Script to detect vulnerabilities in popular CMS?

osiem

Registered
Sep 14, 2013
2
0
1
cPanel Access Level
Root Administrator
Hello,

Does anybody known script which scan websites on server and detect vulnerabilities in popular CMS look like Joomla, Wordpress, Drupal etc and send e-mail notification to administrator / user about detected issues?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello :)

Typically, administrators will look for scripts that are outdated and recommend their clients to upgrade to the latest versions of those scripts. I am not aware of any third-party applications that will do this automatically.

Thank you.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
I know of paid services, but not a free script.

I've previously used the company 6scan, who would e-mail me whenever one of my web apps had a new vulnerability. Mods, If giving them a plug here is not allowed please edit my post and remove this.
 

lbeachmike

Well-Known Member
Dec 27, 2001
306
1
316
Long Beach, NY
cPanel Access Level
Root Administrator
Hello,

Does anybody known script which scan websites on server and detect vulnerabilities in popular CMS look like Joomla, Wordpress, Drupal etc and send e-mail notification to administrator / user about detected issues?
Hi there -

I came across this -

Penetration Testing with the Joomla Security Scanner

It looks interesting, but I've not had the chance to figure it out and give a try yet. If you do, please post about it.

It seems to work in conjunction with this -

BackTrack Linux - Penetration Testing Distribution

If you find any other solutions, please let us know. I've come across some very high-quality Wordpress security plug-ins, but nothing yet at the server level.

Thanks.

Mike
 

lbeachmike

Well-Known Member
Dec 27, 2001
306
1
316
Long Beach, NY
cPanel Access Level
Root Administrator
using clamav default from cpanel installation i think it's quite good
Not with the stock virus sigs it's not. It's actually pretty horrible. I had an account with about 20-30 shells and various malware uploaded and it didn't detect a single one.

On the other hand, when I uploaded the Wordpress Plug-in "Wordfence" to that same account, it detected all of these.

They were really basic too - .gif files with malware code, and .htaccess malware. Clam should have easily detected those. Clearly the Clam signatures leave a lot to be desired.

I've been looking at Scamp to get third party signatures added, but haven't had to time to try it yet.

mrk