comission: WhiteBox CMS analysis

comission CVE-2017-17058

CoMisSion – WhiteBox CMS analysis

CoMisSion is a tool to quickly analyze a CMS setup. The tool:

  • checks for the core version;
  • checks for modifications made on the core (additions, alterations, deletions) with a fresh archive downloaded from CMS official website;
  • looks for the last core version;
  • looks for vulnerabilities in core version used;
  • checks for plugins and themes version;
  • checks for modifications made on each plugin and each theme (additions, alterations, deletions) with a fresh archive downloaded from CMS official website;
  • looks for vulnerabilities in plugins and themes version used.

🔥 Attention: CoMisSion is not looking for vulnerabilities by analyzing the source code. Vulnerabilities are gathered from public databases like wpvulndb. Finding new vulnerabilities is not the purpose of this tool.

A complete report can be generated in the following format:

  • XLSX
  • CSV
  • JSON (to allow the tool to be used in a CI process)

Installation

git clone https://github.com/Intrinsec/comission

pip install -r requirements.txt

Usage

usage: comission.py [-h] -d DIR -c CMS [-o FILE]


-h, --help show this help message and exit
-d DIR, --dir DIR CMS root directory
-c CMS, --cms CMS CMS type (Drupal, WordPress)
-o FILE, --output FILE Path to output file
-t TYPE, --type TYPE Type of output file (CSV, XLSX). Default to XLSX.

 

CMS supported

  • WordPress
  • Drupal (no vulnerability checks)

Example

./commision.py -c wordpress -d /cms_dir -o report.xlsx -t XLSX

 

Copyright (C) Paul Mars (Intrinsec)

Source: https://github.com/Intrinsec/