search

CMS

When you find a CMS, test for known CVEs and misconfigurations using a sort of CMS-specific vulnerability scanner.

hashtag
WordPress

If you find a Drupal site, use droopescan arrow-up-rightto scan it:

Once you find a site running WordPress, scan it with wpscanarrow-up-right

  • wpscan --url <URL>

Always make sure to check the uploads folder "/wp-content/uploads/"

  • search for sensitive information such as user emails, passwords, and paid digital products.

hashtag
Drupal

If you find a Drupal site, use droopescan arrow-up-rightto scan it:

  • droopescan scan drupal -u <URL>

hashtag
Joomla

If you find a Joomla site, use joomscan arrow-up-rightto scan it:

  • joomscan -u <URL>

hashtag
Adobe AEM

If you find an Adobe AEM site, use aem_hacker arrow-up-rightto scan it:

  • python aem_hacker.py -u <URL> --host <Our Public IP>

hashtag
Magento

If you find a Magento site, use magescan arrow-up-rightto scan it:

  • magescan.phar scan:all sub.example.com

PreviousKnown VulnerabilitiesNextGithub

Last updated