tuhinshubhra / cmseek Goto Github PK

tried with some sites with wp 4.9.6

[i] Checking for WordPress
[*] WordPress Confirmed... Checking for WordPress login form
[❌] Couldn't find login form... CMSeeK is quitting

list of cms always in random order

Traceback (most recent call last):leries
File "cmseek.py", line 110, in
cms_brute()
File "/root/CMSeeK/cmsbrute/wp.py", line 80, in start
if passfound == '0':
UnboundLocalError: local variable 'passfound' referenced before assignment

see BlackArch/blackarch#2245

The result directory path should be changed to working_dir + '/Result' instead of cmseek_dir + '/Result', the fix a permission issue where the tool cant write to a privileged directory.

• CMSeeK Version: 1.0.9
  • Target: https://www.snapdeal.com/
  • Probable CMS: <name and/or cms url>

• CMSeeK Version: 1.1.0
  • Target: http://www.ngoao.gov.iq/
  • Probable CMS: <almubda 1.8>

[+] Deep Scan Results [+]

[✔] Detected CMS: WordPress
[✔] CMS URL: https://wordpress.org
Traceback (most recent call last):
File "cmseek.py", line 45, in
core.main_proc(site,cua)
File "/Users/x/CMSeeK_CMSDetectionandExploitation/cmseekdb/core.py", line 123, in main_proc
advanced.deep(c22[1], site, cua, '1', scode)
File "/Users/x/CMSeeK_CMSDetectionandExploitation/cmseekdb/dnv.py", line 184, in deep
if wpvdbres == '1':
UnboundLocalError: local variable 'wpvdbres' referenced before assignment

• CMSeeK Version: 1.1.0
• Target: https://elearning.telekom.ro/
• Probable CMS: Moodle (https://moodle.com/)

• CMSeeK Version: 1.1.0
• Target: [private]
  CMS is ORKIS Ajaris Websuite (http://www.orkis.com/)

How to detect :
The web page contains :

<meta property="ajaris:baseURL"
<meta property="ajaris:language"

By some definitions phpBB may not technically be a CMS out of the box, but plenty of people use it as one and it is certainly at least a user-generated content management system. It's an extremely popular forum platform and is categorized as a CMS by Open Source CMS. Virtually every website builder/install helper comes with packages for it. Many times it is placed in the subdirectory, such as www.example.com/forum, but it is also often placed in a subdomain of its own, such as forum.example.com.

Some target websites:
https://forums.veeam.com/
http://forum.vfb.de/
https://bb.steelguitarforum.com/
http://www.ultimatebootcd.com/forums/
https://www.reactos.org/forum/

The source and header detection methods detect CMS by certain fields.If a page contains these fields, but they are not actually CMS related, the page could be mistaken for using the CMS. Such as google "wp-content", you will get a page that contains a lot of "wp-content".

• CMSeeK Version:1.1.1
• Target: https://www.darkmatter.ae/
• Probable CMS: Umbraco

Please update your CMSeeK. :)

bro, hello.
nice product.
i tested on opencart - seems it does not work.
where to add key from wpvulndb?

Hello,

I'm having an error with the Bruteforce Module.
Please find the trace of this issue :

[i] Checking for Joomla
Traceback (most recent call last):
File "cmseek.py", line 185, in
cms_brute()
File "/newtools/CMSeeK/cmsbrute/joom.py", line 97, in start
if joomcnf != '1':
UnboundLocalError: local variable 'joomcnf' referenced before assignment

I take this opportunity to congratulate you for this work 👍

Hey @Tuhinshubhra

While running cmseek on wp and jomla I am getting an error whereas running the joomscan and wpscan is working fine.
Error:

File "cmseek.py", line 136, in <module>
    core.main_proc(site,cua)
  File "/home/tools/CMSeeK/cmseekdb/core.py", line 132, in main_proc
    result.target(site)
  File "/home/tools/CMSeeK/cmseekdb/result.py", line 12, in target
    print(' \u250f\u2501Target: ' + cmseek.bold + cmseek.red + target + cmseek.cln)
UnicodeEncodeError: 'ascii' codec can't encode characters in position 1-2: ordinal not in range(128)

Can you please help me to fix this?
Thanks

I tested this tool against my blog at https-4n6ir-com and CMSeeK isn't able to detect the wp version. I ran wpscan against the same, and it detected a version 'identified from advanced fingerprinting'.

