Discourse forum security scanner. Written for security professionals and forum administrators.
Project description
๐ก๏ธ DiscourseMap
Comprehensive security testing framework for Discourse forums
Features โข Installation โข Usage โข Modules โข Contributing
๐ Overview
DiscourseMap is a comprehensive, modular security testing framework specifically designed for Discourse forum platforms. It combines Python-based scanning modules with Ruby exploit integration to provide thorough security assessments covering everything from basic information gathering to advanced vulnerability exploitation.
๐ฏ Key Highlights
- 25+ Security Modules covering all aspects of Discourse security
- Ruby Exploit Integration with 25+ CVE-specific exploits
- Modular Architecture for easy extension and customization
- Comprehensive Coverage from reconnaissance to exploitation
- Professional Reporting with detailed findings and recommendations
- Active Development with regular updates and new features
๐ Features
๐ Core Security Testing
| Category | Description | Modules |
|---|---|---|
| Information Gathering | Reconnaissance and fingerprinting | Info, Endpoint, User |
| Vulnerability Assessment | Core security testing | Vulnerability, CVE Exploits |
| Authentication & Authorization | Access control testing | Auth, Session Management |
| Configuration Security | Misconfigurations and hardening | Config, Network |
| Cryptographic Analysis | Crypto implementation testing | Crypto, SSL/TLS |
| Plugin & Theme Security | Extension security testing | Plugin, Theme Analysis |
๐ ๏ธ Advanced Capabilities
- Multi-Vector Testing: Combines automated scanning with manual exploit techniques
- CVE Database: Integrated database of Discourse-specific vulnerabilities
- Custom Payloads: Sophisticated payload generation and testing
- Evasion Techniques: Advanced methods to bypass security controls
- Real-time Analysis: Live vulnerability detection and exploitation
- Detailed Reporting: Comprehensive reports with remediation guidance
๐ฆ Installation
๐ Quick Install (Recommended)
# Install from PyPI - Simple and fast!
pip install discoursemap
# Verify installation
discoursemap --help
# Start scanning immediately
discoursemap -u https://forum.example.com
๐ฆ Alternative Installation Methods
# Install with pipx for isolated environment
pipx install discoursemap
# Install specific version
pip install discoursemap==1.1.0
# Upgrade to latest version
pip install --upgrade discoursemap
Prerequisites
# System Requirements
- Python 3.8 or higher
- Ruby 2.7 or higher
- Git
- Internet connection for dependency installation
๐ง Manual Installation
# Clone the repository
git clone https://github.com/ibrahmsql/discoursemap.git
cd discoursemap
# Install Python dependencies
pip3 install -r requirements.txt
# Install Ruby dependencies
bundle install
# Make scripts executable
chmod +x discoursemap/scanner.py
chmod +x ruby_exploit_runner.rb
# Verify installation
python3 discoursemap/scanner.py --help
Docker Installation
# Build Docker image
docker build -t discoursemap .
