CMS is a Content Management System that is used to develop websites/blogs. Some of the most popular CMSs are WordPress, Joomla, and Drupal. Multiple themes and plugins are used in CMS to develop a website and many times these themes and plugins are vulnerable. If you’re using the vulnerable plugins and themes then your website is vulnerable and attackers can easily target your website.
ESDS VTMScan Detection Techniques
First, we detect which CMS is used to build the website and then scan it accordingly. For example, if the target website is built with a WordPress, ESDS VTMScan will run all scans for WordPress. Right now ESDS VTMScan supports CMSs like WordPress, Joomla, Drupal & vBulletin.
- Scans themes, plugins, and unprotected admin area.
- User enumeration.
- Brute forcing for simple password detection.
- FPD – File Path Disclosure scanning.
- Detect CMS in all directories.