ajinabraham/CMSScan ajinabraham/CMSScan

  • Stars
    star
    913
  • Rank 48,275 (Top 1.0 %)
  • Language
    CSS
  • License
    GNU General Publi...
  • Created over 5 years ago
  • Updated about 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
ajinabraham/CMSScan
github

ajinabraham

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues

CMSScan

Scan WordPress, Drupal, Joomla, vBulletin websites for Security issues.

platform License python Rawsec's CyberSecurity Inventory

Made with Love in India

CMSScan provides a centralized Security Dashboard for CMS Security scans. It is powered by wpscan, droopescan, vbscan and joomscan. It supports both on demand and scheduled scans and has the ability to sent email reports.

Install

# Requires ruby, ruby-dev, gem, libwww-perl, python3.6+ and git
git clone https://github.com/ajinabraham/CMSScan.git
cd CMSScan
./setup.sh

Run

./run.sh

Periodic Scans

You can perform periodic CMS scans with CMSScan. You must run CMSScan server separately and configure the following before running the scheduler.py script.

# SMTP SETTINGS
SMTP_SERVER = ''
FROM_EMAIL = ''
TO_EMAIL = ''

# SERVER SETTINGS
SERVER = ''

# SCAN SITES
WORDPRESS_SITES = []
DRUPAL_SITES = []
JOOMLA_SITES = []
VBULLETIN_SITES = []

Add a cronjob

crontab -e
@weekly /usr/bin/python3 scheduler.py

Basic Auth

By default there is no authentication. To enable basic auth, configure the following in app.py

app.config['BASIC_AUTH_USERNAME'] = 'admin'
app.config['BASIC_AUTH_PASSWORD'] = 'password'
app.config['BASIC_AUTH_FORCE'] = True

Docker

Local

docker build -t cmsscan .
docker run -it -p 7070:7070 cmsscan

Prebuilt Image

docker pull opensecurity/cmsscan
docker run -it -p 7070:7070 opensecurity/cmsscan

Screenshots

More Repositories

1

nodejsscan

nodejsscan is a static security code scanner for Node.js applications.
CSS
2,233
star
2

OWASP-Xenotix-XSS-Exploit-Framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.
Python
502
star
3

Xenotix-Python-Keylogger

Xenotix Python Keylogger for Windows.
Python
451
star
4

njsscan

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
JavaScript
314
star
5

Node.Js-Security-Course

Contents for Node.Js Security Course
JavaScript
313
star
6

Droid-Application-Fuzz-Framework

Android application fuzzing framework with fuzzers and crash monitor.
HTML
270
star
7

WebAppSec

Web Application Security
Python
120
star
8

Static-DOM-XSS-Scanner

Static DOM XSS Scanner is a Static Analysis tool written in python that will iterate through all the JavaScript and HTML files under the given directory and will list out all the possible sources and sinks that may cause DOM XSS. At the end of the scan, the tool will generate an HTML report.
Python
116
star
9

libsast

Generic SAST Library
Python
105
star
10

Xenotix-APK-Reverser

Xenotix APK Reverser is an OpenSource Android Application Package (APK) decompiler and disassembler powered by dex2jar, baksmali and jd-core.
Python
76
star
11

aws_security_tools

Scripts and tools for AWS Pentest
Python
51
star
12

PoC

Proof of Concepts, Exploits
Python
28
star
13

Xenotix-xBOT

Xenotix xBOT is a Cross Platform PoC Bot that abuse certain Google Services to implement it's C&C
Python
27
star
14

njsscan-action

nodejsscan Github Action
Dockerfile
20
star
15

WhatsApp-AutoClean

WhatsApp AutoClean is an android app that removes all WhatsApp media (images, videos, sound etc) and hide them from being shown in Gallery
Java
16
star
16

tizen-security

Tools made for Tizen Security Analysis
Python
14
star
17

Exploit-Research-Ported

Exploit Research & Development - Ported Exploits
Python
11
star
18

package_scan

PoC: Python package static and dynamic analysis to detect environment variable stealing
Python
10
star
19

node.js-simple-https-server

A simple HTTPS server that uses self signed certificate. Useful for PoC purposes
JavaScript
8
star
20

JSComm-API-Hooker

Tool to hook all communication APIs including XHR/XHR2, WebSockets, Web Workers, PostMessage and Server Sent Events
JavaScript
8
star
21

bad_python_extract

A vulnerable web application written in Python Flask to demonstrate insecure file extraction
Python
8
star
22

Android-SSL-Certificate-Pinning

A sample android application implementing Moxie's Certificate Pinning Library
Java
8
star
23

Vulnerable_Tornado_App

An intentionally vulnerable web application written in Python using Tornado
CSS
7
star
24

OpSec-Firefox-Addon-Exploit-Suite

OpSec Firefox Addon Exploit Suite is a POC application that demonstrate various flaws in the Firefox Add-on Security Model.
Visual Basic
7
star
25

OAuth-Request-Crafter

OAuth Request Crafter
Visual Basic
7
star
26

poc-rogue

Python
4
star
27

python-hash-calculator

Python Hash Calculator
4
star
28

simple-php-browser-detection

Simple PHP script to get browser details.
3
star
29

SafeDOM

A failed attempt to prevent DOM XSS.
JavaScript
2
star
30

YouPlay

Media Server that dumps youtube playlist into mp3
Python
2
star
31

ctf

HTML
1
star
32

Google-Voice-on-Zenwatch-3-button

Google Voice on ZenWatch 3 crown button
Java
1
star
33

codeql-uboot

CodeQL
1
star
34

NoSQLi-Vulnerable-App

NoSQLi Vulnerable App
HTML
1
star
35

PebbleWatch-LocateMe

Pebble App that Locates You
JavaScript
1
star