Skip to content

ajinabraham/CMSScan

BranchesTags

Repository files navigation

CMSScan

Scan WordPress, Drupal, Joomla, vBulletin websites for Security issues.

platform License python Rawsec's CyberSecurity Inventory

Made with Love in India

CMSScan provides a centralized Security Dashboard for CMS Security scans. It is powered by wpscan, droopescan, vbscan and joomscan. It supports both on demand and scheduled scans and has the ability to sent email reports.

Install

# Requires ruby, ruby-dev, gem, libwww-perl, python3.6+ and git git clone https://github.com/ajinabraham/CMSScan.git cd CMSScan ./setup.sh

Run

./run.sh

Periodic Scans

You can perform periodic CMS scans with CMSScan. You must run CMSScan server separately and configure the following before running the scheduler.py script.

# SMTP SETTINGS SMTP_SERVER = '' FROM_EMAIL = '' TO_EMAIL = '' # SERVER SETTINGS SERVER = '' # SCAN SITES WORDPRESS_SITES = [] DRUPAL_SITES = [] JOOMLA_SITES = [] VBULLETIN_SITES = []

Add a cronjob

crontab -e @weekly /usr/bin/python3 scheduler.py

Basic Auth

By default there is no authentication. To enable basic auth, configure the following in app.py

app.config['BASIC_AUTH_USERNAME'] = 'admin' app.config['BASIC_AUTH_PASSWORD'] = 'password' app.config['BASIC_AUTH_FORCE'] = True

Docker

Local

docker build -t cmsscan . docker run -it -p 7070:7070 cmsscan

Prebuilt Image

docker pull opensecurity/cmsscan docker run -it -p 7070:7070 opensecurity/cmsscan

Screenshots

About

CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues

opensecurity.in

Topics

wordpress security automation drupal joomla vbulletin devsecops security-dashboard

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1.1k stars

Watchers

36 watching

Forks

147 forks
Report repository

Releases

No releases published

Sponsor this project

  •  
Learn more about GitHub Sponsors

Packages

No packages published

Contributors 6

Languages