------------------------------------------------------------------------------------------------ # WordPress $ python3 cmseek.py --url https://targetsite.com ___ _ _ ____ ____ ____ _ _ | |\/| [__ |___ |___ |_/ by @r3dhax0r |___ | | ___| |___ |___ | \_ Version 1.1.3 K-RONA [+] CMS Detection And Deep Scan [+] [i] Scanning Site: https://targetsite.com [*] CMS Detected, CMS ID: wp, Detection method: header [*] Version Detected, WordPress Version 5.5.3 [i] Checking user registration status [i] Starting passive plugin enumeration [*] 12 Plugins enumerated! [i] Starting passive theme enumeration [*] 2 themes detected! [i] Starting Username Harvest [i] Harvesting usernames from wp-json api [!] Json api method failed trying with next [i] Harvesting usernames from jetpack public api [!] No results from jetpack api... maybe the site doesn't use jetpack [i] Harvesting usernames from wordpress author Parameter [*] Found user from source code: andreas [*] Found user from source code: laci [*] 2 Usernames were enumerated [i] Checking version vulnerabilities using wpvulns.com [+] Deep Scan Results [+] ,-Target: targetsite.com | |-- CMS: WordPress | | | |-- Version: 5.5.3 | '-- URL: https://wordpress.org | |--[WordPress Deepscan] | | | |-- Readme file found: https://targetsite.com/readme.html | |-- License file: https://targetsite.com/license.txt | |-- Uploads directory has listing enabled: https://targetsite.com/wp-content/uploads | | | |-- Plugins Enumerated: 12 | | | | | |-- Plugin: the-events-calendar | | | | | | | |-- Version: 4.9.20 | | | '-- URL: https://targetsite.com/wp-content/plugins/the-events-calendar | | | | | |-- Plugin: wp-responsive-recent-post-slider | | | | | | | |-- Version: 2.4 | | | '-- URL: https://targetsite.com/wp-content/plugins/wp-responsive-recent-post-slider | | | | | |-- Plugin: js_composer | | | | | | | |-- Version: 6.2.0 | | | '-- URL: https://targetsite.com/wp-content/plugins/js_composer | | | | | |-- Plugin: essential-grid | | | | | | | |-- Version: 2.0.9.1 | | | '-- URL: https://targetsite.com/wp-content/plugins/essential-grid | | | | | |-- Plugin: revslider | | | | | | | |-- Version: 5.1 | | | '-- URL: https://targetsite.com/wp-content/plugins/revslider | | | | | |-- Plugin: contact-form-7 | | | | | | | |-- Version: 5.2.2 | | | '-- URL: https://targetsite.com/wp-content/plugins/contact-form-7 | | | | | |-- Plugin: uk-cookie-consent | | | | | | | |-- Version: 5.5.3 | | | '-- URL: https://targetsite.com/wp-content/plugins/uk-cookie-consent | | | | | |-- Plugin: easy-fancybox | | | │ | | | |-- Version: 1.3.24 | | | '-- URL: https://targetsite.com/wp-content/plugins/easy-fancybox | | | | | |-- Plugin: table-generator | | | | | | | |-- Version: 1.3.0 | | | '-- URL: https://targetsite.com/wp-content/plugins/table-generator | | | | | |-- Plugin: wp-pagenavi | | | | | | | |-- Version: 2.70 | | | '-- URL: https://targetsite.com/wp-content/plugins/wp-pagenavi | | | | | |-- Plugin: LayerSlider | | | | | | | |-- Version: 5.6.2 | | | '-- URL: https://targetsite.com/wp-content/plugins/LayerSlider | | | | | '-- Plugin: enable-jquery-migrate-helper | | | | | |-- Version: 1.4.1 | | '-- URL: https://targetsite.com/wp-content/plugins/enable-jquery-migrate-helper | | | | | |-- Themes Enumerated: 2 | | | | | |-- Theme: church-suite | | | | | | | |-- Version: 5.5.3 | | | '-- URL: https://targetsite.com/wp-content/themes/church-suite | | | | | '-- Theme: church-suite_child_theme | | | | | |-- Version: 5.5.3 | | '-- URL: https://targetsite.com/wp-content/themes/church-suite_child_theme | | | | | |-- Usernames harvested: 2 | | | | | |-- andreas | | '-- laci | | | |-- Result: /home/kali/CMSeeK/Result/targetsite.com/cms.json | '-Scan Completed in 37.72 Seconds, using 46 Requests ------------------------------------------------------------------------------------------------ # Joomla $ python3 cmseek.py --url http://targetsite.com ___ _ _ ____ ____ ____ _ _ | |\/| [__ |___ |___ |_/ by @r3dhax0r |___ | | ___| |___ |___ | \_ Version 1.1.3 K-RONA [+] CMS Detection And Deep Scan [+] [i] Scanning Site: http://targetsite.com [*] CMS Detected, CMS ID: joom, Detection method: header [i] detecting joomla version [*] Joomla version detected, version: 3.6.3 [!] Joomla core vulnerability detected [!] Joomla core vulnerability detected [!] Joomla core vulnerability detected [!] Joomla core vulnerability detected [!] Joomla core vulnerability detected [!] Joomla core vulnerability detected [!] Joomla core vulnerability detected [i] README.txt file found [i] Checking debug mode status [i] Locating admin url [*] Admin login page found: http://targetsite.com/administrator [i] Checking for common Backups [i] Looking for potential config leak [+] Deep Scan Results [+] [V] Target: http://targetsite.com [V] Detected CMS: Joomla [V] CMS URL: https://joomla.org [V] Joomla Version: 3.6.3 [V] Readme file: http://targetsite.com/README.txt [V] Admin URL: http://targetsite.comadministrator [V] Total joomla core vulnerabilities: 7 [i] Vulnerabilities found: [v] Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation CVE : CVE-2016-8870 , CVE-2016-8869 EDB : https://www.exploit-db.com/exploits/40637/ [v] Joomla! Core Remote Privilege Escalation Vulnerability CVE : CVE-2016-9838 EDB : https://www.exploit-db.com/exploits/41157/ [v] Joomla! Core Security Bypass Vulnerability CVE : CVE-2016-9081 https://developer.joomla.org/security-centre/661-20161003-core-account-modifications.html [v] Joomla! Core Arbitrary File Upload Vulnerability CVE : CVE-2016-9836 https://developer.joomla.org/security-centre/665-20161202-core-shell-upload.html [v] Joomla! Information Disclosure Vulnerability CVE : CVE-2016-9837 https://developer.joomla.org/security-centre/666-20161203-core-information-disclosure.html [v] PHPMailer Remote Code Execution Vulnerability CVE : CVE-2016-10033 https://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection https://github.com/opsxcq/exploit-CVE-2016-10033 EDB : https://www.exploit-db.com/exploits/40969/ [v] PPHPMailer Incomplete Fix Remote Code Execution Vulnerability CVE : CVE-2016-10045 https://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection EDB : https://www.exploit-db.com/exploits/40969/ CMSeeK says ~ adeus