Hello There, Guest! Login Register
Logo
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.


[Perl]CMS Bas3d Scanner

  • 0 Vote(s) - 0 Average


08-22-2014, 01:01 PM #1
Marck Offline Junior Member **
Registered
Posts:7 Threads:3 Joined:Aug 2014 Reputation: 1
Mood: Coffee
Hello guys Smiley1
The CMS Bas3d is a tool to check possible vulnerabilities in CMS (obvious), the purpose of this tool is to analyze the target and look for potential vulnerabilities (and their exploits).

In addition to performing normal check, you also have the option to check which CMS is running on target, below is the list of CMS which are available for vulnerability assessment and which are available to check which CMS is running on the target:

List of CMS that are available for check vulnerabilities:
Code:
-Joomla
-b2evolution
-ATutor
-XOOPS
-Moodle
-SMF
-PHP-Nuke
-WORDPRESS
-PostNuke
-VBULLETIN
-PHPBB
-MYBB
-DRUPAL
-MODx
-SilverStripe
-Textpattern
-Frog
-AdaptCMS

List of CMS that are available for check which is running on the target:
Code:
-Joomla
-AdaptCMS
-Apache Roller
-XOOPS
-Frog
-openCMS
-SMF
-Textpattern
-Ametys
-WordPress
-ATutor
-eXo Platform
-vBulletin
-b2evolution
-DSpace
-phpBB
-Moodle
-DotCMS
-MyBB
-PHP-Nuke
-Composite C1
-Drupal
-PostNuke
-DotNetNuke
-MODx
-SilverStripe
-mojoPortal
-phpVibe
-Umbraco
-BEdita
-Chevereto
-CMSimple
-CMSimple_XH
-Concrete
-Cotonti
-Directus
-DokuWiki
-Dotclear
-Magento
-Geeklog

Usage:
Code:
To verficar vulnerabilities/exploits: $ perl ./cmsbas3d.pl <target>
Use to know which CMS is running on target: $ perl ./cmsbas3d.pl vcms <target>
For help: $ perl ./cmsbas3d.pl help

Log of simple scan:
Code:
# perl ./cmsbas3d.pl http://www.target.com/

#####  #     #  #####     ######                 #####
#     # ##   ## #     #    #     #   ##    ####  #     # #####
#       # # # # #          #     #  #  #  #            # #    #
#       #  #  #  #####     ######  #    #  ####   #####  #    #
#       #     #       #    #     # ######      #       # #    #
#     # #     # #     #    #     # #    # #    # #     # #    #
#####  #     #  #####     ######  #    #  ####   #####  #####
-------------------------------------------------------------------------------
Target: http://www.target.com/
Started in Thu Aug 21 23:44:13 2014
-------------------------------------------------------------------------------
[|]Loading...
[|] Joomla CMS identified!
-------------------------------------------------------------------------------
Starting the search for possible exploits!
-------------------------------------------------------------------------------
+-[|] Joomla Component com_content 1.0.0 (ItemID) SQL Injection Vuln
+--[-] http://www.exploit-db.com/exploits/6025/

+-[|] Joomla Bridge of Hope Template SQL Injection Vulnerability
+--[-] http://www.exploit-db.com/exploits/10964/

-------------------------------------------------------------------------------
End...
Possible exploits found: 2
-------------------------------------------------------------------------------

All the references (links of exploits) shown in CMS Bas3d are taken from exploit-db.com, 1337day.com and cxsecurity.com.

Link to project on GitHub HERE

You can download CMS Bas3d by cloning the Git repository:
Code:
git clone https://github.com/7mm5ll/CMS_Bas3d.git CMS_Bas3d

Note: Available only for Linux!

(Yes, this was translated by Google Translate)

08-23-2014, 07:29 AM #2
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:790 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
i like this code bro Smiley1
i don't test it but it seems to be relay cool for scanning Smiley1
but at the pm files i found something like that :
Code:
if ($v =~ /1.2/){ $expN = $expN + 1;
print "+-[|] ATutor 1.2 Multiple Vulnerabilities\n";
print "+--[-] http://www.exploit-db.com/exploits/22160/\n";
print "+--[-] http://www.1337day.com/exploit/19610\n\n";
}
10 a time so you can use maye switchcase to make the code faster and better to debug Smiley1

[Image: xodhvlpa.jpg]
[Image: test.php]

08-23-2014, 12:19 PM #3
Marck Offline Junior Member **
Registered
Posts:7 Threads:3 Joined:Aug 2014 Reputation: 1
Mood: Coffee
Good idea, I'll soon be making tests and if actually improve, i will update the repository Smiley1
Thank you Smiley1






Forum Jump:


Users browsing this thread:1 Guest(s)