1, CMS fingerprint identification
CMS (Content Management System), also known as whole station system or article system. For web content management. Users only need to download the corresponding CMS package, build deployment, you can directly use CMS, easy and convenient. But various CMS has its unique structure and naming the specific contents of the file, so you can use these elements to obtain CMS CMS and site specific software version. Common CMS: dedecms (weaving dreams), Discuz, Phpcms and so on.
2, CMS recognition tools:
1, online tools http://whatweb.bugscaner.com/look/ (recommended), http://www.yunsee.cn/finger.html
2, local tools whatweb,
Sword web fingerprint identification procedures,
Yu CMS recognition program https://github.com/Ms0x0/Dayu
3, for the CMS vulnerability inquiry
For queries to the CMS can be used to specify the CMS website https://bugs.shuimugan.com vulnerabilities.
Directory information sensitive
probe for the target Web directory structure and hide sensitive files is very important. In the detection process is likely to detect the background page, upload page, database files, and even the website source code file compression packages.
4, detection tools:
1, background scanning tool Sword
2, wwwscan command line tool
3, dirb command line tool
4, dirbuster scan tool
5, wordpress test
WordPress is using PHP language development blog platform, users can set up their own Web site on the server that supports PHP and MySQL database. You can also WordPress as a content management system (CMS) to use.
WordPress for testing, you can use the corresponding tools wpscan safety testing.