TOOLS |

CMS Explorer

When it comes to security vulnerability assessments against content management systems, it becomes necessary to discover which plugins are being used within the system. For the most popular open source systems (wordpress, drupal, joomla) there are literally thousands of plugins available and many have lets admit it not the best record when it comes to secure coding. Just take a look at exploit-db.com for the amount of exploits available for these systems and how many of those are due to plugins.

So a new project hosted over at googlecode is an excellent addition to any vulnerability scanning toolbox.

CMS Explorer searches a site for installed plugins and if you supply an OSVDB.org API key, it will even correlate found plugins with those that are vulnerable.

Requirements

    * PERL 5.x
    * Getopt::Long
    * LibWhisker2 (included)
    * OSVDB API key (free for 100 queries per day) 

Installation

    * Unpack archive
    * Create the file 'osvdb.key' in the cms-explorer directory, and put your OSVDB API key on the first line.
    * run ./cms-explorer.pl to ensure no errors are reported 

CMS-Explorer