Last update on .


CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 150 other CMSs


What is a CMS?

What is a CMS? CMS or  A content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc.

There are hundres of thousands of websites out there that you will find running one of the major CMS common in the world of the web, suprisingly the majority of cms seems tobe written in PHP. Part of a hacker toolskit when perfoming a penetration testing is detecting the particular technology a host or target is running, that's where CMS detection comes to play and today we are going to show you how to use CMSeek to detect over 150+ cms.

Features of CMSeek

  • Basic CMS Detection of over 155 CMS
  • Drupal version detection
  • Advanced Wordpress Scans
    • Detects Version
    • User Enumeration
    • Plugins Enumeration
    • Theme Enumeration
    • Detects Users (3 Detection Methods)
    • Looks for Version Vulnerabilities and much more!
  • Advanced Joomla Scans
    • Version detection
    • Backup files finder
    • Admin page finder
    • Core vulnerability detection
    • Directory listing check
    • Config leak detection
    • Various other checks
  • Modular bruteforce system
    • Use pre made bruteforce modules or create your own and integrate with it

Detection Methods used by CMSeek

CMSeek detects CMS via the following:

  • HTTP Headers
  • Generator meta tag
  • Page source code
  • robots.txt

CMS Supported by CMSeek

CMSeeK currently can detect 157 CMS. You may go to There github page and Check the list in: cmss.py file which is present in the cmseekdb directory. All the cmss are stored in the following way:

cmsID = {
   'name':'Name Of CMS',
   'url':'Official URL of the CMS',
   'vd':'Version Detection (0 for no, 1 for yes)',
   'deeps':'Deep Scan (0 for no 1 for yes)'


From our friends

Similar entries


Comments are closed.