Module 10 · CMS Scanning¶
Flag: --skip-cms
Detects the CMS powering the target and runs the appropriate scanner.
Detection¶
The module detects CMS by analysing the response body and headers for known fingerprints:
| CMS | Detection signals |
|---|---|
| WordPress | wp-content, wp-includes, wordpress in body/headers |
| Drupal | sites/all/modules, Drupal.settings, X-Generator: Drupal |
| Joomla | /media/jui, generator: Joomla, cookie names |
| Magento | Mage.Cookies, /skin/frontend, magento |
WordPress (wpscan)¶
wpscan is run with:
| Mode | Flags |
|---|---|
| Normal | --url <target> --no-banner --format json |
| Aggressive | --enumerate ap,at,cb,dbe,u --plugins-detection aggressive |
Parsed results:
| Condition | Severity |
|---|---|
| Plugin vulnerabilities found | HIGH |
| Theme vulnerabilities found | MEDIUM |
| Users enumerable via REST API | MEDIUM |
WordPress-specific path probes:
| Path | Condition | Severity |
|---|---|---|
/xmlrpc.php | Accessible | MEDIUM |
/wp-json/wp/v2/users | Returns user list | MEDIUM |
/wp-content/debug.log | Accessible | HIGH |
/?author=1 | Author enumeration works | LOW |
/wp-login.php | Accessible | INFO |
Drupal / Joomla (droopescan)¶
droopescan is used for Drupal and Joomla targets, detecting:
- Core version and known vulnerabilities
- Installed plugins/modules with known CVEs
- Themes