Droopescan: CMS vulnerabilities scanner

Droopescan: One which helps security researchers identify security issues in many CMSs.

Supported CMS are:

Partial functionality for:

  • Joomla (version listing and only a few URLs)
  • Moodle (add-on and theme very limited, attention)
  • Drupal (plugin discovery partially in new Drupal installations, evolve its update )

Installation

apt-get install python-pip pip install droopescan

Specifications

Scan types

Droopescan aims for the most accurate scan by default, without overloading the destination server due to excessive concurrent requests. Because of this, by default, a large number of requests will be submitted with four threads. change these settings with  –Numberand  –Threads   respectively.

This tool can perform four types of tests. By default, all tests are performed, but you can specify one of the following with the flag -e  ή  –Numerate :

  • p - Plugin checks: Executes several thousand HTTP requests and returns a list of all plugins found to be installed on the target host.
  • t - Theme checks: does the above, but for issues.
  • v - Version checks: Download multiple files and based on sums of these files, returns a list of all possible versions.
  • i - Interesting url checks: Checks for interesting URLs (management boards, readme files, etc.)

Use

droopscan –help

More information about the program, you will find here.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).