Skip to main content


License Apache-2.0GitHub release (latest SemVer)OWASP Incubator ProjectArtifact HUBGitHub Repo starsTwitter Follower

What is CMSeeK?#

CMSeeK is an open source penetration testing tool to automate the process of detecting various types of CMS and its installed extensions. Only the Joomla CMS is supported by secureCodeBox. CMSeeK has a database with known vulnerabilities.

To learn more about the CMSeeK scanner itself, visit the CMSeeK GitHub repository here.


The cmseek chart can be deployed via helm:

# Install HelmChart (use -n to configure another namespace)helm upgrade --install cmseek secureCodeBox/cmseek

Scanner Configuration#

The CMSeeK targets are specified with the -u parameter. The target should be a URL.

Additional CMSeeK scan features can be configured via the parameter attribute.

Some useful example parameters listed below:

  • -u URL, --url URL : Target Url.
  • --follow-redirect : Follows all/any redirect(s).
  • --no-redirect : skips all redirects and tests the input target(s)
  • -r, --random-agent: Use a random user agent.
  • --googlebot: Use Google bot user agent.
  • --user-agent USER_AGENT: Specify a custom user agent


Kubernetes: >=v1.11.0-0



# SPDX-FileCopyrightText: 2021 iteratec GmbH## SPDX-License-Identifier: Apache-2.0
apiVersion: ""kind: Scanmetadata:  name: cmseek-examplespec:  scanType: "cmseek"  parameters:    - "-u"    - "old-joomla.demo-targets.svc.cluster.local" # Change to the website you want to scan    - "--no-redirect"