# CMSmap is a python open source CMS scanner that automates the process 
# of detecting security flaws of the most popular CMSs. 
# The main purpose of CMSmap is to integrate common vulnerabilities for 
# different types of CMSs in a single tool.

# At the moment, CMSs supported by CMSmap are WordPress, Joomla, Drupal and Moodle.


usage: cmsmap [-f W/J/D] [-F] [-t] [-a] [-H] [-i] [-o] [-E] [-d] [-u] [-p]
              [-x] [-k] [-w] [-v] [-h] [-D] [-U W/J/D]

CMSmap tool v1.0 - Simple CMS Scanner
Author: Mike Manzotti

  target                target URL (e.g. '')
  -f W/J/D, --force W/J/D
                        force scan (W)ordpress, (J)oomla or (D)rupal
  -F, --fullscan        full scan using large plugin lists. False positives and slow!
  -t , --threads        number of threads (Default 5)
  -a , --agent          set custom user-agent
  -H , --header         add custom header (e.g. 'Authorization: Basic ABCD...')
  -i , --input          scan multiple targets listed in a given file
  -o , --output         save output in a file
  -E, --noedb           enumerate plugins without searching exploits
  -c, --nocleanurls     disable clean urls for Drupal only
  -s, --nosslcheck      don't validate the server's certificate
  -d, --dictattack      run low intense dictionary attack during scanning (5 attempts per user)

  -u , --usr            username or username file
  -p , --psw            password or password file
  -x, --noxmlrpc        brute forcing WordPress without XML-RPC

Post Exploitation:
  -k , --crack          password hashes file (Require hashcat installed. For WordPress and Joomla only)
  -w , --wordlist       wordlist file

  -v, --verbose         verbose mode (Default false)
  -h, --help            show this help message and exit
  -D, --default         rum CMSmap with default options
  -U, --update          use (C)MSmap, (P)lugins or (PC) for both

Examples: -f W -F --noedb -d -i targets.txt -o output.txt -u admin -p passwords.txt -k hashes.txt -w passwords.txt