Multi-CMS Scanner
loginThis tool actively probes a target for vulnerabilities. Running it without verifying the user owns or has permission to test the target is indistinguishable from attack tooling, so it requires authorization.
This tool isn't available in the anonymous view. Sign in to access it.
Monitor this automatically
NetTests can run this check on a schedule, preserve historical results, compare changes over time, and alert you the moment something breaks.
Start monitoring free → See all monitoring productsFrequently Asked Questions
What does CMSmap detect?
CMSmap identifies the CMS and version, enumerates users, lists installed plugins and themes with their versions, checks for known CVEs, and tests common misconfigurations. It supports WordPress, Joomla, and Drupal with automatic CMS detection.
When would I use CMSmap vs WPScan?
Use WPScan for WordPress-only targets — it has a larger, more frequently updated vulnerability database. Use CMSmap when you don't know which CMS a target uses or when scanning Joomla or Drupal. Both require authorisation from the site owner.