Content Management System (CMS)

PreviousWeb Application Firewall (WAF)NextOther technologies

Last updated 3 years ago

Was this helpful?

Content Management System (CMS)

Theory

A Content Management System (CMS) is a type of software widely used for websites creation and management. It the allows its users to easily create and manage websites such as blogs, forums and online stores. Among web applications, the large usage of CMS makes those software a huge target.

Here is a shortlist of the most common CMS: , , , , , .

Practice

The use of a CMS on a web application is usually quite easy to spot with visual elements:

Credits at the bottom or corner of pages
HTTP headers
Common files (e.g. robots.txt, sitemap.xml)
Comments and metadata (HTML, CSS, JavaScript)
Stack traces and verbose error messages

Automated scanning tools can also help identify which technologies are used, and if known vulnerabilities may be present. Tools vary depending on the CMS technology to audit.

(Ruby) can be used for sites that use WordPress
(Python) supports Drupal, SilverStripe and WordPress and partially supports Joomla and Moodle.
is a browser extension that can detect the use of certain software including CMS
can help answering the question "What CMS is this site using?" but needs the target website to be accessible from the Internet.

# simple scan (no exploitation)
wpscan --url $URL

# enumerate users
wpscan --url $URL --enumerate u

# enumerate a range of users
wpscan --url $URL --enumerate u1-100

# bruteforce a user
wpscan --url $URL --username $username --passwords "/path/to/wordlist.txt"

# enumerate and bruteforce users
wpscan --url $URL --enumerate u --passwords "/path/to/wordlist.txt"

# CMS identification
droopescan scan -u $URL

# Basic scan (known CMS)
droopescan scan $cms_name -u $URL

PreviousWeb Application Firewall (WAF)NextOther technologies

Last updated 3 years ago

Was this helpful?

Theory

Here is a shortlist of the most common CMS: , , , , , .

Practice

The use of a CMS on a web application is usually quite easy to spot with visual elements:

Credits at the bottom or corner of pages

HTTP headers

Common files (e.g. robots.txt, sitemap.xml)

Comments and metadata (HTML, CSS, JavaScript)

Stack traces and verbose error messages

Automated scanning tools can also help identify which technologies are used, and if known vulnerabilities may be present. Tools vary depending on the CMS technology to audit.

(Ruby) can be used for sites that use WordPress

(Python) supports Drupal, SilverStripe and WordPress and partially supports Joomla and Moodle.

is a browser extension that can detect the use of certain software including CMS

can help answering the question "What CMS is this site using?" but needs the target website to be accessible from the Internet.

For web applications built with WordPress, (Ruby) can be used to enumerate information and potential vulnerabilities. Appart from bruteforce and enumeration operations, WPScan doesn't implement exploits.

# simple scan (no exploitation)
wpscan --url $URL

# enumerate users
wpscan --url $URL --enumerate u

# enumerate a range of users
wpscan --url $URL --enumerate u1-100

# bruteforce a user
wpscan --url $URL --username $username --passwords "/path/to/wordlist.txt"

# enumerate and bruteforce users
wpscan --url $URL --enumerate u --passwords "/path/to/wordlist.txt"

For web applications built with Drupal, SilverStripe, WordPress, Joomla or Moodle, (Python) can be used to enumerate information and potential vulnerabilities. Apart from bruteforce and enumeration operations, WPScan doesn't implement exploits.

# CMS identification
droopescan scan -u $URL

# Basic scan (known CMS)
droopescan scan $cms_name -u $URL