Hey, I am requesting if you could add various HTTP authentication methods, like Basic, Digest, and NTLM... and maybe others like OAuth 1, 2 and Kerberos if possible.

• CMSeeK Version: 1.1.0
• Target: https://www.elektro-sieben.de/
• Probable CMS: RedaxoCMS

CMS Detection: https://www.elektro-sieben.de/redaxo/
CMS Site: https://redaxo.org/

PHP-Nuke is an older CMS that is no longer in development, but plenty of websites still use it and it's still listed as an option in website install helpers like Softaculous and promoted by popular hosts like SiteGround. Obviously it's a terrible CMS to use in modern times, but it's still alive and unwell.

For a list of target websites:
https://trends.builtwith.com/websitelist/PHP-Nuke

Python: 3.6.5
Error: Traceback (most recent call last):
File "cmseek.py", line 117, in
core.main_proc(site,cua)
File "/root/CMSeeK/cmseekdb/core.py", line 101, in main_proc
advanced.start(cms, site, cua, ga, scode, ga_content)
File "/root/CMSeeK/deepscans/core.py", line 14, in start
joomscan.start(id, url, ua, ga, source)
File "/root/CMSeeK/deepscans/joom/init.py", line 76, in start
cmseek.result('Target: ',url)
File "/root/CMSeeK/cmseekdb/basic.py", line 147, in result
print(bold + fgreen + "[\u2714] " + stm + cln + msg)
UnicodeEncodeError: 'ascii' codec can't encode character '\u2714' in position 10: ordinal not in range(128)

[x] CMS Detection failed, if you know the cms please help me improve CMSeeK by reporting the cms along with the target by creating an issue

Thanks for a good tool. How about include in your roadmap a feature to run as batch mode.
With the flag someone could use in their script to run CMSeek and accept all default answer.

Hello,

I think's i have find a issue :

python3 cmseek.py -u drupal.com -r

[+] CMS Scan Results [+]

┏━Target: www.drupal.com
┃
┠── CMS: Drupal
┃ │
┃ ├── Version: 8
┃ ╰── URL: https://drupal.org
┃
┠── Result: /home/user/CMSeeK/Result/drupal.com/cms.json
┃
┗━Scan Completed in 2.16 Seconds, using 2 Requests

cat /home/user/CMSeeK/Result/drupal.com/cms.json

Output :
{ "cms_id": "dru", "cms_name": "", "cms_url": "", "detection_param": "header", "last_scanned": "2018-08-27 12:38:12.692850", "url": "http://drupal.com/" }

As you can see "cms_name" and "cms_url" is empty.

Hi, I´m using command
python3 cmseek.py -l list.txt --follow-redirect
but after each domain-check script asking me "Press [ENTER] to continue"

Is some argument to run script for multiple domains just one after another without confirming ? I´m checking many domains..

• CMSeeK Version: 1.1.0
• Target: https://www.telekom.ro/
• Probable CMS: Oracle ATG Web Commerce

go fix this python script ineed talking you

Hi, thx for the amazing work
Prestashop detection support https://www.prestashop.com/en would be great

Hello, Using CMSeek 1.1.1, got this error :

[+] CMS Detection And Deep Scan [+]

[i] Scanning Site: https://n0where.net/
[x] Aborting CMSeek! Couldn't connect to site
Error: <urlopen error [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:720)>

Trying deepscaan
Scaning Site
User Agent
Force close

Trying Bruteforce CMS
Press 3
Force close

Sorry for no proff but this is what happend to me.
Any advice?

