currently supports module/theme discovery with the following products:

  • Drupal
  • Wordpress
  • Joomla!
  • Mambo

And exploration of the following products:

  • Drupal
  • Wordpress


  • Getopt::Long perl module
  • LibWhisker (LW2) included, or from
  • OSVDB API Key (optional):


  • -bsproxy+ : Proxy to route findings through (format: host:ip or http://host:ip/, default port 80)
  • -explore : Look for files in the theme/plugin dir
  • -osvdb : Search for vulnerabilities
  • -plugins : Look for plugins (default: on)
  • -pluginfile+ : Plugin file list
  • -proxy+ : Proxy for requests (format: host:ip or http://host:ip/, default port 80)
  • -themes : Look for themes (default: on)
  • -themefile+ : Theme file list (default: themes.txt)
  • -type+* : CMS type: Drupal, Wordpress, Joomla, Mambo
  • -update : Update lists from Wordpress/Drupal (over-writes text files)
  • -url+* : Full url to app’s base directory
  • -verbosity+ : 1-3


  • Plugin and theme names are from the base directory checked-in to the Wordpress or Drupal repo. In some cases, this top-level directory does *not* match the install directory name.
  • Joomla! and Mambo do not have central repos for plugins or themes, so they must be manually gathered. If you have a list, or even a few, send them over or commit them to the source tree!

More information: here