How to Detect CMS Running on Target Website

WHAT IS CMS?

CMS stands for Content Management Systems. CMS provide to help webmaster processing their website easier, it is also the most critical success of every website. A content management system support creation, management, distribution, publishing and discovery of corporate information. It is also provide the ability to manage structure of the site pages or contents, appearance, and navigation. You may familiar with these most famous CMS :

• WordPress
• Joomla
• Drupal
• Etc.

I will not explain more detail about CMS here, our main focus here is how could we know or identify if website has certain CMS on it. That’s it, by knowing what CMS running or target, we could then processing for further penetration test. Such scan if the target has vulnerabilities on that CMS version or on others functionality like plugin, etc.

HOW TO SCAN WEBSITE CMS?

I will show you tools which is useful to gain information especially of course to identify it’s CMS. Kali linux actually has this built-in tool. It is whatweb, therefore whatweb is just collecting a general information, it is also able to detect the CMS on site running. Other tool which is designed to this particular purpose is called CMSmap. You need to install it before to use it later.

DETECT WEBSITE CMS WITH WHATWEB

STEP 1: Open Terminal, fire up whatweb

Lets just read what this tool is able to do, run this command to display the help message.

 whatweb -h

You can read it by yourself, anyway, whatweb has a lot information on that.

STEP 2: Scan the target

Although whatweb has a lot arguments to use, we could just simply run this command pattern to simplify our progress.

$ whatweb [url]

As shown above, the target has wordpress installed on his server. Easy right? just as simple as that. Next i will show you the other tool i mentioned earlier, CMSmap.

DETECT WEBSITE CMS WITH CMSmap

STEP 1: Installing CMSmap

Enter the following command to download CMSmap tool:

 git clone https://github.com/Dionach/CMSmap.git

STEP 2

After you downloaded CMSmap files, now enter CMSmap directory using cd.

CMSmap is written using python V2, you might notice some errors if you run CMSmap using python V3 or latest. Run CMSmap using this command

root@localhost:/home/TheHackToday/CMSmap# python2.7 cmsmap.py
CMSmap tool v0.6 - Simple CMS Scanner
Author: Mike Manzotti mike.manzotti@dionach.com
Usage: cmsmap.py -t <URL>
Targets:
-t, --target target URL (e.g. 'https://example.com:8080/')
-f, --force force scan (W)ordpress, (J)oomla or (D)rupal
-F, --fullscan full scan using large plugin lists. False positives and slow!
-a, --agent set custom user-agent
-T, --threads number of threads (Default: 5)
-i, --input scan multiple targets listed in a given text file
-o, --output save output in a file
--noedb enumerate plugins without searching exploits
Brute-Force:
-u, --usr username or file
-p, --psw password or file
--noxmlrpc brute forcing WordPress without XML-RPC

Post Exploitation:
-k, --crack password hashes file (Require hashcat installed. For WordPress and Joomla only)
-w, --wordlist wordlist file

Others:
-v, --verbose verbose mode (Default: false)
-U, --update (C)MSmap, (W)ordpress plugins and themes, (J)oomla components, (D)rupal modules, (A)ll
-h, --help show this help

Examples:
cmsmap.py -t https://example.com
cmsmap.py -t https://example.com -f W -F --noedb
cmsmap.py -t https://example.com -i targets.txt -o output.txt
cmsmap.py -t https://example.com -u admin -p passwords.txt
cmsmap.py -k hashes.txt -w passwords.txt

CMSmap is able to scan multiple target listed on file, and scan availabe plugins. By the way this tool kinda outdated, i dont know why the developer of this tool does not improve CMSmap again, since 2015 i guess. But it is useful thou in other way.
So, after you already known what CMS is running, then your next step is to scan the vulnerability against it’s CMS. If you are lucky you may found some bugs which are able to be exploited further. I remain you to be a good person, OK