You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CMSmap Version: up to date
CMS Type: WordPress
CMS Version: identified in WPScan = 5.7.2
Plugin Name: exploits
OS Information: kali 20.4
Steps to reproduce the issue
with my authorization to test a client, performed basic scan with no exploits. Found X-Frame Options not enforced, and robots.txt found. Therefore, I'm looking to see what exploits would be produced removing the -E flag. I tried multiple variation options such as -f W -F -d combinations and still received missing pluging outputs:
also, ensured the config leveraged APT and usr/share/exploitdb was set correctly
sudo python3 cmsmap.py https://clientname.org
scan ran and detected the Xframe and robots file but couldn't exploit or provide further results:
cmsmap.py https://targetedclient.org -f W -F -x -d -o LSoutput1.txt
[-] Date & Time: 16/06/2021 11:21:26
[I] Threads: 5
[-] Target: https://redacted.to.protect.clientname
[I] Server: nginx
[I] X-Powered-By: WP Engine
[L] X-Frame-Options: Not Enforced
[I] Strict-Transport-Security: Not Enforced
[I] X-Content-Security-Policy: Not Enforced
[I] X-Content-Type-Options: Not Enforced
[L] Robots.txt Found: https://redacted.org/robots.txt
[I] CMS Detection: WordPress
[I] Wordpress Theme: redacted
Traceback (most recent call last):
File "/opt/CMSmap/cmsmap.py", line 25, in
main()
File "/opt/CMSmap/cmsmap/main.py", line 174, in main
scanner.RunScanner()
File "/opt/CMSmap/cmsmap/lib/scanner.py", line 38, in RunScanner
self.FindCMSType()
File "/opt/CMSmap/cmsmap/lib/scanner.py", line 119, in FindCMSType
self.ForceCMSType()
File "/opt/CMSmap/cmsmap/lib/scanner.py", line 49, in ForceCMSType
wpscan.WPrun()
File "/opt/CMSmap/cmsmap/lib/wpscan.py", line 48, in WPrun
self.WPConfigFiles()
File "/opt/CMSmap/cmsmap/lib/wpscan.py", line 125, in WPConfigFiles
requester.request(self.url + "/wp-config" + file, data=None)
File "/opt/CMSmap/cmsmap/lib/requester.py", line 31, in request
self.response = urllib.request.urlopen(self.req)
File "/usr/lib/python3.9/urllib/request.py", line 214, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python3.9/urllib/request.py", line 517, in open
response = self._open(req, data)
File "/usr/lib/python3.9/urllib/request.py", line 534, in _open
result = self._call_chain(self.handle_open, protocol, protocol +
File "/usr/lib/python3.9/urllib/request.py", line 494, in _call_chain
result = func(*args)
File "/usr/lib/python3.9/urllib/request.py", line 1389, in https_open
return self.do_open(http.client.HTTPSConnection, req,
File "/usr/lib/python3.9/urllib/request.py", line 1350, in do_open
r = h.getresponse()
File "/usr/lib/python3.9/http/client.py", line 1347, in getresponse
response.begin()
File "/usr/lib/python3.9/http/client.py", line 307, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.9/http/client.py", line 276, in _read_status
raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response
Describe how to reproduce the issue
see above.
Expected behaviour
not sure, but expected some results, not traceback errors
Describe how CMSmap should have handled the issue
First time running into this issue, or leveraging CMSmap without the -E
The text was updated successfully, but these errors were encountered:
Issue Details
CMSmap Version: up to date
CMS Type: WordPress
CMS Version: identified in WPScan = 5.7.2
Plugin Name: exploits
OS Information: kali 20.4
Steps to reproduce the issue
with my authorization to test a client, performed basic scan with no exploits. Found X-Frame Options not enforced, and robots.txt found. Therefore, I'm looking to see what exploits would be produced removing the -E flag. I tried multiple variation options such as -f W -F -d combinations and still received missing pluging outputs:
also, ensured the config leveraged APT and usr/share/exploitdb was set correctly
sudo python3 cmsmap.py https://clientname.org
scan ran and detected the Xframe and robots file but couldn't exploit or provide further results:
cmsmap.py https://targetedclient.org -f W -F -x -d -o LSoutput1.txt
[-] Date & Time: 16/06/2021 11:21:26
[I] Threads: 5
[-] Target: https://redacted.to.protect.clientname
[I] Server: nginx
[I] X-Powered-By: WP Engine
[L] X-Frame-Options: Not Enforced
[I] Strict-Transport-Security: Not Enforced
[I] X-Content-Security-Policy: Not Enforced
[I] X-Content-Type-Options: Not Enforced
[L] Robots.txt Found: https://redacted.org/robots.txt
[I] CMS Detection: WordPress
[I] Wordpress Theme: redacted
Traceback (most recent call last):
File "/opt/CMSmap/cmsmap.py", line 25, in
main()
File "/opt/CMSmap/cmsmap/main.py", line 174, in main
scanner.RunScanner()
File "/opt/CMSmap/cmsmap/lib/scanner.py", line 38, in RunScanner
self.FindCMSType()
File "/opt/CMSmap/cmsmap/lib/scanner.py", line 119, in FindCMSType
self.ForceCMSType()
File "/opt/CMSmap/cmsmap/lib/scanner.py", line 49, in ForceCMSType
wpscan.WPrun()
File "/opt/CMSmap/cmsmap/lib/wpscan.py", line 48, in WPrun
self.WPConfigFiles()
File "/opt/CMSmap/cmsmap/lib/wpscan.py", line 125, in WPConfigFiles
requester.request(self.url + "/wp-config" + file, data=None)
File "/opt/CMSmap/cmsmap/lib/requester.py", line 31, in request
self.response = urllib.request.urlopen(self.req)
File "/usr/lib/python3.9/urllib/request.py", line 214, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python3.9/urllib/request.py", line 517, in open
response = self._open(req, data)
File "/usr/lib/python3.9/urllib/request.py", line 534, in _open
result = self._call_chain(self.handle_open, protocol, protocol +
File "/usr/lib/python3.9/urllib/request.py", line 494, in _call_chain
result = func(*args)
File "/usr/lib/python3.9/urllib/request.py", line 1389, in https_open
return self.do_open(http.client.HTTPSConnection, req,
File "/usr/lib/python3.9/urllib/request.py", line 1350, in do_open
r = h.getresponse()
File "/usr/lib/python3.9/http/client.py", line 1347, in getresponse
response.begin()
File "/usr/lib/python3.9/http/client.py", line 307, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.9/http/client.py", line 276, in _read_status
raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response
Describe how to reproduce the issue
see above.
Expected behaviour
not sure, but expected some results, not traceback errors
Describe how CMSmap should have handled the issue
First time running into this issue, or leveraging CMSmap without the -E
The text was updated successfully, but these errors were encountered: