Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
des_outils_pour_scanner_des_cms [2019/10/11 21:58] M0N5T3R |
des_outils_pour_scanner_des_cms [2022/12/14 09:13] (Version actuelle) M0N5T3R |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
+ | FIXME **Le PAD pour proposer une amélioration à cette page :** https://pad.zenk-security.com/p/merci | ||
+ | |||
+ | |||
+ | ====== Des outils pour scanner des CMS ====== | ||
**Wordpress** | **Wordpress** | ||
+ | |||
+ | 🛠 online free scan https://hackertarget.com/wordpress-security-scan/ | ||
+ | |||
+ | 🛠 wpxf - WordPress Exploit Framework https://github.com/rastating/wordpress-exploit-framework | ||
+ | |||
+ | 🛠 Wp brute force login https://github.com/04x/WpBrute-Priv8 | ||
🛠 WpscaN Project https://github.com/04x/WpscaN | 🛠 WpscaN Project https://github.com/04x/WpscaN | ||
- | 🛠 wpscan https://github.com/wpscanteam/wpscan | + | 🛠 wpscan , conseil : utilisez wpscan avec une API key de WPVulnDB API https://github.com/wpscanteam/wpscan |
🛠 wordpresscan https://github.com/swisskyrepo/Wordpresscan | 🛠 wordpresscan https://github.com/swisskyrepo/Wordpresscan | ||
Ligne 25: | Ligne 35: | ||
🛠 WPForce https://github.com/n00py/WPForce | 🛠 WPForce https://github.com/n00py/WPForce | ||
- | 🛠 WPSploit - Exploiting WordPress With Metasploit. https://github.com/espreto/wpsploit/blob/master/README.md | + | 🛠 WPSploit - Exploiting WordPress With Metasploit. https://github.com/espreto/wpsploit/ |
🛠 WPSploit - WordPress Plugin Code Scanner https://web.archive.org/web/20180617174139/https://github.com/m4ll0k/WPSploit | 🛠 WPSploit - WordPress Plugin Code Scanner https://web.archive.org/web/20180617174139/https://github.com/m4ll0k/WPSploit | ||
Ligne 50: | Ligne 60: | ||
🛠 A simple script to check for CVE's for specific WordPress versions, plugins, and themes https://github.com/t0pang4/WordPress-Vulnerability-Scanner | 🛠 A simple script to check for CVE's for specific WordPress versions, plugins, and themes https://github.com/t0pang4/WordPress-Vulnerability-Scanner | ||
- | |||
- | 🛠 CVE-2018-19487, CVE-2018-19488, exploit for WordPress wp-jobhunt plugin https://github.com/Antho59/wp-jobhunt-exploit | ||
🛠 Tries to exploit a WordPress vulnerability (CVE-2018-6389) which can be used to cause a Denial of Service. https://github.com/m3ssap0/wordpress_cve-2018-6389 | 🛠 Tries to exploit a WordPress vulnerability (CVE-2018-6389) which can be used to cause a Denial of Service. https://github.com/m3ssap0/wordpress_cve-2018-6389 | ||
🛠 Wp-sec is an extension for wp-cli which checks for Wordpress CVE security issues at wpvulndb.com. All installed versions of core, plugins and themes can be checked and monitored, so you know when to update your Wordpress installation. https://github.com/markri/wp-sec | 🛠 Wp-sec is an extension for wp-cli which checks for Wordpress CVE security issues at wpvulndb.com. All installed versions of core, plugins and themes can be checked and monitored, so you know when to update your Wordpress installation. https://github.com/markri/wp-sec | ||
