Home / CMS / CMS Analysis / Comission / Drupal / Linux / vulnerabilities / WordPress / Comission - WhiteBox CMS Analysis

Comission - WhiteBox CMS Analysis

| Post sponsored by FaradaySEC | Multiuser Pentest Environment

CoMisSion is a tool to quickly analyze a CMS setup. The tool:
  • checks for the core version;
  • looks for the last core version;
  • looks for vulnerabilities in core version used;
  • checks for plugins version;
  • looks for vulnerabilities in plugins version used;
A complete report can be generated in XLSX or CSV format.
The tool has been tested on Linux only.

Example
./commision.py -c wordpress -d /cms_dir -o report.xlsx -t XLSX

Installation
git clone https://github.com/Intrinsec/comission
pip install -r requirements.txt

Usage
usage: comission.py [-h] -d DIR -c CMS [-o FILE]

  -h, --help              show this help message and exit
  -d DIR, --dir DIR       CMS root directory
  -c CMS, --cms CMS       CMS type (Drupal, WordPress)
  -o FILE, --output FILE  Path to output file
  -t TYPE, --type TYPE    Type of output file (CSV, XLSX). Default to XLSX.

CMS supported
  • Wordpress
  • Drupal (no vulnerability checks)

Docker
We are not publishing any official image yet. To use the tool with docker, you can build an image. In the project folder, build with:
docker build -t isec/comission .
Then run it with :
docker run -it --rm -v /TARGET_PATH/:/cms_path/ -v /OUTPUT_DIR/:/output/ isec/comission -d /cms_path/ -c drupal -o /output/test_docker.xlsx -t XLSX
Be careful to change the path "TARGET_PATH" and "OUTPUT_DIR" to match your folders.

Author
Paul Mars (Intrinsec)
Based on an idea of Etienne Boursier (Intrinsec)


Comission - WhiteBox CMS Analysis Comission - WhiteBox CMS Analysis Reviewed by Zion3R on 6:30 PM Rating: 5