[!] No luck with headers... Continuing with source code [!] Generator meta tag not found! (Procceeding with scan 2.2 of 2.2) Traceback (most recent call last): File "cmseek.py", line 87, in <module> core.main_proc(site,cua) File "/root/soft/CMSeeK/cmseekdb/core.py", line 156, in main_proc cmseek.error("Couldn't detect cms... :( \n Sorry master didn't mean to dissapoint but bye for now \n Can't handle this much disappintment \n\n") File "/root/soft/CMSeeK/cmseekdb/basic.py", line 149, in error print(bold + red + "[\u274c] " + msg) UnicodeEncodeError: 'ascii' codec can't encode character '\u274c' in position 10: ordinal not in range(128)

/root/.pyenv/versions/3.6.6/bin/python3 cmseek.py

pyenv
python 3.6.6
ubuntu 16.04

I would love to write a module for SpiderFoot to use CMSeeK, but to do that it should be able to run CMSeeK from the command line in a completely hands-off way. Right now, if I run cmseek.py example.com, I will get prompted if it's the URL I want to scan when there is a re-direct. Could you perhaps introduce a -y flag or similar, which just assumes that I want to follow the re-direction?

Great tool and keep up the good work!

Thanks.

• CMSeeK Version: 1.0.6
• Target: https://www.klein.wine/typo3/
• Probable CMS: TYPO3, should normaly be found at /typo3

CMSeeK Version: 1.1.0
Target: http://www.bbcamerica.com/
CMS:wp

Hi, some sites' CMS ID is wp, but they don't have wp_version, Why?
cms_bbc.txt

After some scans I found that there are some CMS or URLS which taking much time. So I deleted them from list.txt and ran batch scan again. But it starts again from first url. Can you add some argument --ignore-if-in-results ?

Thanks

Hi,

Just some suggestion, let say i'm calling cmsseek.scan(domain) and it will return in json format.

Example :

from cmseek import scan

cmseek.scan(domain)
return json

There is any idea for this enhancement?

Thanks

Traceback (most recent call last):
File "cmseek.py", line 17, in
import cmseekdb.core as core
File "/root/CMSeeK/cmseekdb/core.py", line 23, in
import cmseekdb.generator as generator
File "/root/CMSeeK/cmseekdb/generator.py", line 31
global ga, ga_content
^
SyntaxError: name 'ga' is assigned to before global declaration

Traceback (most recent call last):
File "cmseek.py", line 9, in
import cmseekdb.basic as cmseek # All the basic functions
File "/root/Desktop/CMSeeK/cmseekdb/basic.py", line 67
SyntaxError: Non-ASCII character '\xc3' in file /root/Desktop/CMSeeK/cmseekdb/basic.py on line 67, but no encoding declared; see http://python.org/dev/peps/pep-0263/ for details

Hi

I Consider include SharePoint in CMS detection. The method is verify the URL

/_layouts/authenticate.aspx
/_catalogs/wp

Or

https://www.fpweb.net/sharepoint-blog/your-sharepoint-url-list-an-administrators-guid/.

datetime was added as a requirement in 0c5734f

datetime is a part of the Python Standard Library and it is useless to add it in the requirements.txt file.

Result: Wordpress, Detection method: Source
Actually it's magento site.

Hi, there is argument --ignore-cms - what is good, but useful function can be also some kind of opposite to this. "scan only selected version/s"

PS: thank for --batch (however, its not working with -u, must "reinstall" script from zero)

I noticed that BigTreeCMS seems to be unsupported for detection.

[] CMS Detected, CMS ID: wp, Detection method: header
[] 2 Usernames were enumerated
[!] Skipping version vulnerability scan as WordPress Version wasn't detected
Traceback (most recent call last):
File "cmseek.py", line 118, in
core.main_proc(site,cua)
File "/root/Desktop/newtools/CMSeeK/cmseekdb/core.py", line 107, in main_proc
advanced.start(cms, site, cua, ga, scode, ga_content)
File "/root/Desktop/newtools/CMSeeK/deepscans/core.py", line 10, in start
wpscan.start(id, url, ua, ga, source)
File "/root/Desktop/newtools/CMSeeK/deepscans/wp/init.py", line 101, in start
vulnss = len(result['vulnerabilities'])
TypeError: string indices must be integers

