BlogNews

a plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe

A plugin-based scanner that aids security researchers in identifying issues with several CMS.

Usage of droopescan for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Please note that while droopescan outputs the most CMS likely version installed on the remote host, any correlation between version numbers and vulnerabilities must be done manually by the user.

Supported CMS are:

  • SilverStripe
  • WordPress
  • Drupal

Partial functionality for:

  • Joomla (version enumeration and interesting URLs only)
  • Moodle (plugin & theme very limited, watch out)
computer:~/droopescan$ droopescan scan drupal -u http://example.org/ -t 32
[+] No themes found.

[+] Possible interesting urls found:
    Default changelog file - https://www.example.org/CHANGELOG.txt
    Default admin - https://www.example.org/user/login

[+] Possible version(s):
    7.34

[+] Plugins found:
    views https://www.example.org/sites/all/modules/views/
        https://www.example.org/sites/all/modules/views/README.txt
        https://www.example.org/sites/all/modules/views/LICENSE.txt
    token https://www.example.org/sites/all/modules/token/
        https://www.example.org/sites/all/modules/token/README.txt
        https://www.example.org/sites/all/modules/token/LICENSE.txt
    pathauto https://www.example.org/sites/all/modules/pathauto/
        https://www.example.org/sites/all/modules/pathauto/README.txt
        https://www.example.org/sites/all/modules/pathauto/LICENSE.txt
        https://www.example.org/sites/all/modules/pathauto/API.txt
    libraries https://www.example.org/sites/all/modules/libraries/
        https://www.example.org/sites/all/modules/libraries/CHANGELOG.txt
        https://www.example.org/sites/all/modules/libraries/README.txt
        https://www.example.org/sites/all/modules/libraries/LICENSE.txt
    entity https://www.example.org/sites/all/modules/entity/
        https://www.example.org/sites/all/modules/entity/README.txt
        https://www.example.org/sites/all/modules/entity/LICENSE.txt
    google_analytics https://www.example.org/sites/all/modules/google_analytics/
        https://www.example.org/sites/all/modules/google_analytics/README.txt
        https://www.example.org/sites/all/modules/google_analytics/LICENSE.txt
    ctools https://www.example.org/sites/all/modules/ctools/
        https://www.example.org/sites/all/modules/ctools/CHANGELOG.txt
        https://www.example.org/sites/all/modules/ctools/LICENSE.txt
        https://www.example.org/sites/all/modules/ctools/API.txt
    features https://www.example.org/sites/all/modules/features/
        https://www.example.org/sites/all/modules/features/CHANGELOG.txt
        https://www.example.org/sites/all/modules/features/README.txt
        https://www.example.org/sites/all/modules/features/LICENSE.txt
        https://www.example.org/sites/all/modules/features/API.txt
    [... snip for README ...]

[+] Scan finished (0:04:59.502427 elapsed)

You can get a full list of options by running:

droopescan --help
droopescan scan --help

Because droopescan:

  • is fast
  • is stable
  • is up to date
  • allows simultaneous scanning of multiple sites
  • is 100% python

package installation (maintained by a third party):

sudo pacman -S droopescan

netrc (a file named .netrc placed in your root home directory) file could look as follows:

machine secret.google.com
    login [email protected]
    password Winter01

You can set the http_proxy and https_proxy variables. These allow you to set a parent HTTP proxy, in which you can handle more complex types of authentication (e.g. Fiddler, ZAP, Burp)

export http_proxy='user:password@localhost:8080'
export https_proxy='user:password@localhost:8080'
droopescan scan drupal --url http://localhost/drupal

WARNING: By design, to allow intercepting proxies and the testing of applications with bad SSL, droopescan allows self-signed or otherwise invalid certificates. ˙ ͜ʟ˙

versions.xml file, and optionally a list of interesting URLs, as well as replace all variables that are in joomla.py with values that are correct for your implementation.

The plugin needs to update automatically in order for a pull request to be accepted. Further documentation may be later made available, but for now, keep in mind that the update_version_check, update_version, update_plugins_check and update_plugins need to be implemented. For reference, please review the drupal.py file. This is required in order to ensure plugins are kept to date.

https://github.com/SamJoan/droopescan


Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button