小编:此次小编为大家带来了CMS渗透工具合集,包括Joomla,wordpress等著名CMS的安全检测工具,本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!

Joomscan [611 joomla vulnerabilities database]


Joomscan is a tool for testing vulnerabilities on websites that use ‘Joomla’. This application allows you to view or Test the website on XSS attacks, SQL Injection, LFI, RFI, Bruteforce, etc.

Manual:
http://web-center.si/Navodila-za-uporabo-win.pdf [windows]
http://web-center.si/navodilazauporabo.pdf

下载地址

Joomla Security Scanner v.1.0


PenTest for XSS, SQL-Inj, CSRF, Brute Force, RFI and LFI.

下载地址

JComScanner[Joomla插件识别]

Scanner components Joomla.

Use:

Code:
./jscan.py http://joomla.org ./mycomponent_list.txt

With a timeout:

Code:
./jscan.py http://joomla.org ./mycomponent_list.txt 10
#!/usr/bin/env python

import os
import time
import random
import urllib2 as u2
import argparse as ap
sub_url = "/components/"
#------------------------------------------------------
# Args set
def add_args():
p = ap.ArgumentParser()
p.add_argument("-u", help = "Remote site URL")
p.add_argument("-f", help = "Joomla components list file")
p.add_argument("-t", help = "Timeout (sec)")
p.add_argument("-T", help = "Randomization timeout (from 0 to N)")
p.add_argument("-p", help = "HTTP Proxy server (PROXY:PORT)(example: 127.0.0.1:1080)")
return p.parse_args(), p
#------------------------------------------------------

#------------------------------------------------------
# Timeout
def timeout(args):
if args.T:
time.sleep(random.randint(0, int(args.T)))
elif args.t:
time.sleep(int(args.t))

#------------------------------------------------------
#------------------------------------------------------
# Scan through HTTP server
def scan_through_proxy(args, com_name, op):
try:
url = args.u + sub_url + com_name
op.open(url)
except:
raise
return True
#------------------------------------------------------
#------------------------------------------------------
# Scan directly
def scan(args, com_name):
try:
url = args.u + sub_url + com_name
req = u2.Request(url)
u2.urlopen(req)
except:
raise
return True
#------------------------------------------------------

a, p = add_args()
if not a.u or not a.f:
p.print_usage()
p.exit()
else:
if a.u.find("http://") < 0 and a.u.find("HTTP://") < 0:
a.u = "http://" + a.u

if not os.access(a.f, os.F_OK):
print "File {} does not exit or permission denied".format(a.f)
exit()
print "[Joomla components scanner by R0nin]\n"
print "[+] Host:", a.u
try:
if not a.p:
with open(a.f) as com_file:
for line in com_file:
line = line.strip("\r\n")
try:
scan(a, line)
except u2.HTTPError as he:
if he.code == 404:
print "Component: " + line.ljust(40,' ') + "[Not found]"
except u2.URLError as ue:
print "Exception: " + ue.reason
else:
print "Component: " + line.ljust(40,' ') + "[OK]"
timeout(a)
else:
if a.p.find("http://") < 0 and a.p.find("HTTP://") < 0:
a.p = "http://" + a.p
prx = u2.ProxyHandler({"http":a.p})
op = u2.build_opener(prx)
u2.install_opener(op)

print "[Scan via HTTP proxy {}]\n".format(a.p)
with open(a.f) as com_file:
for line in com_file:
line = line.strip("\r\n")
try:
scan_through_proxy(a, line, op)
except u2.HTTPError as he:
if he.code == 404:
print "Component: " + line.ljust(40,' ') + "[Not found]"
except u2.URLError as ue:
print "Exception: " + ue.reason
else:
print "Component: " + line.ljust(40,' ') + "[OK]"
timeout(a)
except KeyboardInterrupt:
print "\nInterrupted by user (CTRL+C or Delete)"
exit()
except:
print "Uknown exception: exit..."
exit()
else:
print "\n[Sucess]\n"
exit()

my_component.txt:

