CMSeeK: CMS Detection and Exploitation Tool

CMSeeK is a CMS detection and exploitation tool, written in Python3, capable of scanning numerous content management systems including WordPress, Joomla, Drupal, etc. It allows you to run both simple CMS detection and deep scans, as well as multisite scans.

Currently it can be ran on any Unix-based system (Linux, OS X), but soon it’ll be available for Windows, too.

Disclaimer: Usage of CMSeeK for testing or exploiting websites without prior mutual consistency can be considered as an illegal activity. Authors assume no liability and are not responsible for any misuse or damage caused by this program.

CMSeeK: CMS Detection and Exploitation suite

All CMSs which can be detected by CMSeeK, you can find in file stored in the cmseekdb directory. After you ran a successful scan, results will be stored in cms.json file which you can find inside Result\<Target Site> directory. Brute-force scan results will be stored in txt file and you can find them inside the website’s directory. In addition, CMSeek has a modular brute-force system which allows you to make/add your own modules.


  • CMSeeK can perform basic CMS detection: for plenty of different CMS (150+).
  • Capable of advanced WordPress scans: plugins, user and theme enumeration; version and user detection (3 different detection modes); version vulnerabilities detection, etc.
  • Beside WordPress version detection, it can detect Drupal version.
  • Capable of Advanced Joomla scans: admin page and backup files finder; core vulnerability and config leak detection; directory listing checks, etc.
  • It has modular brute-force system: you can use pre made or create your own modules and integrate it within CMSeeK system.
  • And so much more.

Detection Methods:

  • HTTP Headers
  • Generator meta tag
  • Page source code
  • robots.txt


  • Python 3, Unix based system and git.


Clone the GitHub repo:

$ git clone

Navigate to the CMSeeK directory and install all requirements using pip3:

$ cd CMSeeK
$ pip3 install -r requirements.txt


To list all available options use --help:

       python3 (for a guided scanning) OR
       python3 [OPTIONS] <Target Specification>

      -u URL, --url URL            Target Url
      -l LIST, -list LIST          path of the file containing list of sites
                                   for multi-site scan (comma separated)
      --follow-redirect            Follows all/any redirect(s)
      --no-redirect                Skips all redirects and tests the input target(s)

      -r, --random-agent           Use a random user agent
      --googlebot                  Use Google bot user agent
      --user-agent USER_AGENT      Specify a custom user agent

      -v, --verbose                Increase output verbosity

      --update                     Update CMSeeK (Requires git)
      --version                    Show CMSeeK version and exit

      -h, --help                   Show this help message and exit
      --clear-result               Delete all the scan result

      python3 -u                           # Scan
      python3 -l /home/user/target.txt                 # Scan the sites specified in target.txt (comma separated)
      python3 -u --user-agent Mozilla 5.0  # Scan using custom user-Agent Mozilla is 5.0 used here
      python3 -u --random-agent            # Scan using a random user-Agent
      python3 -v -u                        # enabling verbose output while scanning

To start guided scanning, just run the following:

$ python3


$ python3 -u <target_url> [...]

To check for update, make sure you’ve installed git and run:

$ python3 --update
Download Box

Leave a Reply

Your email address will not be published. Required fields are marked *