droopescan v1.41.2 releases: CMS (Drupal, SilverStripe, WordPress) vulnerabilities scanner

droopescan

A plugin-based scanner that aids security researchers in identifying issues with several CMS:

Partial functionality for:

  • Joomla (version enumeration and interesting URLs only).
  • Moodle (plugin & theme very limited, watch out)

Changelog

1.41.2
======

* New versions for all CMS.
* Downgrade Drupal due to bad plugin detection on 8.x. PRs encouraged.

Installation
Installation is easy using pip:

apt-get install python-pip
pip install droopescan

Manual installation is as follows:

git clone https://github.com/droope/droopescan.git
cd droopescan
pip install -r requirements.txt
./droopescan scan –help

Features

Scan types

Droopescan aims to be the most accurate by default, while not overloading the target server due to excessive concurrent requests. Due to this, by default, a large number of requests will be made with four threads; change these settings by using the –number and –threads arguments respectively.

This tool is able to perform four kinds of tests. By default, all tests are run, but you can specify one of the following with the -e or –enumerate flag:

  • p — Plugin checks: Performs several thousand HTTP requests and returns a listing of all plugins found to be installed on the target host.
  • t — Theme checks: As above, but for themes.
  • v — Version checks: Downloads several files and, based on the checksums of these files, returns a list of all possible versions.
  • i — Interesting url checks: Checks for interesting urls (admin panels, readme files, etc.)

Usage

droopescan –help

droopescan

Example

computer:~/droopescan$ droopescan scan drupal -u http://example.org/ -t 8
[+] No themes found.

[+] Possible interesting urls found:
    Default changelog file - https://www.example.org/CHANGELOG.txt
    Default admin - https://www.example.org/user/login

[+] Possible version(s):
    7.34

[+] Plugins found:
    views https://www.example.org/sites/all/modules/views/
        https://www.example.org/sites/all/modules/views/README.txt
        https://www.example.org/sites/all/modules/views/LICENSE.txt
    token https://www.example.org/sites/all/modules/token/
        https://www.example.org/sites/all/modules/token/README.txt
        https://www.example.org/sites/all/modules/token/LICENSE.txt
    pathauto https://www.example.org/sites/all/modules/pathauto/
        https://www.example.org/sites/all/modules/pathauto/README.txt
        https://www.example.org/sites/all/modules/pathauto/LICENSE.txt
        https://www.example.org/sites/all/modules/pathauto/API.txt
    libraries https://www.example.org/sites/all/modules/libraries/
        https://www.example.org/sites/all/modules/libraries/CHANGELOG.txt
        https://www.example.org/sites/all/modules/libraries/README.txt
        https://www.example.org/sites/all/modules/libraries/LICENSE.txt
    entity https://www.example.org/sites/all/modules/entity/
        https://www.example.org/sites/all/modules/entity/README.txt
        https://www.example.org/sites/all/modules/entity/LICENSE.txt
    google_analytics https://www.example.org/sites/all/modules/google_analytics/
        https://www.example.org/sites/all/modules/google_analytics/README.txt
        https://www.example.org/sites/all/modules/google_analytics/LICENSE.txt
    ctools https://www.example.org/sites/all/modules/ctools/
        https://www.example.org/sites/all/modules/ctools/CHANGELOG.txt
        https://www.example.org/sites/all/modules/ctools/LICENSE.txt
        https://www.example.org/sites/all/modules/ctools/API.txt
    features https://www.example.org/sites/all/modules/features/
        https://www.example.org/sites/all/modules/features/CHANGELOG.txt
        https://www.example.org/sites/all/modules/features/README.txt
        https://www.example.org/sites/all/modules/features/LICENSE.txt
        https://www.example.org/sites/all/modules/features/API.txt
    [... snip for README ...]

[+] Scan finished (0:04:59.502427 elapsed)

 

 

Copyright (C) 2015 droope

Source: https://github.com/droope/

Share