com_aardvertiser
com_addressbook
com_adsmanager
com_advertising
com_alameda
com_alfurqan15x
com_allcinevid
com_alphauserpoints
com_amblog
com_annonces
com_answers
com_appointinator
com_arcadegames
com_archeryscores
com_artforms
com_articleman
com_beamspetition
com_beeheard
com_bfquiztrial
com_biblioteca
com_billyportfolio
com_blogfactory
com_booklibrary
com_btg_oglas
com_caddy
com_calcbuilder
com_camp
com_cbe
com_ccboard
com_ccinvoices
com_ccrowdsource
com_cgtestimonial
com_chronocontact
com_cinema
com_ckforms
com_clan
com_clanlist
com_clantools
com_connect
com_content
com_cvmaker
com_dateconverter
com_dcnews
com_delicious
com_diary
com_dioneformwizard
com_discussions
com_djartgallery
com_drawroot
com_dshop
com_education_classess
com_elite_experts
com_eportfolio
com_equipment
com_esearch
com_event
com_extcalendar
com_ezautos
com_fabrik
com_flashgames
com_flexicontent
com_flipwall
com_forme
com_g2bridge
com_gadgetfactory
com_gamesbox
com_gantry
com_gbufacebook
com_golfcourseguide
com_google
com_graphics
com_grid
com_hello
com_hmcommunity
com_horoscope
com_huruhelpdesk
com_idoblog
com_if_surfalert
com_img
com_iproperty
com_jacomment
com_jce
com_jdirectory
com_jdownloads
com_jdrugstopics
com_jeauto
com_jedirectory
com_jeemasms
com_jefaqpro
com_jeguestbook
com_jejob
com_jepoll
com_jequoteform
com_jesectionfinder
com_jestory
com_jesubmit
com_jfuploader
com_jgen
com_jgrid
com_jimtawl
com_jmarket
com_jmsfileseller
com_jnewsletter
com_jnewspaper
com_joltcard
com_jomdocs
com_jomsocial
com_jomtube
com_joomdle
com_joomdocs
com_joomla-visites
com_joomnik
com_joomradio
com_joomtouch
com_jphone
com_jp_jobs
com_jquarks4s
com_jradio
com_jscalendar
com_jsjobs
com_jstore
com_jsubscription
com_jsupport
com_jtickets
com_jtm
com_konsultasi
com_lead
com_listbingo
com_listing
com_lovefactory
com_maianmedia
com_manager
com_market
com_markt
com_matamko
com_mediamall
com_mediqna
com_memory
com_mmsblog
com_mscomment
com_mtfireeagle
com_mtree
com_multimap
com_multiroot
com_mycar
com_neorecruit
com_newsfeeds
com_noticeboard
com_obsuggest
com_ongallery
com_orgchart
com_oziogallery2
com_packages
com_pandafminigames
com_pbbooking
com_people
com_photobattle
com_photomapgallery
com_picasa2gallery
com_picsell
com_ponygallery
com_pro_desk
com_qcontacts
com_qpersonel
com_question
com_quran
com_realtyna
com_record
com_redshop
com_remository
com_restaurantguide
com_restaurantmenumanager
com_rokmodule
com_rsappt_pro
com_rsappt_pro2
com_rscomments
com_s2clanroster
com_searchlog
com_sef
com_sermonspeaker
com_seyret
com_simpledownload
com_spa
com_spartsite
com_spielothek
com_sponsorwall
com_spsnewsletter
com_staticxt
com_sweetykeeper
com_team
com_teams
com_techfolio
com_timereturns
com_timetrack
com_travelbook
com_ttvideo
com_ultimateportfolio
com_users
com_versioning
com_vikrealestate
com_virtuemart
com_webtv
com_wgpicasa
com_wmi
com_wmptic
com_xcloner-backupandrestore
com_xgallery
com_xmap
com_xmovie
com_ybggal
com_youtube
com_zimbcomment
com_zimbcore
com_zina
com_zoomprotfolio
cpm_worldrates
com_jesectionfinder

[wpscan] WordPress Security Scanner

WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach.
Details:

  • Username enumeration (from author querystring and location header)
  • Weak password cracking (multithreaded)
  • Version enumeration (from generator meta tag and from client side files)
  • Vulnerability enumeration (based on version)
  • Plugin enumeration (2220 most popular by default)
  • Plugin vulnerability enumeration (based on plugin name)
  • Plugin enumeration list generation
  • Other misc WordPress checks (theme name, dir listing, …)

Please use SVN to download:svn checkout http://wpscan.googlecode.com/svn/trunk/ ./wpscan

WordPress P&E


Search plugins [WordPress] and vulnerability to them.

下载地址

[DPScan] Drupal Security Scanner


This small tool is public and accessible to you for use however you please. It may help other auditors or penetration testers do their job faster.

Use:

python DPScan.py [website url]
下载地址
源链接

Hacking more

...