A Vulnerability Detection Framework for CMS Using Port Scanning Technique

In the era of technology, attack on computer infrastructure is considered as the most severe threat. Web server is one of the most important components of this infrastructure. Preventive measures must be taken to deal with these attacks on the web servers. For this reason, vulnerability detection needs to be carried out in an effective way and should be mitigated as soon as possible. In this paper, an effective framework for vulnerability detection of web application is proposed. This framework targets the web applications developed with content management systems (CMSs). It obtains prior knowledge of the vulnerable extensions of a specific CMS from its contributors. The framework is run against a target web server using a well-known port scanning tool, Nmap. It checks if there is any existing matches for the vulnerable extension installed in that web application. Finally, the framework gives an output comprised of the installed extensions along with the installed vulnerable extensions in that web application. Although the output result is shown in the Nmap console, the framework is a segregated entity that works in collaboration with Nmap. Thus this framework can be well-utilized by the security specialists to assess the security of a web application in an easier and effective way and also to evaluate vulnerability of web servers; hence shielding the web applications from various kinds of security threats.

Keyphrases: CMScan, Content Management System, Nmap Scripting Engine, Port Scanning, Security Scanner, vulnerability assessment, Vulnerability Scanner, vulnerable extension, web application, Web Service

