CMSMAP

Vulnerability Detector

CMSMap aims to be a centralized solution for not only one, but up to four of the most popular CMS in terms of vulnerability detection, Unlike WPScan. It is an open source project written in Python that helps automate the process of vulnerability scanning and detection in WordPress, Joomla, Drupal, and Moodle.This tool is not only useful for detecting security flaws in these four popular CMS but also for running actual brute force attacks and launching exploits once a vulnerability has been found.

It is a multithreading tool, and by default is set to 5 threads. This is to reduce the likelihood of causing denial of service on the target website. However, there is an option that allows a user to increase the number of threads, and thus the speed of scanning.

It is meant to be easy to use, in sense that the only mandatory option is the target URL. However, CMSmap includes a brute-forcing module as well. If the user wants to run a brute-forcing attack, password/username files must be provided along with the URL. By default, Drupal is the only CMS that will lockout user accounts after a certain number of failed attempts. This means that unless a specific security plugin is installed you are pretty much free to brute force WordPress and Joomla login forms.

DOWNLOADS

No Official Website

SYSTEM REQUIREMENTS

RAM : Minimum 512MB (Recommended: 1GB)

Storage : Minimum 10MB (for installation), additional space for project files

OS : macOS 10.5.0 or higher, modern Linux (Windows support via Cygwin, but not officially supported)

Architecture : Supports both 32-bit and 64-bit architectures

Available On : PC


ADDITIONAL INFORMATION

Published By

Mike Manzotti

Release Date

February 2006

Approximate Size

444.53 KB for Archives.

Publisher Info

CMSmap is maintained by Dionach and a community of contributors

Supported Languages

English

Last Update

May 2024 (Version 1.0)

Programming Language

Python

Operating System

Cross-platform (macOS, Linux)

License

GNU General Public License (GPL)

  • Supports multiple scan threats
  • Ability to set custom user-agent and header
  • Support for SSL encryption.
  • Verbose mode for debugging purposes
  • Saves output in a text file.
  • Open-source Python-based CMS scanner
  • Automates security flaws detection in popular CMSs
  • Suports WordPress, Joomla, Drupal, and Moodle
  • Early-stage project,may have bugs or missing features

  1. CMSMap will then scan the specified URL, detect the CMS platform in use, and search for vulnerabilities. The tool displays the vulnerabilities it finds, along with an indicator of their severity rating ([I] for informational, [L] for low, [M] for medium, and [H] for high).
  2. CMSMap also offers additional options, such as -f to force a scan for a specific CMS platform (WordPress, Joomla, or Drupal) and -F for a full scan using large plugin lists. Be aware that using the -F option may result in false positives and slower scans.
  3. Overall, CMSMap is a useful tool for detecting vulnerabilities in popular CMS platforms, and it can also be used to perform brute force attacks and launch exploits once a vulnerability has been found.

  • Automates CMS security scanning : CMSMap automates the process of detecting security flaws in popular CMS platforms, saving time and effort for security analysts and developers.
  • Supports multiple CMS platforms : CMSMap supports WordPress, Joomla, Drupal, and Moodle, making it a versatile tool for CMS security scanning.
  • Autodetects the CMS used : CMSMap has the ability to autodetect the CMS used by the target site, making it easier to initiate a scan.
  • Displays vulnerabilities with severity ratings : CMSMap displays the vulnerabilities it finds preceded by an indicator of the severity rating ([I] for informational, [L] for low, [M] for medium, and [H] for high), allowing users to prioritize remediation efforts.
  • Customizable options : CMSMap provides various command-line options to customize the scanning process, such as setting a custom user-agent, adding custom headers, scanning multiple targets, saving output in a file, and more.
  • Brute-force and password cracking : CMSMap offers brute-force attack capabilities using username and password files, as well as the ability to crack password hashes using hashcat (for WordPress and Joomla only).

  1. Simple Scan : Scan a single target URL (e.g., https://example.com:8080/) using the default settings : cmsmap.py https://example.com
  2. Force Scan : Force scan a specific CMS platform (W=WordPress, J=Joomla, D=Drupal) : cmsmap.py https://example.com -f W
  3. Full Scan : Perform a full scan using large plugin lists ( Warning: may produce false positives and is slow) : cmsmap.py https://example.com -F
  4. Brute-forcing : Attack a WordPress or Joomla target using a password/username file : cmsmap.py https://example.com -u admin -p passwords.txt
  5. Multiple Targets : Scan multiple targets listed in a given text file : cmsmap.py -i targets.txt -o output.txt
Important Notes
  • Usage of CMSMap for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state, and federal laws.
  • The tool is still in an early state, and you may encounter bugs, flaws, or malfunctions. Use it at your own risk.
  • Be cautious when using brute-forcing and password cracking features, as they can potentially harm the target system or compromise user data.

  • python3
  • python3-requests

Terminal Installation Commands ...

$ sudo apt update

$ git clone https://github.com/Dionach/CMSmap.git

GUI Installation Steps ...
Linux
  • Clone the repository : git clone https://github.com/Dionach/CMSmap.git.
  • Navigate to the directory : cd CMSmap.
  • Install using Python : sudo python3 setup.py install.
  • Run the tool : python3 cmsmap.py -h.
Windows
  • Download the repository from GitHub : git clone https://github.com/Dionach/CMSmap.git.
  • Extract the files and navigate to the folder.
  • Install Python if not already installed.
  • Use the command prompt to run the setup file : python setup.py install.
MacOS
  • Clone the repository : git clone https://github.com/Dionach/CMSmap.git.
  • Navigate to the directory : cd CMSmap.
  • Install using Python : sudo python3 setup.py install.
  • Run the tool : python3 cmsmap.py -h.

Terminal Uninstallation Commands ...

$ pip3 uninstall cmsmap

$ sudo apt autoclean && apt autoremove

GUI Uninstallation Steps ...
Linux
  • Use the command : pip3 uninstall cmsmap -y.
  • Alternatively, remove the files manually from the directory where CmsMap was installed.
Windows
  • Open Control Panel and navigate to "Uninstall a Program."
  • Locate CmsMap and uninstall it.
  • Alternatively, use the command : msiexec /x <PROGRAM_NAME>.msi /q
MacOS
  • Drag the application to the Trash.
  • Remove associated files manually from the ~/Library folder.
  • Alternatively, use a third-party uninstaller like AppCleaner.

Copyright © 2025 HACKERSPOT

All original content, including tools, software, and other information, is protected by copyright and remains the property of its respective owners.

Subscribe for more Information
HACKERSPOT

HackerSpot is an informational platform that offers resources such as tools, software, courses, internships, and various other materials aimed at supporting individuals passionate about CyberSecurity and IT.

About Us
Docs / Links

Documentation

Tools

Softwares

Operating Systems

Learning

Courses

Internships

Virtual Labs

Colleges

Youtube Channels

Resources

Devices & Hardware

Browsers

Cyber Threat Maps

Other Resources

Contacts

Bapatla, Andhrapradesh, India 237101

bablunannam@gmail.com

+91 7995819235