Comission – WhiteBox CMS Analysis

Comission – WhiteBox CMS Analysis

CoMisSion is a tool to quickly analyze a CMS setup. The tool:

  • checks for the core version;
  • looks for the last core version;
  • looks for vulnerabilities in core version used;
  • checks for plugins version;
  • looks for vulnerabilities in plugins version used;

A complete report can be generated in XLSX or CSV format.
The tool has been tested on Linux only.


./ -c wordpress -d /cms_dir -o report.xlsx -t XLSX


git clone
pip install -r requirements.txt


usage: [-h] -d DIR -c CMS [-o FILE]

-h, --help show this help message and exit
-d DIR, --dir DIR CMS root directory
-c CMS, --cms CMS CMS type (Drupal, WordPress)
-o FILE, --output FILE Path to output file
-t TYPE, --type TYPE Type of output file (CSV, XLSX). Default to XLSX.

CMS supported

  • WordPress
  • Drupal (no vulnerability checks)

We are not publishing any official image yet. To use the tool with docker, you can build an image. In the project folder, build with:

docker build -t isec/comission .

Then run it with :

docker run -it --rm -v /TARGET_PATH/:/cms_path/ -v /OUTPUT_DIR/:/output/ isec/comission -d /cms_path/ -c drupal -o /output/test_docker.xlsx -t XLSX

Be careful to change the path “TARGET_PATH” and “OUTPUT_DIR” to match your folders.

Paul Mars (Intrinsec)
Based on an idea of Etienne Boursier (Intrinsec)