[合集]CMS渗透测试工具
小编:此次小编为大家带来了CMS渗透工具合集,包括Joomla,wordpress等著名CMS的安全检测工具,本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
Joomscan [611 joomla vulnerabilities database]
Joomscan is a tool for testing vulnerabilities on websites that use ‘Joomla’. This application allows you to view or Test the website on XSS attacks, SQL Injection, LFI, RFI, Bruteforce, etc.
Manual:
http://web-center.si/Navodila-za-uporabo-win.pdf [windows]
http://web-center.si/navodilazauporabo.pdf
Joomla Security Scanner v.1.0
PenTest for XSS, SQL-Inj, CSRF, Brute Force, RFI and LFI.
JComScanner[Joomla插件识别]
Scanner components Joomla.
Use:
Code:
./jscan.py http://joomla.org ./mycomponent_list.txt
With a timeout:
Code:
./jscan.py http://joomla.org ./mycomponent_list.txt 10
#!/usr/bin/env python
import os
import time
import random
import urllib2 as u2
import argparse as ap
sub_url = "/components/"
#------------------------------------------------------
# Args set
def add_args():
p = ap.ArgumentParser()
p.add_argument("-u", help = "Remote site URL")
p.add_argument("-f", help = "Joomla components list file")
p.add_argument("-t", help = "Timeout (sec)")
p.add_argument("-T", help = "Randomization timeout (from 0 to N)")
p.add_argument("-p", help = "HTTP Proxy server (PROXY:PORT)(example: 127.0.0.1:1080)")
return p.parse_args(), p
#------------------------------------------------------
#------------------------------------------------------
# Timeout
def timeout(args):
if args.T:
time.sleep(random.randint(0, int(args.T)))
elif args.t:
time.sleep(int(args.t))
#------------------------------------------------------
#------------------------------------------------------
# Scan through HTTP server
def scan_through_proxy(args, com_name, op):
try:
url = args.u + sub_url + com_name
op.open(url)
except:
raise
return True
#------------------------------------------------------
#------------------------------------------------------
# Scan directly
def scan(args, com_name):
try:
url = args.u + sub_url + com_name
req = u2.Request(url)
u2.urlopen(req)
except:
raise
return True
#------------------------------------------------------
a, p = add_args()
if not a.u or not a.f:
p.print_usage()
p.exit()
else:
if a.u.find("http://") < 0 and a.u.find("HTTP://") < 0:
a.u = "http://" + a.u
if not os.access(a.f, os.F_OK):
print "File {} does not exit or permission denied".format(a.f)
exit()
print "[Joomla components scanner by R0nin]\n"
print "[+] Host:", a.u
try:
if not a.p:
with open(a.f) as com_file:
for line in com_file:
line = line.strip("\r\n")
try:
scan(a, line)
except u2.HTTPError as he:
if he.code == 404:
print "Component: " + line.ljust(40,' ') + "[Not found]"
except u2.URLError as ue:
print "Exception: " + ue.reason
else:
print "Component: " + line.ljust(40,' ') + "[OK]"
timeout(a)
else:
if a.p.find("http://") < 0 and a.p.find("HTTP://") < 0:
a.p = "http://" + a.p
prx = u2.ProxyHandler({"http":a.p})
op = u2.build_opener(prx)
u2.install_opener(op)
print "[Scan via HTTP proxy {}]\n".format(a.p)
with open(a.f) as com_file:
for line in com_file:
line = line.strip("\r\n")
try:
scan_through_proxy(a, line, op)
except u2.HTTPError as he:
if he.code == 404:
print "Component: " + line.ljust(40,' ') + "[Not found]"
except u2.URLError as ue:
print "Exception: " + ue.reason
else:
print "Component: " + line.ljust(40,' ') + "[OK]"
timeout(a)
except KeyboardInterrupt:
print "\nInterrupted by user (CTRL+C or Delete)"
exit()
except:
print "Uknown exception: exit..."
