Vulnerability scanner and information gatherer for the Concrete5 CMS. Is a little out of date presently pending a refactor.
concrete5 is an open-source content management system (CMS) for publishing content on the World Wide Web and intranets. concrete5 is designed for ease of use, for users with a minimum of technical skills. It enables users to edit site content directly from the page. It provides version management for every page, similar to wiki software, another type of web site development software. concrete5 allows users to edit images through an embedded editor on the page.


Use

python c5scan.py -u <url> (-r)

-u --url Insert your target URL here
-r --robots If found, print contents of robots.txt

Dependencies

pip install httplib2 requests

Example

$ python c5scan.py -u localhost -r

**********************************************************
* ~ C5scan ~ *
* A vulnerability and information gatherer for concrete5 *
* auraltension@riseup.net *
**********************************************************

No http:// or https:// provided. Trying http://
URL: http://localhost/

[+] Discovered version 5.6.2.1 from meta 'generator' tag
[+] Interesting header: server: Apache/2.2.14 (Ubuntu)
[+] Interesting header: x-powered-by: PHP/5.3.2-1ubuntu4.24
[+] robots.txt found at http://localhost/robots.txt
User-agent: *
Disallow: /blocks
Disallow: /concrete
Disallow: /config
Disallow: /controllers
Disallow: /css
Disallow: /elements
Disallow: /helpers
Disallow: /jobs
Disallow: /js
Disallow: /languages
Disallow: /libraries
Disallow: /mail
Disallow: /models
Disallow: /packages
Disallow: /single_pages
Disallow: /themes
Disallow: /tools
Disallow: /updates

Enumerating updates in /updates/
[+] Update version 5.5.2.1 exists
[+] Update version 5.6.2.1 exists

Looking for Readme files
[+] Found a readme at: http://localhost/concrete/libraries/3rdparty/adodb/readme.txt
[+] Found a readme at: http://localhost/concrete/libraries/3rdparty/adodb/docs/docs-adodb.htm
[+] Found a readme at: http://localhost/concrete/blocks/video/README
[+] Found a readme at: http://localhost/concrete/libraries/3rdparty/StandardAnalyzer/Readme.txt
[+] Found a readme at: http://localhost/concrete/libraries/3rdparty/securimage/README.txt

Checking for known vulnerabilities in updates
[+] A known vulnerability exists for 5.6.2.1:
SQL Injection in index.php cID param
http://www.exploit-db.com/exploits/31735/

Checking for known vulnerabilities in current version
[+] A known vulnerability exists for 5.6.2.1:
SQL Injection in index.php cID param
http://www.exploit-db.com/exploits/31735/

Finished.