Content:
- CMSeeK Version: 1.1.0
- Target: http://www.upsc.gov.in/
- Probable CMS: Drupal

I was trying option 1 on a WordPress website and caught this error below:

[â] Detected CMS: WordPress
[â] CMS URL: https://wordpress.org
Traceback (most recent call last):
File "cmseek.py", line 63, in
core.main_proc(site,cua)
File "/home/diego/Programas/CMSeeK/cmseekdb/core.py", line 156, in main_proc
advanced.deep(c22[1], site, cua, '0', scode)
File "/home/diego/Programas/CMSeeK/cmseekdb/dnv.py", line 186, in deep
if wpvdbres == '1':
UnboundLocalError: local variable 'wpvdbres' referenced before assignment

Hello, @Tuhinshubhra. Thank you for sharing the CMSeeK!
I found that if a target http server uses self-signed certificate, CMSeeK couldn't scan.

informations:

• Target: A self signed https server
• Exact copy of error

  $python cmseek.py -u https://localhost:8443
  
  
   _____ _____ _____         _____
  |     |     |   __|___ ___|  |  | by @r3dhax0r
  |   --| | | |__   | -_| -_|    -|
  |_____|_|_|_|_____|___|___|__|__| Version 1.0.8
  
  
   [+]  CMS Detection And Deep Scan  [+] 
  
  
  [i] Scanning Site: https://localhost:8443/
  [x] Aborting CMSeek! Couldn't connect to site 
      Error: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1045)>
  
  
  [i] Log saved in: /path/to/CMSeeK/Result/localhost:8443/cms.json
  
  
    _/\_  totsiens ~~ CMSeeK 

• Your operating system

  $ cat /etc/issue
  Arch Linux \r (\l)
  
  $uname -r
  4.17.14-arch1-1-ARCH
  
  $python -V
  Python 3.7.0

Following patch works for me.

diff --git a/cmseek.py b/cmseek.py
index 9f9b260..4a3c694 100644
--- a/cmseek.py
+++ b/cmseek.py
@@ -48,6 +48,10 @@ elif args.random_agent is not None:
     cua = cmseek.randomua('random')
 else:
     cua = None
+
+import ssl
+ssl._create_default_https_context = ssl._create_unverified_context
+
 if args.url is not None:
     s = args.url
     target = cmseek.process_url(s)

Thanks!

Linux parrot 4.17.0-parrot8-amd64 #1 SMP Parrot 4.17.8-1parrot8 (2018-08-11) x86_64 GNU/Linux

┌─[max@parrot]─[~/Desktop/new/CMSeeK]
└──╼ $python3 cmseek.py -l sites.txt

| |/| [__ |___ |___ |/ by @r3dhax0r
|__ | | | | |___ | _ Version 1.1.0 ForumZ

[+] CMS Detection And Deep Scan [+]

[i] Scanning Site: http://avtofiltry-shop.ruavto-finam.ruavtofinam.ruavtofinance24.ruavtofinance48.ruavto-finance.ruavtofinance.ruavtofinans116.ruavtofinans24.ruavtofinans31.ruavto-finans.ruavtofinans.ruavto-fina.ruavtofind.ruavtofininvest.ruavtofin.ruavtofint.ru
[x] Aborting CMSeek! Couldn't connect to site
Error: <urlopen error [Errno -2] Name or service not known>

Press [ENTER] to continue

[✔] Finished Scanning all targets.. result has been saved under respective target directories

CMSeeK says ~ sayonara
┌─[max@parrot]─[~/Desktop/new/CMSeeK]
└──╼ $

P.S.: file sites.txt:
avtofiltry-shop.ru
avto-finam.ru
avtofinam.ru
avtofinance24.ru
avtofinance48.ru
avto-finance.ru
avtofinance.ru
avtofinans116.ru
avtofinans24.ru
avtofinans31.ru

P.P.S python3 cmseek.py -u example.com <------ performs excellently!

when i use the local target file which is too many lines (about 500 lines),program will shutdown and report this error