Skip to main content

CMSeeK

License Apache-2.0GitHub release (latest SemVer)OWASP Incubator ProjectArtifact HUBGitHub Repo starsTwitter Follower

What is CMSeeK?#

CMSeeK is an open source penetration testing tool to automate the process of detecting various types of CMS and it's installed extensions. We use it to scan Joomla CMS. It also has a database with known vulnerabilities.

To learn more about the CMSeeK scanner itself visit [https://github.com/Tuhinshubhra/CMSeeK].

Deployment#

The cmseek chart can be deployed via helm:

# Install HelmChart (use -n to configure another namespace)helm upgrade --install cmseek secureCodeBox/cmseek

Scanner Configuration#

The CMSeeK targets are specified with the -u parameter. The target should be a hostname or an IP address.

Additional CMSeeK scan features can be configured via the parameter attribute.

Some useful example parameters listed below:

  • -u URL, --url URL : Target Url.
  • --follow-redirect : Follows all/any redirect(s).
  • --no-redirect : kips all redirects and tests the input target(s)
  • -r, --random-agent: Use a random user agent.
  • --googlebot: Use Google bot user agent.
  • --user-agent USER_AGENT: Specify a custom user agent

Requirements#

Kubernetes: >=v1.11.0-0

Examples#

demo-old-joomla#

# SPDX-FileCopyrightText: 2021 iteratec GmbH## SPDX-License-Identifier: Apache-2.0
apiVersion: "execution.securecodebox.io/v1"kind: Scanmetadata:  name: cmseek-examplespec:  scanType: "cmseek"  parameters:    - "-u"    - "old-joomla.demo-targets.svc.cluster.local" # Change to the website you want to scan    - "--no-redirect"