Skip to main content

cmseek

cmseek is a comprehensive CMS detection and exploitation suite designed for automated security workflows in Canva. It enables security professionals to scan a wide array of Content Management Systems (CMS), including WordPress, Joomla, and Drupal, to identify vulnerabilities and assist in security assessments.

Ideal Use Cases & Fit

cmseek is ideal for scenarios where rapid identification and analysis of CMS vulnerabilities are necessary. It excels in automated workflows that require:

  • Detecting specific CMS platforms used on a set of target URLs.
  • Scenarios necessitating the exclusion of known false positives through filtered CMS detection.
  • Environments where previous scans may have occurred, allowing workflows to skip already scanned targets. This tool is less appropriate for applications requiring extensive manual intervention during scans or scenarios where user interactivity is paramount.

Value in Workflows

In security workflows, cmseek streamlines early reconnaissance efforts by automating the process of CMS detection. It integrates seamlessly by allowing security teams to:

  • Quickly identify active CMS installations and their versions.
  • Enhance contextual analysis related to potential vulnerabilities through the automatic extraction of plugins, themes, and user data. These capabilities contribute to a robust, scalable security assessment process.

Input Data

cmseek requires input in the form of newline-separated URLs to effectively perform scans. The input data should be structured as follows:

  • Format: Newline-separated list of URLs.
  • Function: Target specification for scanning.
  • Example: 
    example.com
    example2.com

Configuration

Key configurable parameters for cmseek include:

  • ignore-cms: Specify which CMS IDs to skip to avoid false positives (comma separated).
  • strict-cms: Check target against specific CMS IDs only (comma separated).
  • skip-scanned: Skip the target if its CMS was previously detected (default: false).
  • follow-redirect: Follow all redirects during scanning (default: false).
  • no-redirect: Skip all redirects and test input targets (default: false).
  • random-agent: Use a random user agent for the requests (default: false).
  • googlebot: Use the Google bot user agent (default: false).
  • user-agent: Specify a custom user agent string.
  • batch: Never ask for user input during scanning (required: true, default: true).