CMS

Content Management Systems are most vulnerable from plugins they use.

Wordpress

The WordPress version is shown in the "generator" meta tag (unless removed by the site).

You may search the source code (CTRL-F) for "generator" to see the version.

This curl command will also show it. The "-s" flag is for "silent"

curl -s http://example.com/wordpress/ | grep generator

Basic information

wpscan --url https://192.168.26.141

Check for vulnerable plugins

wpscan --url https://192.168.26.141:12380/blogblog --enumerate vp

Check for exploits that match the version of wordpress

wpscan --no-update --url http://www.example.com/wordpress/
wpscan --no-update --url http://www.example.com/wordpress/ | grep Title
wpscan --no-update --url http://www.example.com/wordpress/ | grep Title | wc -l

Vulnerability and plugin scan

Enumerate usernames

Password attack on discovered usernames

Enumerate everything

Scan with nmap NSE scripts

Drupal

Droopscan

Installation:

Scanning:

Joomla

Joomscan

Get components running on the website

You can also check

If you find components, you can often access the configuration file

Joomlavs

Check for vulnerabilities affecting components

LogoGitHub - rastating/joomlavs: A black box, Ruby powered, Joomla vulnerability scannerGitHub

Nikto

A free web application vulnerability scanner preinstalled on kali linux.

PreviousSSL CertsNextWAF Detection