-
Notifications
You must be signed in to change notification settings - Fork 16
Expand file tree
/
Copy pathcms.cheat
More file actions
31 lines (20 loc) · 2.05 KB
/
Copy pathcms.cheat
File metadata and controls
31 lines (20 loc) · 2.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
% cms cheatsheet
$ url: { [ -f scope.txt ] && tr '[:space:]' '\n' < scope.txt | sed '/^$/d' | awk '/^https?:\/\// { print; next } { print "http://" $0 "/" }'; printf '%s\n' http://127.0.0.1/; } | sort -u
# install doopscan
export cwd="$(pwd)";cd /tmp/; git clone https://github.com/droope/droopescan.git;sudo mv droopescan /bin/;cd $cwd
# doopscan scan drupal on target
nix shell github:esp0xdeadbeef/cheat.sheets#droopescan -c droopescan scan drupal -u '<url>'
# doopscan scan joomla on target
nix shell github:esp0xdeadbeef/cheat.sheets#droopescan -c droopescan scan joomla -u '<url>'
# doopscan scan moodle on target
nix shell github:esp0xdeadbeef/cheat.sheets#droopescan -c droopescan scan moodle -u '<url>'
# doopscan scan silverstripe on target
nix shell github:esp0xdeadbeef/cheat.sheets#droopescan -c droopescan scan silverstripe -u '<url>'
# doopscan scan wordpress on target
nix shell github:esp0xdeadbeef/cheat.sheets#droopescan -c droopescan scan wordpress -u '<url>'
# wordpress enumerate all (remove the tls-checks if http)
NIXPKGS_ALLOW_UNFREE=1 nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ wpscan ]' -c wpscan --url '<url>' -e ap,at,tt,cb,dbe,u,m --update --plugins-detection aggressive --plugins-version-detection aggressive --disable-tls-checks | tee -a wp-enum-all.txt
# wordpress scan agressive mode (Default: mixed, is missing allot.)
NIXPKGS_ALLOW_UNFREE=1 nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ wpscan ]' -c wpscan --url '<url>' --plugins-detection aggressive | tee -a wp-agressive-plugins.txt
# wordpress enumerate users from host (remove the tls-checks if http)
NIXPKGS_ALLOW_UNFREE=1 nix shell --impure -I nixpkgs=channel:nixos-unstable --expr 'with import (builtins.findFile builtins.nixPath "nixpkgs") { config.allowUnfree = true; }; [ wpscan ]' -c wpscan --enumerate u --url '<url>' --disable-tls-checks | tee -a wp-enum-users.txt