CMS

When you find a CMS, test for known CVEs and misconfigurations using a sort of CMS-specific vulnerability scanner.

WordPress

If you find a Drupal site, use droopescan to scan it:

Once you find a site running WordPress, scan it with wpscan

  • wpscan --url <URL>

Always make sure to check the uploads folder "/wp-content/uploads/"

  • search for sensitive information such as user emails, passwords, and paid digital products.

Drupal

If you find a Drupal site, use droopescan to scan it:

  • droopescan scan drupal -u <URL>

Joomla

If you find a Joomla site, use joomscan to scan it:

  • joomscan -u <URL>

Adobe AEM

If you find an Adobe AEM site, use aem_hacker to scan it:

  • python aem_hacker.py -u <URL> --host <Our Public IP>

Magento

If you find a Magento site, use magescan to scan it:

  • magescan.phar scan:all sub.example.com

PreviousKnown VulnerabilitiesNextGithub

Last updated