# Run scanner with Docker
docker run --rm -v $(pwd)/reports:/app/reports discoursemap \
python3 main.py -u https://target-forum.com --modules info
# Using Docker Compose
docker-compose build
docker-compose run --rm discoursemap \
python3 main.py -u https://target-forum.com --modules info,vuln
# Interactive mode
docker run -it --rm discoursemap bash
Development Setup
# Install development dependencies
pip3 install -r requirements-dev.txt
# Install pre-commit hooks
pre-commit install
# Run tests
python3 -m pytest tests/
๐ฏ Usage
Basic Scanning
# Basic security scan
python3 discoursemap/scanner.py -u https://discourse.example.com
# Scan with specific modules
python3 discoursemap/scanner.py -u https://discourse.example.com -m info,vulnerability,auth
# Aggressive scan with all modules
python3 discoursemap/scanner.py -u https://discourse.example.com --aggressive
# Scan with custom output
python3 discoursemap/scanner.py -u https://discourse.example.com -o results.json
Advanced Options
# Scan with authentication
python3 discoursemap/scanner.py -u https://discourse.example.com \
--username admin --password secretpass
# Scan with proxy
python3 discoursemap/scanner.py -u https://discourse.example.com \
--proxy http://127.0.0.1:8080
# Scan with custom headers
python3 discoursemap/scanner.py -u https://discourse.example.com \
--headers "X-Forwarded-For: 127.0.0.1" "User-Agent: CustomBot/1.0"
# Stealth mode with delays
python3 discoursemap/scanner.py -u https://discourse.example.com \
--delay 2 --random-delay
Ruby Exploit Integration
# Run specific CVE exploits
python3 discoursemap/modules/cve_exploit_module.py \
--target https://discourse.example.com \
--cve CVE-2021-41163
# Run all Ruby exploits
ruby ruby_exploit_runner.rb https://discourse.example.com
# Run exploits with custom parameters
ruby ruby_exploit_runner.rb https://discourse.example.com \
--timeout 30 --threads 5
๐งฉ Modules
๐ Information Gathering
Info Module (info_module.py)
- Server Information: Version detection, technology stack
- Configuration Discovery: Settings, features, plugins
- User Enumeration: Active users, administrators, moderators
- Content Analysis: Categories, topics, sensitive information
Endpoint Module (endpoint_module.py)
- Directory Discovery: Hidden paths, admin panels, API endpoints
- File Discovery: Backup files, configuration files, logs
- API Enumeration: REST endpoints, GraphQL schemas
- Subdomain Discovery: Related domains and services
๐ก๏ธ Security Testing
Vulnerability Module (vulnerability_module.py)
- Injection Attacks: SQL, NoSQL, LDAP, Command injection
- Cross-Site Scripting: Reflected, Stored, DOM-based XSS
- Cross-Site Request Forgery: CSRF token analysis
- Server-Side Request Forgery: SSRF testing
- XML External Entity: XXE vulnerability testing
- Insecure Deserialization: Object injection attacks
Auth Module (auth_module.py)
- Authentication Bypass: Login bypass techniques
- Privilege Escalation: Horizontal and vertical escalation
- Session Management: Session fixation, hijacking
- Password Policy: Weak password detection
- Account Lockout: Brute force protection testing
- OAuth/SSO Security: Third-party authentication flaws
๐ Cryptographic Security
Crypto Module (crypto_module.py)
- Weak Hashing: MD5, SHA1 detection
- Weak Encryption: DES, RC4, ECB mode detection
- JWT Vulnerabilities: Algorithm confusion, weak secrets
- Session Security: Cookie analysis, CSRF tokens
- Key Exposure: Private key leakage
- Timing Attacks: Cryptographic timing vulnerabilities