exit()
else:
print "\n[Sucess]\n"
exit()
my_component.txt:
com_aardvertiser com_addressbook com_adsmanager com_advertising com_alameda com_alfurqan15x com_allcinevid com_alphauserpoints com_amblog com_annonces com_answers com_appointinator com_arcadegames com_archeryscores com_artforms com_articleman com_beamspetition com_beeheard com_bfquiztrial com_biblioteca com_billyportfolio com_blogfactory com_booklibrary com_btg_oglas com_caddy com_calcbuilder com_camp com_cbe com_ccboard com_ccinvoices com_ccrowdsource com_cgtestimonial com_chronocontact com_cinema com_ckforms com_clan com_clanlist com_clantools com_connect com_content com_cvmaker com_dateconverter com_dcnews com_delicious com_diary com_dioneformwizard com_discussions com_djartgallery com_drawroot com_dshop com_education_classess com_elite_experts com_eportfolio com_equipment com_esearch com_event com_extcalendar com_ezautos com_fabrik com_flashgames com_flexicontent com_flipwall com_forme com_g2bridge com_gadgetfactory com_gamesbox com_gantry com_gbufacebook com_golfcourseguide com_google com_graphics com_grid com_hello com_hmcommunity com_horoscope com_huruhelpdesk com_idoblog com_if_surfalert com_img com_iproperty com_jacomment com_jce com_jdirectory com_jdownloads com_jdrugstopics com_jeauto com_jedirectory com_jeemasms com_jefaqpro com_jeguestbook com_jejob com_jepoll com_jequoteform com_jesectionfinder com_jestory com_jesubmit com_jfuploader com_jgen com_jgrid com_jimtawl com_jmarket com_jmsfileseller com_jnewsletter com_jnewspaper com_joltcard com_jomdocs com_jomsocial com_jomtube com_joomdle com_joomdocs com_joomla-visites com_joomnik com_joomradio com_joomtouch com_jphone com_jp_jobs com_jquarks4s com_jradio com_jscalendar com_jsjobs com_jstore com_jsubscription com_jsupport com_jtickets com_jtm com_konsultasi com_lead com_listbingo com_listing com_lovefactory com_maianmedia com_manager com_market com_markt com_matamko com_mediamall com_mediqna com_memory com_mmsblog com_mscomment com_mtfireeagle com_mtree com_multimap com_multiroot com_mycar com_neorecruit com_newsfeeds com_noticeboard com_obsuggest com_ongallery com_orgchart com_oziogallery2 com_packages com_pandafminigames com_pbbooking com_people com_photobattle com_photomapgallery com_picasa2gallery com_picsell com_ponygallery com_pro_desk com_qcontacts com_qpersonel com_question com_quran com_realtyna com_record com_redshop com_remository com_restaurantguide com_restaurantmenumanager com_rokmodule com_rsappt_pro com_rsappt_pro2 com_rscomments com_s2clanroster com_searchlog com_sef com_sermonspeaker com_seyret com_simpledownload com_spa com_spartsite com_spielothek com_sponsorwall com_spsnewsletter com_staticxt com_sweetykeeper com_team com_teams com_techfolio com_timereturns com_timetrack com_travelbook com_ttvideo com_ultimateportfolio com_users com_versioning com_vikrealestate com_virtuemart com_webtv com_wgpicasa com_wmi com_wmptic com_xcloner-backupandrestore com_xgallery com_xmap com_xmovie com_ybggal com_youtube com_zimbcomment com_zimbcore com_zina com_zoomprotfolio cpm_worldrates com_jesectionfinder
[wpscan] WordPress Security Scanner
WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach.
Details:
- Username enumeration (from author querystring and location header)
- Weak password cracking (multithreaded)
- Version enumeration (from generator meta tag and from client side files)
- Vulnerability enumeration (based on version)
- Plugin enumeration (2220 most popular by default)
- Plugin vulnerability enumeration (based on plugin name)
- Plugin enumeration list generation
- Other misc WordPress checks (theme name, dir listing, …)
Please use SVN to download:svn checkout http://wpscan.googlecode.com/svn/trunk/ ./wpscan
WordPress P&E
Search plugins [WordPress] and vulnerability to them.
[DPScan] Drupal Security Scanner
This small tool is public and accessible to you for use however you please. It may help other auditors or penetration testers do their job faster.
Use:
python DPScan.py [website url]
下载地址
下载地址