{"id":176,"date":"2021-05-24T09:50:02","date_gmt":"2021-05-24T14:50:02","guid":{"rendered":"https:\/\/www.searchevolution.com\/security\/?p=176"},"modified":"2021-06-30T19:16:47","modified_gmt":"2021-07-01T00:16:47","slug":"utilitaires-pour-le-scan-des-cms","status":"publish","type":"post","link":"https:\/\/www.searchevolution.com\/security\/2021\/05\/24\/utilitaires-pour-le-scan-des-cms\/","title":{"rendered":"Utilitaires pour le scan des CMS"},"content":{"rendered":"

Outils pour le scan des CMS
\n## scan Joomla
\njoomscan -u http:\/\/www.searchevolution.com\/security<\/code><\/p>\n

## scan WordPress
\nwpscan --url https:\/\/www.searchevolution.com\/security<\/code><\/p>\n

## lister les plugins WordPress (fa\u00e7on agressive)
\nwpscan --url http:\/\/www.test.com\/ --plugins-detection aggressive<\/code><\/p>\n

## usagers WordPress
\nwpscan --url http:\/\/10.10.10.2 --enumerate u<\/code><\/p>\n

## trouver avec la force brute des usagers. utilitaire wp_login_user_enumeration.py<\/a>
\npython wp_login_user_enumeration.py -t https:\/\/www.searchevolution.com\/security -u usernames.txt<\/code><\/p>\n

## trouver les mots de passe WordPress avec la force brute.
\n

wpscan --url 10.10.10.2\/secret --wordlist \/usr\/share\/wordlists\/dirb\/big.txt --threads 2\nwpscan -U users.txt -P \/usr\/share\/wordlists\/rockyou.txt --url http:\/\/blog.thm # voir plus haut pour l'\u00e9num\u00e9ration des usagers\n<\/code><\/pre><\/p>\n
## Scanner drupal. LIRE \/CHANGELOG.TXT pour la version. Trouver les endpoint des services. <\/p>\n