๐ Network & Infrastructure
Network Module (network_module.py)
- Port Scanning: Service discovery
- SSL/TLS Analysis: Certificate validation, cipher analysis
- DNS Analysis: Zone transfers, subdomain enumeration
- CDN Detection: Content delivery network analysis
- Firewall Detection: Security control identification
- Load Balancer Analysis: Infrastructure mapping
Config Module (config_module.py)
- Configuration Files: Exposed settings, backups
- Debug Information: Error messages, stack traces
- Security Headers: HSTS, CSP, X-Frame-Options
- CORS Misconfiguration: Cross-origin policy flaws
- Default Credentials: Common username/password combinations
- Environment Variables: Sensitive data exposure
๐ Plugin & Theme Security
Plugin Module (plugin_module.py)
- Plugin Discovery: Installed plugins and themes
- Vulnerability Testing: Plugin-specific security flaws
- Outdated Components: Version analysis
- Dangerous Permissions: Excessive privileges
- File Access: Unauthorized file operations
- Theme Injection: Template injection vulnerabilities
๐ฏ User & Content Security
User Module (user_module.py)
- User Enumeration: Username discovery techniques
- Profile Analysis: Sensitive information exposure
- Permission Testing: Access control verification
- Social Engineering: Information gathering
- Account Takeover: Session and credential attacks
๐ฅ Ruby Exploit Collection
Critical CVEs (CVSS 9.0+)
| CVE | Description | CVSS | Module |
|---|---|---|---|
| CVE-2019-11479 | SQL Injection in search | 9.8 | CVE-2019-11479.rb |
| CVE-2021-41163 | RCE via theme import | 9.8 | CVE-2021-41163.rb |
| CVE-2023-49103 | Admin panel auth bypass | 9.1 | CVE-2023-49103.rb |
| CVE-2024-28084 | File upload RCE | 9.8 | CVE-2024-28084.rb |
| CVE-2024-42364 | SQL injection via search | 9.3 | CVE-2024-42364.rb |
High Severity (CVSS 7.0-8.9)
| CVE | Description | CVSS | Module |
|---|---|---|---|
| CVE-2022-31053 | SSRF via onebox preview | 8.6 | CVE-2022-31053.rb |
| CVE-2024-35198 | Server-side template injection | 8.8 | CVE-2024-35198.rb |
| CVE-2023-37467 | CSP nonce reuse XSS | 7.5 | discourse_cve_exploits.rb |
General Vulnerability Categories
- XSS Exploits (
discourse_xss.rb) - Multiple XSS vectors - SSRF Exploits (
discourse_ssrf.rb) - Server-side request forgery - RCE Exploits (
discourse_rce.rb) - Remote code execution - SQL Injection (
discourse_sqli.rb) - Database injection attacks - Auth Bypass (
discourse_auth_bypass.rb) - Authentication bypass - File Upload (
discourse_file_upload.rb) - File upload vulnerabilities - Info Disclosure (
discourse_info_disclosure.rb) - Information leakage - CSRF Attacks (
discourse_csrf.rb) - Cross-site request forgery - XXE Attacks (
discourse_xxe.rb) - XML external entity - Plugin Exploits (
discourse_plugin_exploits.rb) - Plugin vulnerabilities
๐ Sample Output
๐ก๏ธ DiscourseMap v2.0
๐ฏ Target: https://discourse.example.com
โฐ Started: 2024-12-20 10:30:15
[INFO] Starting comprehensive security scan...
[INFO] Modules loaded: info, endpoint, vulnerability, auth, crypto
๐ Information Gathering
โโโ [โ] Server: Discourse 3.1.2 (Ruby 3.0.4)
โโโ [โ] Plugins: 12 installed (3 outdated)
โโโ [โ ๏ธ] Admin users: 2 discovered
โโโ [โ] Categories: 15 public, 3 restricted
๐ Endpoint Discovery
โโโ [โ] Admin panel: /admin (protected)
โโโ [โ ๏ธ] Debug endpoint: /debug (exposed)
โโโ [โ] API endpoints: 45 discovered
โโโ [โ] Backup files: config.bak found
๐ก๏ธ Vulnerability Assessment
โโโ [โ] SQL Injection: 2 vulnerabilities found
