CMS

An overview on using Tourmaline's CMS detector.

On this page, you'll learn:

  • How to use the tourmaline cms command

  • Why getting false negatives/positives happens

Command Structure

A CMS detector analyzes websites to try to identify the CMS used in the site. This can help you to find exploits, paths and more when enumerating a target.

tourmaline cms <URL>

Currently, CMS detection only supports:

  • Wordpress

  • Joomla

  • Drupal

tourmaline cms takes the following arguments:

  • -o|--outfile <OUTFILE>: Path to the outfile.

Getting Accurate Results with tourmaline cms

The basic proccess of CMS detection in Tourmaline goes like this:

  1. Tourmaline sends a request to the URL

  2. Tourmaline looks at its files in /usr/local/share/tourmaline/wordlists/cms-fuzzing

  3. Tourmaline checks if any of the paths in the files apply to the site

  4. Tourmaline looks at its files in /usr/local/share/tourmaline/wordlists/html-analysis

  5. Tourmaline checks if the page contains any of the content from the files

  6. Tourmaline analyzes the headers

Afterwards, Tourmaline will return a score for each CMS. Scores less than 50% should generally be discounted due to the likelihood of them being false positives. This happens because some of the wordlists contain generic paths that are used across multiple CMSs, so when these paths are found, the score gets increased.

PreviousBruteNextData Scraper

Last updated