Web Application Analysiscmsdetectionexploitationwordpressjoomladrupalscanning

CMSeeK

CMSeeK is a CMS Detection and Exploitation suite that scans WordPress, Joomla, Drupal and over 180 other CMSs. It identifies content management systems and performs exploitation checks.

Description

CMSeeK is a comprehensive tool for detecting and exploiting vulnerabilities in content management systems (CMS). A CMS manages the creation and modification of digital content, typically supporting multiple users in collaborative environments. The tool scans for over 180 CMSs including popular platforms like WordPress, Joomla, and Drupal.

Use cases include reconnaissance of web applications to identify CMS versions, vulnerability assessment through deep scans, and multi-site scanning from target lists. It helps security professionals quickly fingerprint websites and check for known exploits.

The suite provides options for customizing scans, such as ignoring specific CMSs to reduce false positives, performing light scans for detection only, or following redirects. Verbose output and batch modes support efficient large-scale assessments.

How It Works

CMSeeK operates by sending HTTP requests to target URLs, analyzing responses for CMS-specific fingerprints like file paths, headers, and content patterns across 180+ CMSs. It performs version detection and deep scans for vulnerabilities/exploits. User agents can be randomized or customized, with options to handle redirects, skip previously scanned targets, or focus on specific CMS IDs using strict or ignore modes.

Installation

bash

sudo apt install cmseek

Flags

-u URL, --url URLTarget Url

-l LIST, --list LISTPath of the file containing list of sites for multi-site scan (comma separated)

-i cms, --ignore-cms cmsSpecify which CMS IDs to skip in order to avoid false positive. separated by comma ","

--strict-cms cmsChecks target against a list of provided CMS IDs. separated by comma ","

--skip-scannedSkips target if it's CMS was previously detected.

--light-scanSkips Deep Scan. Does CMS and version detection only.

-o, --only-cmsOnly detect CMS, ignore deep scan and version detection.

--follow-redirectFollows all/any redirect(s)

--no-redirectSkips all redirects and tests the input target(s)

-r, --random-agentUse a random user agent

--googlebotUse Google bot user agent

--user-agent USER_AGENTSpecify a custom user agent

-v, --verboseIncrease output verbosity

--versionShow CMSeeK version and exit

-h, --helpShow this help message and exit

--clear-resultDelete all the scan result

--batchNever ask you to press enter after every site in a list is scanned

Examples

Scan example.com

python3 cmseek.py -u example.com

Scan the sites specified in target.txt (comma separated)

python3 cmseek.py -l /home/user/target.txt

Scan example.com using custom user-Agent Mozilla 5.0

python3 cmseek.py -u example.com --user-agent Mozilla 5.0

Scan example.com using a random user-Agent

python3 cmseek.py -u example.com --random-agent

Enabling verbose output while scanning example.com

python3 cmseek.py -v -u example.com

Run guided scanning

python3 cmseek.py

Batch scan sites from list without prompts

python3 cmseek.py -l sites.txt --batch

Light scan for CMS and version detection only

python3 cmseek.py -u example.com --light-scan

Updated 2026-04-16kali.org ↗