CoMisSion – WhiteBox CMS analysis

CoMisSion is a tool to quickly analyze a CMS setup. The tool:

• checks for the core version;
• checks for modifications made on the core (additions, alterations, deletions) with a fresh archive downloaded from CMS official website;
• looks for the last core version;
• looks for vulnerabilities in core version used;
• checks for plugins and themes version;
• checks for modifications made on each plugin and each theme (additions, alterations, deletions) with a fresh archive downloaded from CMS official website;
• looks for vulnerabilities in plugins and themes version used.

🔥 Attention: CoMisSion is not looking for vulnerabilities by analyzing the source code. Vulnerabilities are gathered from public databases like wpvulndb. Finding new vulnerabilities is not the purpose of this tool.

A complete report can be generated in the following format:

• XLSX
• CSV
• JSON (to allow the tool to be used in a CI process)

Installation

git clone https://github.com/Intrinsec/comission

pip install -r requirements.txt

Usage

usage: comission.py [-h] -d DIR -c CMS [-o FILE]



  -h, --help              show this help message and exit

  -d DIR, --dir DIR       CMS root directory

  -c CMS, --cms CMS       CMS type (Drupal, WordPress)

  -o FILE, --output FILE  Path to output file

  -t TYPE, --type TYPE    Type of output file (CSV, XLSX). Default to XLSX.

CMS supported

• WordPress
• Drupal (no vulnerability checks)

Example

./commision.py -c wordpress -d /cms_dir -o report.xlsx -t XLSX

Copyright (C) Paul Mars (Intrinsec)

Source: https://github.com/Intrinsec/