Script to detect vulnerabilities in popular CMS?
Hello,
Does anybody known script which scan websites on server and detect vulnerabilities in popular CMS look like Joomla, Wordpress, Drupal etc and send e-mail notification to administrator / user about detected issues?
-
Hello :) Typically, administrators will look for scripts that are outdated and recommend their clients to upgrade to the latest versions of those scripts. I am not aware of any third-party applications that will do this automatically. Thank you. 0 -
I know of paid services, but not a free script. I've previously used the company 6scan, who would e-mail me whenever one of my web apps had a new vulnerability. Mods, If giving them a plug here is not allowed please edit my post and remove this. 0 -
[quote="osiem, post: 1462261">Hello, Does anybody known script which scan websites on server and detect vulnerabilities in popular CMS look like Joomla, Wordpress, Drupal etc and send e-mail notification to administrator / user about detected issues?
Hi there - I came across this - [url=http://resources.infosecinstitute.com/penetration-testing-in-cms/]Penetration Testing with the Joomla Security Scanner It looks interesting, but I've not had the chance to figure it out and give a try yet. If you do, please post about it. It seems to work in conjunction with this - [url=http://www.backtrack-linux.org]BackTrack Linux - Penetration Testing Distribution If you find any other solutions, please let us know. I've come across some very high-quality Wordpress security plug-ins, but nothing yet at the server level. Thanks. Mike0 -
using clamav default from cpanel installation i think it's quite good 0 -
[quote="MesinHosting, post: 1468991">using clamav default from cpanel installation i think it's quite good
Not with the stock virus sigs it's not. It's actually pretty horrible. I had an account with about 20-30 shells and various malware uploaded and it didn't detect a single one. On the other hand, when I uploaded the Wordpress Plug-in "Wordfence" to that same account, it detected all of these. They were really basic too - .gif files with malware code, and .htaccess malware. Clam should have easily detected those. Clearly the Clam signatures leave a lot to be desired. I've been looking at Scamp to get third party signatures added, but haven't had to time to try it yet. mrk0
Please sign in to leave a comment.
Comments
5 comments