Penetration Testing mailing list archives
[TOOL] CMS Explorer
From: Chris Sullo <csullo () sunera com>
Date: Thu, 01 Apr 2010 14:49:29 -0400
CMS Explorer is designed to reveal the the specific modules, plugins and themes that various Content Management System (CMS) driven web sites are running. It can also assist security testing by looking up related vulnerabilities in osvdb.org, as well as revealing otherwise "hidden" files available with components. Features include: - Support for Wordpress, Drupal, Joomla! and Mambo plugins & themes - OSVDB.org API search for potential vulnerabilities in found components - Explore discovered components by getting file lists directly from the code repo - Bootstrap a scan proxy (such as Burp) with all found files - Easy update for newest Drupal/Wordpress components - Distinct proxy setup for scanning and bootstrapping Download and Usage: http://code.google.com/p/ More about CMS Explorer: http://security.sunera.com/2010/03/cms-explorer-or-whats-that-cms-running.html -- Chris Sullo http://security.sunera.com/ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- [TOOL] CMS Explorer Chris Sullo (Apr 05)