โโโ [โ ๏ธ] XSS: 1 stored XSS in user profiles
โโโ [โ] CSRF: Missing tokens on 3 endpoints
โโโ [โ] File upload: Properly restricted
๐ Authentication & Authorization
โโโ [โ] Default credentials: admin/admin works
โโโ [โ ๏ธ] Session management: No timeout configured
โโโ [โ] Password policy: Strong requirements
โโโ [โ] Privilege escalation: Role manipulation possible
๐ Cryptographic Security
โโโ [โ ๏ธ] Weak hashing: MD5 found in password reset
โโโ [โ] SSL/TLS: Properly configured
โโโ [โ] JWT: Algorithm confusion vulnerability
โโโ [โ ๏ธ] Session cookies: Missing secure flag
๐ Scan Summary
โโโ ๐ด Critical: 3 vulnerabilities
โโโ ๐ก High: 5 vulnerabilities
โโโ ๐ Medium: 8 vulnerabilities
โโโ ๐ข Low: 12 vulnerabilities
๐พ Report saved: discourse_scan_20241220_103015.json
โฑ๏ธ Scan completed in 4m 32s
๐ Configuration
Configuration File (config.yaml)
# DiscourseMap Configuration
# Target Configuration
target:
url: "https://discourse.example.com"
timeout: 30
retries: 3
verify_ssl: true
# Authentication
auth:
username: ""
password: ""
api_key: ""
session_cookie: ""
# Scanning Options
scan:
modules:
- info
- endpoint
- vulnerability
- auth
- crypto
- network
- config
- plugin
- user
aggressive: false
delay: 1
random_delay: true
threads: 5
# Proxy Configuration
proxy:
http: ""
https: ""
socks: ""
# Output Configuration
output:
format: "json" # json, xml, html, pdf
file: "scan_results.json"
verbose: true
colors: true
# Ruby Exploit Configuration
ruby_exploits:
enabled: true
timeout: 60
max_threads: 3
cve_filter: [] # Empty = all CVEs
# Reporting
reporting:
include_screenshots: false
include_payloads: true
risk_scoring: true
compliance_mapping: true
Environment Variables
# Set environment variables for sensitive data
export DISCOURSE_USERNAME="admin"
export DISCOURSE_PASSWORD="secretpass"
export DISCOURSE_API_KEY="your-api-key"
export PROXY_URL="http://127.0.0.1:8080"
๐ง Development
Project Structure
discoursemap/
โโโ discoursemap/
โ โโโ modules/
โ โ โโโ __init__.py
โ โ โโโ info_module.py
โ โ โโโ endpoint_module.py
โ โ โโโ vulnerability_module.py
โ โ โโโ auth_module.py
โ โ โโโ crypto_module.py
โ โ โโโ network_module.py
โ โ โโโ config_module.py
โ โ โโโ plugin_module.py
โ โ โโโ user_module.py
โ โ โโโ cve_exploit_module.py
โ โ โโโ utils.py
โ โโโ scanner.py
โโโ ruby_exploits/
โ โโโ CVE-2019-11479.rb
โ โโโ CVE-2021-41163.rb
โ โโโ CVE-2022-31053.rb
โ โโโ CVE-2023-49103.rb
โ โโโ CVE-2024-28084.rb
โ โโโ CVE-2024-35198.rb
โ โโโ CVE-2024-42364.rb
โ โโโ discourse_xss.rb
โ โโโ discourse_ssrf.rb
โ โโโ discourse_rce.rb
โ โโโ discourse_sqli.rb
โ โโโ discourse_auth_bypass.rb
โ โโโ discourse_file_upload.rb
โ โโโ discourse_info_disclosure.rb
โ โโโ discourse_csrf.rb
โ โโโ discourse_xxe.rb
โ โโโ discourse_plugin_exploits.rb
โ โโโ discourse_cve_exploits.rb
โ โโโ discourse_file_upload_exploits.rb
โ โโโ discourse_api_exploits.rb
โ โโโ discourse_privilege_escalation.rb
โโโ tests/
โ โโโ test_modules.py
โ โโโ test_exploits.py
โ โโโ test_integration.py
โโโ docs/
โ โโโ API.md
โ โโโ MODULES.md
โ โโโ EXPLOITS.md
โโโ requirements.txt
โโโ requirements-dev.txt
โโโ Gemfile
โโโ Dockerfile
โโโ config.yaml.example
โโโ TODO.md
โโโ README.md
Adding New Modules
# Example: Creating a new module
class CustomModule:
def __init__(self, scanner):
self.scanner = scanner
self.results = {
'module_name': 'Custom Security Testing',
'target': scanner.target_url,
'vulnerabilities': []
}
def run_scan(self):
"""Main scanning logic"""
print(f"[*] Running custom security tests...")
