search

Tuhinshubhra / CMSeeK

CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs
GNU General Public License v3.0
2.31k stars 497 forks source link

[Feature request] prestashop detection support #50

Closed noraj closed 5 years ago

noraj commented 5 years ago

Hi, thx for the amazing work Prestashop detection support https://www.prestashop.com/en would be great

Tuhinshubhra commented 5 years ago

I've added parameters for PrestaShop detection if you have any other suggestions feel free to open a new issue. Thank you for improving CMSeeK.

noraj commented 5 years ago

@Tuhinshubhra Awesome! I will have to try that. Also I saw https://prestavc.com/ was able to detect the prestashop version, but I don't know how.

Tuhinshubhra commented 5 years ago

Thanks i'll figure out a way to detect prestashop versions, thanks for letting me know.

noraj commented 5 years ago

prestavc is able to get the exact version so the version must be disclosed in one file or something.

noraj commented 5 years ago

As it is always nice to hear it: you are awesome and your project too, thx for maintaining it :)

noraj commented 5 years ago

Also prestashop robots.txt is quite identifiable, but it change a lot between versions:

here is also some prestashop plugin revealing the use of prestashop in the path or module name:

/modules/revsliderprestashop/views/js/rs-plugin/js/jquery.themepunch.tools.min.js
/modules/revsliderprestashop/views/js/rs-plugin/js/jquery.themepunch.revolution.js

Also there is also http://runprestashop.com/ technique:

Technically, the tool analyzes a set of resource files freely accessible on the server in question (CSS, JS) and compares them with the signatures of the files in the different versions of Prestashop. This is the best method but also the more complex.

I also find https://whatcms.org/ that is able to detect prestashop but also the exact version used. Here is how they do https://whatcms.org/Content-Management-Systems, they can identify 430+ CMS.

Tuhinshubhra commented 5 years ago

I know matching the signatures of publicly accessible files is a good way but I kinda have some stuffs going on so yeah sure i can do that but will take some time.

Tuhinshubhra commented 5 years ago

Closing the issue for now, I will update once i add prestashop version detection