BadMod is an automated CMS detection and exploitation tool designed for penetration testers to identify and exploit vulnerabilities in Joomla and WordPress sites.
CMS auto detect and exploit.
This tool is primarily used by penetration testers and red teamers to quickly detect CMS platforms on target servers and exploit known vulnerabilities in Joomla and WordPress plugins. It automates scanning and exploitation processes to streamline vulnerability assessment on single or multiple targets.
Requires PHP and PHP cURL extension installed on the system. Users should ensure they have proper authorization before scanning or exploiting any targets to avoid legal issues. The tool focuses on Joomla and WordPress CMS exploitation, so its effectiveness depends on the presence of vulnerable plugins.
git clone https://github.com/MrSqar-Ye/BadMod.git
sudo apt-get install php
sudo apt-get install php-curl
chmod +x INSTALL
./INSTALLchmod +x INSTALL
Make the INSTALL script executable.
./INSTALL
Run the INSTALL script to set up the tool.
Option 1 - Get all server sites
Fast scan to retrieve all websites hosted on a target server.
Option 2 - Generate random IP's
Generate random IP addresses for scanning purposes.