Skip to main content

Script to detect vulnerabilities in popular CMS?

Comments

5 comments

  • cPanelMichael
    Hello :) Typically, administrators will look for scripts that are outdated and recommend their clients to upgrade to the latest versions of those scripts. I am not aware of any third-party applications that will do this automatically. Thank you.
    0
  • quizknows
    I know of paid services, but not a free script. I've previously used the company 6scan, who would e-mail me whenever one of my web apps had a new vulnerability. Mods, If giving them a plug here is not allowed please edit my post and remove this.
    0
  • lbeachmike
    [quote="osiem, post: 1462261">Hello, Does anybody known script which scan websites on server and detect vulnerabilities in popular CMS look like Joomla, Wordpress, Drupal etc and send e-mail notification to administrator / user about detected issues?
    Hi there - I came across this - [url=http://resources.infosecinstitute.com/penetration-testing-in-cms/]Penetration Testing with the Joomla Security Scanner It looks interesting, but I've not had the chance to figure it out and give a try yet. If you do, please post about it. It seems to work in conjunction with this - [url=http://www.backtrack-linux.org]BackTrack Linux - Penetration Testing Distribution If you find any other solutions, please let us know. I've come across some very high-quality Wordpress security plug-ins, but nothing yet at the server level. Thanks. Mike
    0
  • MesinHosting
    using clamav default from cpanel installation i think it's quite good
    0
  • lbeachmike
    [quote="MesinHosting, post: 1468991">using clamav default from cpanel installation i think it's quite good
    Not with the stock virus sigs it's not. It's actually pretty horrible. I had an account with about 20-30 shells and various malware uploaded and it didn't detect a single one. On the other hand, when I uploaded the Wordpress Plug-in "Wordfence" to that same account, it detected all of these. They were really basic too - .gif files with malware code, and .htaccess malware. Clam should have easily detected those. Clearly the Clam signatures leave a lot to be desired. I've been looking at Scamp to get third party signatures added, but haven't had to time to try it yet. mrk
    0

Please sign in to leave a comment.