# Your testing logic here
self._test_custom_vulnerability()
return self.results
def _test_custom_vulnerability(self):
"""Test for custom vulnerability"""
# Implementation here
pass
Adding Ruby Exploits
# Example: Creating a new Ruby exploit
class CustomExploit
def initialize(target_url)
@target_url = target_url
@results = []
end
def run_exploit
puts "[*] Testing custom vulnerability..."
# Your exploit logic here
test_custom_vulnerability
@results
end
private
def test_custom_vulnerability
# Implementation here
end
end
๐งช Testing
Running Tests
# Run all tests
python3 -m pytest tests/ -v
# Run specific test categories
python3 -m pytest tests/test_modules.py -v
python3 -m pytest tests/test_exploits.py -v
# Run with coverage
python3 -m pytest tests/ --cov=discoursemap --cov-report=html
# Run integration tests
python3 -m pytest tests/test_integration.py -v --slow
Test Environment Setup
# Set up test Discourse instance
docker run -d --name discourse-test \
-p 8080:80 \
discourse/discourse:latest
# Run tests against test instance
python3 discoursemap/scanner.py -u http://localhost:8080 --test-mode
๐ Documentation
- API Reference - Complete API documentation
- Module Guide - Detailed module documentation
- Exploit Guide - Ruby exploit documentation
- Contributing Guide - How to contribute
- Security Policy - Responsible disclosure
- Changelog - Version history
๐ค Contributing
We welcome contributions! Please see our Contributing Guide for details.
Quick Start for Contributors
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Areas for Contribution
- ๐ Bug fixes and improvements
- ๐ New security modules and tests
- ๐ Ruby exploit modules for new CVEs
- ๐ Documentation improvements
- ๐งช Test coverage expansion
- ๐จ UI/UX enhancements
- ๐ง Performance optimizations
๐ License
This project is licensed under the MIT License - see the LICENSE file for details.
โ ๏ธ Disclaimer
IMPORTANT: This tool is for educational and authorized security testing purposes only. Users are responsible for ensuring they have proper authorization before testing any systems. The developers assume no liability for misuse of this tool.
Responsible Use Guidelines
- โ Only test systems you own or have explicit permission to test
- โ Follow responsible disclosure practices
- โ Respect rate limits and avoid DoS conditions
- โ Use in compliance with local laws and regulations
- โ Do not use for malicious purposes
- โ Do not test systems without authorization
๐ Acknowledgments
- Discourse Team for creating an amazing platform
- Security Researchers who discovered and reported vulnerabilities
- Open Source Community for tools and libraries used
- Contributors who help improve this project
๐ Support & Contact
- ๐ Bug Reports: GitHub Issues
- ๐ก Feature Requests: GitHub Discussions
- ๐ Security Issues: ibrahimsql@proton.me
- ๐ง Email: ibrahimsql@proton.me
Made with โค๏ธ by ฤฐbrahimsql
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
discoursemap-1.0.1.tar.gz
(312.5 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
discoursemap-1.0.1-py3-none-any.whl
(230.2 kB
view details)
File details
Details for the file discoursemap-1.0.1.tar.gz.
File metadata
- Download URL: discoursemap-1.0.1.tar.gz
- Upload date:
- Size: 312.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8e114b49c1b022ca74fb9754b2a9fd54552f2ec210d76c224047e1b8c3c63e57
|
|
| MD5 |
5ac31eb1aae36f6b96d64c6edc7e5936
|
|
| BLAKE2b-256 |
ff78505546ea3041277391d49cdc4179ab580b23e2ebf91826885528aeddae67
|
File details
Details for the file discoursemap-1.0.1-py3-none-any.whl.
File metadata
- Download URL: discoursemap-1.0.1-py3-none-any.whl
- Upload date:
- Size: 230.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
430e17063e5a356a938d639ca191314c0a5ef0d953853fba224dc13b8dd9eed0
|
|
| MD5 |
d258f94087d2521764542cf538580fc4
|
|
| BLAKE2b-256 |
8c24bc70db5afe036de3274fd0ad650ba27e0119a071c324a94c6f772793130a
|
