$

Enumeración de CMS

#cms#enumeración

Wordpress

WPScan

Enumeración de temas y plugins Wordpress

wpscan --url https://<RHOST> --enumerate u,t,p
wpscan --url https://<RHOST> --plugins-detection aggressive
wpscan --url https://<RHOST> --disable-tls-checks
wpscan --url https://<RHOST> --disable-tls-checks --enumerate u,t,p
wpscan --url http://<RHOST> -U <USERNAME> -P passwords.txt -t 50
wpscan --url http://<RHOST>/wordpress --api-token $WP_TOKEN --plugins-detection aggressive

La variable de entorno $WP_TOKEN contiene el token generado en la web https://wpscan.com/

Nuclei

nuclei -u http://<RHOST>/wordpress/ -tags fuzz -t /home/d4redevil/.local/nuclei-templates/http/fuzzing/wordpress-plugins-detect.yaml

Gobuster

gobuster dir -u http://<RHOST>/wordpress/ -w /usr/share/seclists/Discovery/WebContent/CMS/wp-plugins.fuzz.txt

Joomla

joomscan -u http://<RHOST>

Drupal

droopescan scan drupal -u http://<RHOST> -t 32

Magento

php magescan.phar scan:all http://<RHOST>