Droopescan – Plugin Based CMS Security Scanner

The New Acunetix V12 Engine


Droopescan is a plugin-based CMS security scanner that that will help you with identifying issues with several CMSs, mainly Drupal & Silverstripe.

Droopescan aims to be the most accurate by default, while not overloading the target server due to excessive concurrent requests. Due to this, by default, a large number of requests will be made with four threads; change these settings by using the –number and –threads arguments respectively.

Droopescan - Plugin Based CMS Security Scanner

There are various other tools which perform similar functions such as CMS identification and issue detection:

WhatWeb – Identify CMS, Blogging Platform, Stats Packages & More
BlindElephant – Web Application Fingerprinter
wig – WebApp Information Gatherer – Identify CMS
Web-Sorrow v1.48 – Version Detection, CMS Identification & Enumeration
Wappalyzer – Web Technology Identifier (Identify CMS, JavaScript etc.)
WPScan – WordPress Security/Vulnerability Scanner

Droopescan is able to perform four kinds of tests:

  • Plugin checks: Performs several thousand HTTP requests and returns a listing of all plugins found to be installed in the target host.
  • Theme checks: As above, but for themes.
  • Version checks: Downloads several files and, based on the checksums of these files, returns a list of all possible versions.
  • Interesting url checks: Checks for interesting urls (admin panels, readme files, etc.)

Installation

Installation is easy using pip:

Manual installation is as follows:

The master branch corresponds to the latest release (what is in pypi). Development branch is unstable and all pull requests must be made against it.

You can download Droopescan following the instructions above or read more here.

Posted in: Hacking Tools, Web Hacking

,


Latest Posts:


Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.


Comments are closed.