It’s sometimes necessary to figure out what CMS or website builder a particular website uses.
Users might require this information simply out of curiosity or a motivation to know more about the technology best suited for this type of endeavor.
Choosing a content management system for your website might be crucial. You must select the best CMS from among those available on the market.
As a result, you decide to research and see what CMS other big websites use. This is where CMS detection comes into play.
Or even in the information-gathering phase of penetration testing & hacking, finding the CMS of a website is the first step. After the attacker knows about the CMS being used on the website, they will search for the CVE-vulnerabilities (A list of publicly known cybersecurity vulnerabilities) that can exploit the particular CMS.
What is CMS
Content Management Systems (CMS) is a term that refers to software that allows the webmaster or admin to easily manage the information. It also allows multiple contributors to create, edit and publish the content.
It also allows the admin to control the architecture of the site’s pages or information and the layout and functionality.
CMS allows webmasters to handle their websites more efficiently, and it is also the most important aspect of any website’s success. A CMS usually stores information in a database and shows it in a presentation layer based on a collection of templates, similar to a website.
When a business uses a content management system (CMS) to publish its online pages, it minimizes the need for front-end developers to make changes to the site, making it faster and easier.
Some of the most common CMS functionalities are listed below.
- Multiple users can log in and contribute, organize and publish their work.
- Built-in revision tools allow content to be changed and modified.
- An insert feature allows users to enter text and upload images without needing to know web-based programming languages.
- Individual modifications to files are also tracked through various revision control methods.
- It enables non-technical persons who are unfamiliar with programming languages to generate and manage their own web content.
WordPress, Wix, Drupal, Joomla, Magneto, and Squarespace are the most popular CMS platforms available.
The variety of factors that must be evaluated before a business or individual decides to choose a CMS is nearly endless. There are a few essential features to look for, such as a user-friendly editor interface and sophisticated interactive features.
We have summed up a list of a few online services and methods to identify the CMS of any website. Let’s get rolling.
WhatCMS
WhatCMS is a handy and excellent web-based service tool to identify the CMS of a website in a matter of seconds.
This tool provides a free API and shares information about the methods used to recognize the CMS of the website. Enter the target web URL in the input filed and click on detect CMS button to start.
WebDataStats
WebDataStats is yet another fantastic tool to detect the CMS of a website. This tool provides a reputable service that can locate databases of site domains by CMS and also allows the user to see domain names’ CMS migration history.
They refresh the service’s CMS database on a monthly basis to offer the most accurate and distinct results. Enter the target web address and click on “Detect”.
CMSDetect
The CMSDetect tool is a very simple tool to use. Enter a website URL in the input field to find out the CMS of the website.
In seconds, you’ll get access to complete information about the CMS or website builder that a site employs.
SiteAnalyzer
SiteAnalyzer is a web-based service that allows you to quickly determine the CMS. To find out the CMS of the website, simply input the target domain names and click the “detect CMS” button. This free tool supports a bulk search of domains.
This website also has other features like domain extractor, whois checker, subdomain detector, SSL checker, etc.
Using command-line Tool
On Linux, it is straightforward to find the CMS of a website using some tools like CMSmap.
CMSmap
CMSmap is an open-source CMS scanner written in Python that automates the process of finding security problems and vulnerability evaluation process in the most popular CMSs.
WordPress, Joomla, Drupal, and Moodle are the CMSs that CMSmap currently supports.
This tool’s main goal is to bring together common vulnerabilities for many CMS types into a single tool.
Please keep in mind that this project is still in its early stages. As a result, you may discover bugs and defects. You should use it at your own risk!
Installation and usage
By cloning the Official GitHub repository, you can get the most recent version of CMSmap:
git clone https://github.com/Dionach/CMSmap
After you’ve downloaded the CMSmap files, use “cd” command to get to the CMSmap directory.
cd CMSmap
To install all the requirements and set up the tool, use the following command.
pip3 install .
To scan the website for CMS, use the below command,
./cmsmap.py <target-url>
When you execute the script for the first time, it will install all of the missing components.
Sample Output:
┌──(root💀kali)-[/home/writer/CMSmap]
└─# ./cmsmap.py https://geekflare.com
[-] Date & Time: 18/03/2022 12:54:18
[I] Threads: 5
[-] Target: https://geekflare.com (104.27.119.115)
[I] Server: cloudflare
[I] X-Powered-By: EasyEngine v4.1.0
[L] X-Frame-Options: Not Enforced
[I] X-Content-Security-Policy: Not Enforced
[L] Robots.txt Found: https://geekflare.com/robots.txt
[I] CMS Detection: WordPress
[I] Wordpress Theme: geekflare
[-] WordPress usernames identified:
[M] Hitesh Sant
[M] Naman Yash
[M] Neha Kaushik
[M] Shalabh Garg
[M] alana-berge
[M] anish Chowdhary
[M] asad-ali
[M] brandon
[M] brenda
[M] chandan
[M] chris-richardson
[M] evie-harrison
[M] harshit-gupta
[M] hruv Parmar
[M] kanishk
[M] kenneth-sytian
[M] lena-hemsworth
[M] marcus-habert
[M] mary-jones
[M] mrita Pathak
[M] nick-brown
[M] paul-jordan
[M] pradeep-vishwakarma
[M] rahul
[M] shiva-sai
[M] surajvishu80
[M] urga Prasad Acharya
[M] varun-kumar
[M] XML-RPC services are enabled
Along with the CMS details, this tool also shows some available usernames for that particular website CMS. The target website has WordPress installed on its server, as indicated above. Isn’t it simple? it’s as easy as that.
CMSmap can scan many targets on a file for brute force and post-exploitation, as well as available plugins. To see the complete usage of this tool, use the help command.
./cmsmap.py -h
Wrapping Up
I hope you found this article very useful in learning about how to Find Which CMS is Being Used on a Website.