-
Notifications
You must be signed in to change notification settings - Fork 123
Fingerprinting CMS
Keith Lee edited this page May 15, 2018
·
1 revision
Below is a sample output when using the --cms option to fingerprint the CMS on the target hosts. It also returns the Metasploit modules based on the version of the CMS software.
$ /git/pathbrute/pathBrute -U urls.txt --cms -i -v
[...redacted for brevity...]
[Found] https://[redacted] [Wordpress 4.8.6]
[Found] https://[redacted] [Wordpress 3.0]
Wordpress XML-RPC system.multicall Credential Collector [auxiliary/scanner/http/wordpress_multicall_creds]
WordPress Traversal Directory DoS [auxiliary/dos/http/wordpress_directory_traversal_dos]
[Found] https://[redacted] [Wordpress 3.8.26]
Wordpress XMLRPC DoS [auxiliary/dos/http/wordpress_xmlrpc_dos]
Wordpress XML-RPC system.multicall Credential Collector [auxiliary/scanner/http/wordpress_multicall_creds]
WordPress Traversal Directory DoS [auxiliary/dos/http/wordpress_directory_traversal_dos]
[Found] https://[redacted] [Wordpress 3.9.9]
Wordpress XML-RPC system.multicall Credential Collector [auxiliary/scanner/http/wordpress_multicall_creds]
WordPress Traversal Directory DoS [auxiliary/dos/http/wordpress_directory_traversal_dos]
[Found] https://[redacted] [Wordpress 3.3]
Wordpress XML-RPC system.multicall Credential Collector [auxiliary/scanner/http/wordpress_multicall_creds]
WordPress Traversal Directory DoS [auxiliary/dos/http/wordpress_directory_traversal_dos]