{"id":3866,"date":"2015-02-10T02:26:48","date_gmt":"2015-02-09T18:26:48","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3866"},"modified":"2015-03-14T17:41:40","modified_gmt":"2015-03-14T09:41:40","slug":"droopescan-plugin-based-cms-security-scanner","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2015\/02\/droopescan-plugin-based-cms-security-scanner\/","title":{"rendered":"Droopescan – Plugin Based CMS Security Scanner"},"content":{"rendered":"
Droopescan is a plugin-based CMS security scanner that that will help you with identifying issues with several CMSs, mainly Drupal & Silverstripe.<\/p>\n
Droopescan aims to be the most accurate by default, while not overloading the target server due to excessive concurrent requests. Due to this, by default, a large number of requests will be made with four threads; change these settings by using the –number and –threads arguments respectively.<\/p>\n
<\/p>\n
There are various other tools which perform similar functions such as CMS identification and issue detection:<\/p>\n
– WhatWeb \u2013 Identify CMS, Blogging Platform, Stats Packages & More<\/a> Droopescan is able to perform four kinds of tests:<\/p>\n Installation is easy using pip:<\/p>\n Manual installation is as follows:<\/p>\n The master branch corresponds to the latest release (what is in pypi). Development branch is unstable and all pull requests must be made against it.<\/p>\n
\n– BlindElephant \u2013 Web Application Fingerprinter<\/a>
\n– wig \u2013 WebApp Information Gatherer \u2013 Identify CMS<\/a>
\n– Web-Sorrow v1.48 \u2013 Version Detection, CMS Identification & Enumeration<\/a>
\n– Wappalyzer \u2013 Web Technology Identifier (Identify CMS, JavaScript etc.)<\/a>
\n– WPScan \u2013 WordPress Security\/Vulnerability Scanner<\/a><\/p>\n\n
Installation<\/h3>\n
apt-get install python-pip\r\npip install droopescan<\/pre>\n
git clone https:\/\/github.com\/droope\/droopescan.git\r\ncd droopescan\r\npip install -r requirements.txt\r\n.\/droopescan scan --help<\/pre>\n