loading
loading
Scanners
A CMS detection and exploitation suite.
overview
CMSeeK works out which content management system a site runs, then digs into it. It fingerprints the CMS and its version from generator tags, response headers, cookies, and known file paths, and ships signatures for over 180 content management systems. Knowing a host runs a specific CMS at a specific version is the fastest route to the right exploits and the right hardening checks.
Run modes trade depth for speed. A light scan stops at CMS and version detection, only-cms reports the platform alone, and the default deep scan pulls the fuller picture, including users, plugins, and themes on a WordPress target. User-agent controls, redirect handling, and a target list make it practical against many hosts and against sites that answer with redirects or bot filtering.
On Trickest, CMSeeK takes a URL or a target list and writes a folder of results. Run it after probing to label which hosts run which CMS, then route each platform to the scanner or template set that fits it.
use cases
Fingerprint a target to learn which CMS it runs and at what version, the starting point for choosing relevant exploits and checks.
Use light scan or only-cms to get CMS and version alone, skipping deep enumeration when you need to label many hosts quickly.
Pass a target list so one run fingerprints the CMS across every host, then group hosts by platform and route each group to a fitting scanner.
Set a random or custom user agent, or the Googlebot agent, so detection still lands against hosts that filter on user agent.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| url | STRING | --url | Target URL to fingerprint. |
| target-list | FILE | --list | File of targets to scan, comma separated. |
| light-scan | BOOLEAN | --light-scan | Skip the deep scan; CMS and version detection only. |
| only-cms | BOOLEAN | --only-cms | Report the CMS only, no version or deep scan. |
| cms-id | STRING | --strict-cms | Check only against the given CMS IDs, comma separated. |
| no-redirect | BOOLEAN | --no-redirect | Test the input target without following redirects. |
| use-random-agent | BOOLEAN | --random-agent | Use a random user agent to dodge basic bot filters. |
| custom-user-agent | STRING | --user-agent | Send a custom user agent string. |
Showing key inputs. cmseek exposes 13 inputs in total.
| Name | Type | Flag | Description |
|---|---|---|---|
| url | STRING | --url | Target URL to fingerprint. |
| target-list | FILE | --list | File of targets to scan, comma separated. |
| cms-id | STRING | --strict-cms | Check the target only against the given CMS IDs, comma separated. |
| ignore-cms-ids | STRING | -i | CMS IDs to skip to avoid false positives, comma separated. |
| only-cms | BOOLEAN | --only-cms | Only detect the CMS; skip deep scan and version detection. |
| light-scan | BOOLEAN | --light-scan | Skip the deep scan; do CMS and version detection only. |
| skip-scanned | BOOLEAN | --skip-scanned | Skip a target whose CMS was already detected. |
| no-redirect | BOOLEAN | --no-redirect | Skip all redirects and test the input target as given. |
| follow-redirect | BOOLEAN | --follow-redirect | Follow all redirects. |
| use-random-agent | BOOLEAN | --random-agent | Use a random user agent. |
| custom-user-agent | STRING | --user-agent | Send a custom user agent string. |
| googlebot-useragent | BOOLEAN | --googlebot | Use the Googlebot user agent. |
| verbose | BOOLEAN | --verbose | Increase output verbosity. |
example
# detect the CMS and version on one sitecmseek --url https://example.com --light-scan # fingerprint a host list and rotate the user agentcmseek --list targets.txt --random-agent --skip-scanned[i] Scanning Site: http://example.com[+] CMS Detected, CMS ID: wp, Detection method: Generator meta tag ┏━CMSeeK Result━━━━━━━━━━━━━━━━━━━━━━ ┃ [+] CMS: WordPress ┃ [+] Version: 6.4.2 ┃ [+] Readme File: http://example.com/readme.html ┃ [+] Users Found: admin, editor ┃ [+] Detected Plugins: contact-form-7, woocommerce ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[i] Result saved in Result/example.com/cms.jsonguidance
Use CMSeeK to label which CMS and version a host runs before testing it, so you point the right tooling at each platform. It identifies the stack, it is not a broad vulnerability scanner, so follow it with a CMS-specific scanner like wpscan or a template scanner like nuclei.
Deep WordPress-only scanner. CMSeeK detects the CMS first, then you point wpscan at the WordPress hosts.
Joomla-specific scanner. Use CMSeeK to find the Joomla hosts, joomscan to test them.
Broad technology fingerprinting. CMSeeK is sharper on identifying the specific CMS and version.
faq
related
Find reflected XSS during recon by checking payload reflection.
Fast and customizable subdomain wordlist generator using patterns.
Scans software bills of materials for security vulnerabilities.
Find broken links, missing images, and other dead references within your HTML.
A command-line scanner that finds exposed services, files, and folders through the web root.
The Swiss Army knife for automated Web Application Testing.
Hosts are probed by httpx, then CMSeeK fingerprints the live ones and writes a map of which CMS and version each host runs.
Facts on this page come from the live Trickest tool library.