Search the Community

A plugin-based scanner that aids security researchers in identifying issues with several CMS. Usage of droopescan for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Please note that while droopescan outputs the most CMS likely version installed on the remote host, any correlation between version numbers and vulnerabilities must be done manually by the user. Supported CMS are: SilverStripe WordPress Partial functionality for: Joomla (version enumeration and interesting URLs only) Moodle (plugin & theme very limited, watch out) Drupal (plugin discovery partial on new installations of Drupal, patches encouraged) Changelog v1.45.1 Updated the database for all CMS. [hide][Hidden Content]]

A plugin-based scanner that aids security researchers in identifying issues with several CMS. Usage of droopescan for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Please note that while droopescan outputs the most CMS likely version installed on the remote host, any correlation between version numbers and vulnerabilities must be done manually by the user. Supported CMS are: SilverStripe WordPress Partial functionality for: Joomla (version enumeration and interesting URLs only) Moodle (plugin & theme very limited, watch out) Drupal (plugin discovery partial on new installations of Drupal, patches encouraged) Changelog v1.45 * New SS modules. * New versions for all CMS. * Fix Python version in Kali. Thank you @pr0b3r7 and @NorthShad0w. [hide][Hidden Content]]

A plugin-based scanner that aids security researchers in identifying issues with several CMS. Usage of droopescan for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Please note that while droopescan outputs the most CMS likely version installed on the remote host, any correlation between version numbers and vulnerabilities must be done manually by the user. Supported CMS are: SilverStripe Wordpress Drupal Partial functionality for: Joomla (version enumeration and interesting URLs only) Moodle (plugin & theme very limited, watch out) Changelog v1.44 * Marked Drupal as stable. * Contribution by @mbomb007: Added README.md and CHANGELOG.md to Drupal interesting module URLs. * Contribution by @masterwebsk: new Drupal version. * New versions for all CMS except Joomla. * Minor updates to update system. [hide][Hidden Content]]

A plugin-based scanner that aids security researchers in identifying issues with several CMS. Usage of droopescan for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Please note that while droopescan outputs the most CMS likely version installed on the remote host, any correlation between version numbers and vulnerabilities must be done manually by the user. Supported CMS are: SilverStripe WordPress Partial functionality for: Joomla (version enumeration and interesting URLs only) Moodle (plugin & theme very limited, watch out) Drupal (plugin discovery partial on new installations of Drupal, patches encouraged) Changelog 1.43 ====== * Contribution by @kieran-github: add –user-agent parameter. * Contribution by @ageekymonk: Add new drupal 8 path. * Contribution by @NicolasCARPi: Add Dockerfile. * New Drupal and SS Modules. [hide][Hidden Content]]

droopescan v1.42 - CMS (Drupal, SilverStripe, WordPress) vulnerabilities scanner droopescan A plugin-based scanner that aids security researchers in identifying issues with several CMS. Usage of droopescan for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Please note that while droopescan outputs the most CMS likely version installed on the remote host, any correlation between version numbers and vulnerabilities must be done manually by the user. Supported CMS are: SilverStripe WordPress Partial functionality for: Joomla (version enumeration and interesting URLs only) Moodle (plugin & theme very limited, watch out) Drupal (plugin discovery partial on new installations of Drupal, patches encouraged) Features Scan types Droopescan aims to be the most accurate by default, while not overloading the target server due to excessive concurrent requests. Due to this, by default, a large number of requests will be made with four threads; change these settings by using the –number and –threads arguments respectively. This tool is able to perform four kinds of tests. By default, all tests are run, but you can specify one of the following with the -e or –enumerate flag: p — Plugin checks: Performs several thousand HTTP requests and returns a listing of all plugins found to be installed on the target host. t — Theme checks: As above, but for themes. v — Version checks: Downloads several files and, based on the checksums of these files, returns a list of all possible versions. i — Interesting url checks: Checks for interesting urls (admin panels, readme files, etc.) Changelog 1.42 ====== * New version files for all CMS. * Updated plugin files for some CMS. [HIDE][Hidden Content]]