Droopescan – Plugin Based CMS Security Scanner

Use Netsparker


Droopescan is a plugin-based CMS security scanner that that will help you with identifying issues with several CMSs, mainly Drupal & Silverstripe.

Droopescan aims to be the most accurate by default, while not overloading the target server due to excessive concurrent requests. Due to this, by default, a large number of requests will be made with four threads; change these settings by using the –number and –threads arguments respectively.

Droopescan - Plugin Based CMS Security Scanner

There are various other tools which perform similar functions such as CMS identification and issue detection:

WhatWeb – Identify CMS, Blogging Platform, Stats Packages & More
BlindElephant – Web Application Fingerprinter
wig – WebApp Information Gatherer – Identify CMS
Web-Sorrow v1.48 – Version Detection, CMS Identification & Enumeration
Wappalyzer – Web Technology Identifier (Identify CMS, JavaScript etc.)
WPScan – WordPress Security/Vulnerability Scanner

Droopescan is able to perform four kinds of tests:

  • Plugin checks: Performs several thousand HTTP requests and returns a listing of all plugins found to be installed in the target host.
  • Theme checks: As above, but for themes.
  • Version checks: Downloads several files and, based on the checksums of these files, returns a list of all possible versions.
  • Interesting url checks: Checks for interesting urls (admin panels, readme files, etc.)

Installation

Installation is easy using pip:

Manual installation is as follows:

The master branch corresponds to the latest release (what is in pypi). Development branch is unstable and all pull requests must be made against it.

You can download Droopescan following the instructions above or read more here.

Posted in: Hacking Tools, Web Hacking

,


Latest Posts:


NetBScanner - NetBIOS Network Scanner NetBScanner – NetBIOS Network Scanner
NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.
Metta - Information Security Adversarial Simulation Tool Metta – Information Security Adversarial Simulation Tool
Metta is an information security preparedness tool in Python to help with adversarial simulation and assess security defense preparation and alerts.
Powershell-RAT - Gmail Exfiltration RAT Powershell-RAT – Gmail Exfiltration RAT
Powershell-RAT is a Python-based Gmail exfiltration RAT that can be used a Windows backdoor to send screenshots or other data as an e-mail attachment.
SCADA Hacking - Industrial Systems Woefully Insecure SCADA Hacking – Industrial Systems Woefully Insecure
It seems like SCADA hacking is still a topic in hacker conferences, and it should be with SCADA systems still driving power stations, manufacturing plants etc.
airgeddon - Wireless Security Auditing Script airgeddon – Wireless Security Auditing Script
Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.
Acunetix v12 - Pause & Resume Acunetix v12 – More Comprehensive More Accurate & 2x Faster
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12 - more comprehensive, accurate & 2x faster.


Comments are closed.