CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
8 J. w* x4 u4 P) N
/ @: r% N2 a' t, ^9 AAdditionally, CMS Explorer can be used to aid in security testing. While it performs no direct security checks, the "explore" option can be used to reveal hidden/library files which are not typically accessed by web clients but are nonetheless accessible. This is done by retrieving the module's current source tree and then requesting those file names from the target system. These requests can be sent through a distinct proxy to help "bootstrap" security testing tools like Burp, Paros, Webinspect, etc.7 Y3 T. s+ P F6 N8 @; R/ O5 w: t
* S, ^3 } b9 x# c3 M
CMS Explorer can also search OSVDB for vulnerabilities with the installed components.
; o0 d, ~ e) ~6 Y$ _2 F. F! a( d6 b( `( f# ] z1 D& k" } W
CMS Explorer currently supports module/theme discovery with the following products:$ H1 R. y% m* C9 I9 b2 K) X+ q. o
5 G. Q1 {3 L# j& p6 {
Drupal
% _, X+ F- U m5 }8 h7 m( {Wordpress2 m3 w T1 }1 q6 i$ @$ h
Joomla!$ c) }* q E6 Q" R
Mambo, L( ?+ d* w( v& ^: y1 o1 y
And exploration of the following products:
, y+ ~8 O6 p ^( P
0 Q N+ `& k' G _3 zDrupal
2 L0 F+ W3 g0 @, b2 ^& pWordpress
- V4 r4 p' _/ z/ ~See the wiki for more details and usage information.% L f5 t# Z; w- }+ _+ c
! x, k& ]2 i. Q# G$ I項目地址:http://code.google.com/p/cms-explorer/ |
發表於 2013-5-21 11:29:30
提升卡
沉默卡
变色卡