CMS Explorer v1.0 released - Discover the CMS components behind the site -

In: Application Scanner , CMS Explorer , Configurations checks , Footprinting , Information Gathering

2 April 2010

CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.

Additionally, CMS Explorer can be used to aid in security testing. While it performs no direct security checks, the "explore" option can be used to reveal hidden/library files which are not typically accessed by web clients but are nonetheless accessible. This is done by retrieving the module’s current source tree and then requesting those file names from the target system. These requests can be sent through a distinct proxy to help "bootstrap" security testing tools like Burp, Paros, Webinspect, etc.

CMS Explorer can also search OSVDB for vulnerabilities with the installed components.

CMS Explorer currently supports module/theme discovery with the following products:

Drupal
Wordpress
Joomla!
Mambo

And exploration of the following products:

Drupal
Wordpress

Requirements

Getopt::Long perl module
LibWhisker (LW2) included, or from http://www.wiretrip.net/rfp/lw.asp
OSVDB API Key (optional): http://osvdb.org/api/about

Options

-bsproxy+ : Proxy to route findings through (format: host:ip or http://host:ip/, default port 80)
-explore : Look for files in the theme/plugin dir
-osvdb : Search OSVDB.org for vulnerabilities
-plugins : Look for plugins (default: on)
-pluginfile+ : Plugin file list
-proxy+ : Proxy for requests (format: host:ip or http://host:ip/, default port 80)
-themes : Look for themes (default: on)
-themefile+ : Theme file list (default: themes.txt)
-type+* : CMS type: Drupal, Wordpress, Joomla, Mambo
-update : Update lists from Wordpress/Drupal (over-writes text files)
-url+* : Full url to app’s base directory
-verbosity+ : 1-3

Limitations

Plugin and theme names are from the base directory checked-in to the Wordpress or Drupal repo. In some cases, this top-level directory does *not* match the install directory name.
Joomla! and Mambo do not have central repos for plugins or themes, so they must be manually gathered. If you have a list, or even a few, send them over or commit them to the source tree!

More information: here

Post scriptum

Download

Compliance Mandates

Application Scanner :
PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

Application Scanner	10 May 2010 : SQLNinja v0.2.5 released! 1 May 2010 : WhatWeb just updated to v0.4.2 29 April 2010 : WhatWeb v0.4.1 - released 28 April 2010 : NSIA (Network System Integrity Analysis) v0.8.99 released 26 April 2010 : Acunetix WVS v6.5 build 20100419 released
CMS Explorer	2 April 2010 : CMS Explorer v1.0 released - Discover the CMS components behind the site (...)
Configurations checks	10 May 2010 : WebTest 1.2.1 - Testing Web Application with Python 1 May 2010 : Lansweeper v4.0 released 1 May 2010 : Sysinternal AccessChk v5.0 released 1 May 2010 : Spiceworks v4.7 build 50667 released 25 April 2010 : Testing the systems highload with StressLinux v0.5.111
Footprinting	20 January 2010 : Nmap v5.20 released 26 December 2009 : Nmap 5.10BETA2 released : Citrix scanning & xmas greetings 24 November 2009 : Nmap 5.10BETA1 released 18 October 2009 : Binging beta released - Footprinting and Discovery Tool with Bing - 21 June 2009 : Xprobe-NG announced for July 2009
Information Gathering	12 May 2010 : MetaGoofil v1.4b released 1 May 2010 : OpenDLP v0.1 released 26 April 2010 : (update) Foca v2.0.1: in the wild 25 April 2010 : Skipfish v1.33b released 9 April 2010 : CSniffer Command Line Network Sniffer v1.0.0.3 released