Script to detect vulnerabilities in popular CMS?

O

osiem

Registered
Sep 14, 2013
2
0
1
cPanel Access Level
Root Administrator
Hello,

Does anybody known script which scan websites on server and detect vulnerabilities in popular CMS look like Joomla, Wordpress, Drupal etc and send e-mail notification to administrator / user about detected issues?
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,260
463
Hello :)

Typically, administrators will look for scripts that are outdated and recommend their clients to upgrade to the latest versions of those scripts. I am not aware of any third-party applications that will do this automatically.

Thank you.
 
Q

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
I know of paid services, but not a free script.

I've previously used the company 6scan, who would e-mail me whenever one of my web apps had a new vulnerability. Mods, If giving them a plug here is not allowed please edit my post and remove this.
 
L

lbeachmike

Well-Known Member
Dec 27, 2001
307
4
318
Long Beach, NY
cPanel Access Level
Root Administrator
osiem said:
Hello,

Does anybody known script which scan websites on server and detect vulnerabilities in popular CMS look like Joomla, Wordpress, Drupal etc and send e-mail notification to administrator / user about detected issues?
Click to expand...
Hi there -

I came across this -

Penetration Testing with the Joomla Security Scanner

It looks interesting, but I've not had the chance to figure it out and give a try yet. If you do, please post about it.

It seems to work in conjunction with this -

BackTrack Linux - Penetration Testing Distribution

If you find any other solutions, please let us know. I've come across some very high-quality Wordpress security plug-ins, but nothing yet at the server level.

Thanks.

Mike
 
L

lbeachmike

Well-Known Member
Dec 27, 2001
307
4
318
Long Beach, NY
cPanel Access Level
Root Administrator
MesinHosting said:
using clamav default from cpanel installation i think it's quite good
Click to expand...
Not with the stock virus sigs it's not. It's actually pretty horrible. I had an account with about 20-30 shells and various malware uploaded and it didn't detect a single one.

On the other hand, when I uploaded the Wordpress Plug-in "Wordfence" to that same account, it detected all of these.

They were really basic too - .gif files with malware code, and .htaccess malware. Clam should have easily detected those. Clearly the Clam signatures leave a lot to be desired.

I've been looking at Scamp to get third party signatures added, but haven't had to time to try it yet.

mrk
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
J ChatGPT script to generate hack alerts from mod_sec Security 3
A Script to block IPs based on error log? Security 2
T SOLVED AutoSSL update script throws dnsadmin error when renewing Security 5
sneader Bad file descriptor error when running AutoSSL Security 3
A Rfxn Maldetect script - experiences? Security 0
Similar threads
ChatGPT script to generate hack alerts from mod_sec
Script to block IPs based on error log?
SOLVED AutoSSL update script throws dnsadmin error when renewing
Bad file descriptor error when running AutoSSL
Rfxn Maldetect script - experiences?
Top Bottom