+ | |||
+ | 🛠 Wordpress Scanning, Username Enumeration, Backup Grabbing https://github.com/hudacbr/D-TECT | ||
**Drupal** | **Drupal** | ||
+ | 🛠 Drupal online free scanner https://hackertarget.com/drupal-security-scan/ | ||
🛠 DrupalScan https://github.com/rverton/DrupalScan | 🛠 DrupalScan https://github.com/rverton/DrupalScan | ||
Ligne 72: | Ligne 83: | ||
🛠 RCE REST de Drupal8, SA-CORE-2019-003, CVE-2019-6340 https://github.com/jas502n/CVE-2019-6340 | 🛠 RCE REST de Drupal8, SA-CORE-2019-003, CVE-2019-6340 https://github.com/jas502n/CVE-2019-6340 | ||
- | 🛠 Outils de collecte et d'exploitation d'informations Drupal Https://github.com/immunIT/drupwn | + | 🛠 Outils de collecte et d'exploitation d'informations Drupal https://github.com/immunIT/drupwn |
**Joomla** | **Joomla** | ||
+ | |||
+ | 🛠 Online free joomla scan https://hackertarget.com/joomla-security-scan/ | ||
🛠 Joomscan https://github.com/rezasp/joomscan | 🛠 Joomscan https://github.com/rezasp/joomscan | ||
Ligne 109: | Ligne 122: | ||
🛠 LetMeFuckIt Scanner AutoPWNED https://github.com/onthefrontline/LetMeFuckIt-Scanner | 🛠 LetMeFuckIt Scanner AutoPWNED https://github.com/onthefrontline/LetMeFuckIt-Scanner | ||
+ | |||
+ | 🛠 Magescan https://github.com/steverobbins/magescan | ||
+ | https://github.com/steverobbins/magescan/releases/download/v1.12.9/magescan.phar | ||
**Moodle** | **Moodle** | ||
Ligne 130: | Ligne 146: | ||
🛠 SPIPScan https://github.com/PaulSec/SPIPScan | 🛠 SPIPScan https://github.com/PaulSec/SPIPScan | ||
+ | |||
+ | |||
+ | **Symfony** | ||
+ | |||
+ | 🛠 Enemies Of Symfony (EOS) - EOS loots information from a Symfony target in debug mode https://github.com/lodi-g/eos | ||
+ | |||
+ | 🛠 Exploits targeting Symfony. See: Symfony's secret fragments https://github.com/ambionics/symfony-exploits | ||
**Divers CMS** | **Divers CMS** | ||
+ | |||
+ | 🛠 online free scan https://www.nmmapper.com/tools/reconnaissance-tools/cmseek-scanning/CMS%20Detection%20and%20Exploitation%20suite/ | ||
+ | |||
+ | 🛠 All in one tool for Information Gathering and Vulnerability Scanning https://github.com/nandydark/DARK-EAGLE | ||
🛠 CMSmap https://github.com/Dionach/CMSmap | 🛠 CMSmap https://github.com/Dionach/CMSmap | ||
+ | |||
+ | 🛠 CMSeeK https://github.com/Tuhinshubhra/CMSeeK | ||
+ | |||
+ | 🛠 ICG-AutoExploiterBoT Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart https://github.com/04x/ICG-AutoExploiterBoT | ||
🛠 CMSsc4n https://github.com/n4xh4ck5/CMSsc4n | 🛠 CMSsc4n https://github.com/n4xh4ck5/CMSsc4n | ||
Ligne 191: | Ligne 222: | ||
🛠 ICG BOT FULL RECODED. https://github.com/apidotmy/Fuckedz?files=1 | 🛠 ICG BOT FULL RECODED. https://github.com/apidotmy/Fuckedz?files=1 | ||
+ | |||
+ | 🛠 M3m0 Tool Website Vulnerability Scanner & Auto Exploiter https://github.com/mrwn007/M3M0 | ||
+ | |||
+ | |||
+ | 🛠 007BOT ⚔️ Website Vulnerability Scanner & Auto Exploiter https://github.com/mrwn007/007BOT | ||
+ | |||
🛠 izocin bot priv8 | 🛠 izocin bot priv8 | ||
.. | .. |