CMScan is a unified security scanner for WordPress, Drupal, Joomla, PrestaShop, Shopify, Magento, TYPO3, and OpenCart websites.
No api-key, no limitation
It detects CMS versions, enumerates users, checks for known vulnerabilities, and exports the results to CSV.
- ✅ Vulnerability checking through:
- ✅ Detection of sensitive files and paths (wp-config, .git, .env, etc.)
- ✅ Security header auditing (HSTS, CSP, X-Frame-Options, etc.)
- ✅ Comprehensive CSV export
- ✅
--hostmode support for shared hosting environments - ✅ Automatic 403 bypass using User-Agent rotation
git clone https://github.com/moloch54/CMScan
cd CMScan
chmod +x install.sh
./install.shpython3 CMScan.py -L target.com 