A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
Project description
1.11.0
======
* Improved SS scanning (particularly plugin scanning) a great deal.
* Added 'interesting module urls' for SS.
* More documentation.
* Internal tidy-up.
1.10.0
======
* Added support for interesting module urls.
* Add more documentation.
1.9.0
=====
* Update databases.
* Improve drupal detection.
* SilverStripe improvements.
* Massive internal rework.
1.9.0-rc1
=========
* Add python 3 support.
* More documentation.
* General tidy up of the code.
* Database updates.
* Improved detection for SS modules.
* Fixed memory leak which was showing up after scanning more than 40.000
websites.
* Improved output.
* Added travis support.
* General bug fixes.
1.8.4.1
=======
* Database update. Drupal 7.33 & SS 3.1.7-rc have been released.
1.8.4
=====
* Add global per-site timeout.
* Add functionality for logging standard errors to a file.
1.8.4-rc
========
* Add better handling for websites with fake changelogs, but still utilize them to narrow down when reasonable.
* Deal with websites that always respond with 200 OK, even on not found pages. Add heuristic test to differentiate from real 200 OK responses.
* Misc fixes.
1.8.4-beta
==========
* Improved accuracy for druppagedon as far as possible.
* Fixed aesthetic issues with JSON output.
* Fixed issues with redirects on non-cms websites.
1.8.3
=====
* Added timeouts to prevent hanging on massive scans.
* Avoid unnecessarily discarding connections due to a low max http pool limit.
1.8.3-rc
========
* Improve error handling.
* Final release before stable.
1.8.3-beta
==========
* Improve documentation.
1.8.2-beta
==========
* Add new drupal version so that fully patched up versions of Drupal get
detected properly.
1.8.1-beta
==========
* Fix output issue.
1.8.0-alpha
===========
* Added JSON output.
* Added multi-threaded multi site scanning.
* Improved output.
1.7.3
=====
* Removed DNN.
* Fixed SS updating process.
* Fixed bug on display of loading bar.
* Tag release.
1.7.2-beta
==========
* Released beta of version 1.x.
* Vastly improved version detection and database handling.
0.7.1
=====
* Added administrative interfaces to interesting urls.
* Misc improvements for all plugins.
* Added a progress bar.
* Added warnings on excessive load on the server.
0.7.0
=====
* Added new version information to the database information.
* Improved version detection.
* Automated gathering of versions for SS.
0.6.5
=====
* Updated database file.
* Handled non-cms urls in a more verbose way.
* Automated drupal version gathering.
* Added support for multiple, undistinguishable versions.
* Made dependency optional for standard run.
0.6.4
=====
* Improve version handling.
* Improve release.
* Auto version.
0.6.3
=====
* Added release functionality.
* Changed user agent.
* Got rid of global plugin session state which could have caused issues in the
future.
0.6.2
=====
* Fix exception on non-git.
0.6.1
=====
* Added stats so users can quickly get an overview of how up to date the plugin
database is.
* Added functionality for the finding of interesting URLs.
* Reduced the number of default threads.
0.6.0
====
* Documented support for upstream proxies, and authentication in general.
* Disabled certificate validation so as to allow intercepting and modification
of requests by proxies.
* Internal improvements.
0.5.1
=====
* Made plugins more versatile.
* Add DNN + SilverStripe version detection.
0.5.0
=====
* Add version fingerprinting to drupal.
* Improved argument handling.
* Internal improvements which users don't care about.
* Add version fingerprinting infrastructure.
0.4.1
=====
* Fixed 404 fingerprinting for SilverStripe.
* Improved output & colours.
* Made HEAD the default HTTP verb.
* Added an option to choose the HTTP verb.
* Improved threading.
0.4
===
Improved visuals.
0.3.3
=====
Changed default enumeration to scan for all the things.
0.3.2
=====
Added a changelog.
0.3.1
=====
First stable release:
* Scans Drupal, SilverStripe; contains wordlists for scanning themes as well as
droopescan configuration for it.
* Multi-threaded.
======
* Improved SS scanning (particularly plugin scanning) a great deal.
* Added 'interesting module urls' for SS.
* More documentation.
* Internal tidy-up.
1.10.0
======
* Added support for interesting module urls.
* Add more documentation.
1.9.0
=====
* Update databases.
* Improve drupal detection.
* SilverStripe improvements.
* Massive internal rework.
1.9.0-rc1
=========
* Add python 3 support.
* More documentation.
* General tidy up of the code.
* Database updates.
* Improved detection for SS modules.
* Fixed memory leak which was showing up after scanning more than 40.000
websites.
* Improved output.
* Added travis support.
* General bug fixes.
1.8.4.1
=======
* Database update. Drupal 7.33 & SS 3.1.7-rc have been released.
1.8.4
=====
* Add global per-site timeout.
* Add functionality for logging standard errors to a file.
1.8.4-rc
========
* Add better handling for websites with fake changelogs, but still utilize them to narrow down when reasonable.
* Deal with websites that always respond with 200 OK, even on not found pages. Add heuristic test to differentiate from real 200 OK responses.
* Misc fixes.
1.8.4-beta
==========
* Improved accuracy for druppagedon as far as possible.
* Fixed aesthetic issues with JSON output.
* Fixed issues with redirects on non-cms websites.
1.8.3
=====
* Added timeouts to prevent hanging on massive scans.
* Avoid unnecessarily discarding connections due to a low max http pool limit.
1.8.3-rc
========
* Improve error handling.
* Final release before stable.
1.8.3-beta
==========
* Improve documentation.
1.8.2-beta
==========
* Add new drupal version so that fully patched up versions of Drupal get
detected properly.
1.8.1-beta
==========
* Fix output issue.
1.8.0-alpha
===========
* Added JSON output.
* Added multi-threaded multi site scanning.
* Improved output.
1.7.3
=====
* Removed DNN.
* Fixed SS updating process.
* Fixed bug on display of loading bar.
* Tag release.
1.7.2-beta
==========
* Released beta of version 1.x.
* Vastly improved version detection and database handling.
0.7.1
=====
* Added administrative interfaces to interesting urls.
* Misc improvements for all plugins.
* Added a progress bar.
* Added warnings on excessive load on the server.
0.7.0
=====
* Added new version information to the database information.
* Improved version detection.
* Automated gathering of versions for SS.
0.6.5
=====
* Updated database file.
* Handled non-cms urls in a more verbose way.
* Automated drupal version gathering.
* Added support for multiple, undistinguishable versions.
* Made dependency optional for standard run.
0.6.4
=====
* Improve version handling.
* Improve release.
* Auto version.
0.6.3
=====
* Added release functionality.
* Changed user agent.
* Got rid of global plugin session state which could have caused issues in the
future.
0.6.2
=====
* Fix exception on non-git.
0.6.1
=====
* Added stats so users can quickly get an overview of how up to date the plugin
database is.
* Added functionality for the finding of interesting URLs.
* Reduced the number of default threads.
0.6.0
====
* Documented support for upstream proxies, and authentication in general.
* Disabled certificate validation so as to allow intercepting and modification
of requests by proxies.
* Internal improvements.
0.5.1
=====
* Made plugins more versatile.
* Add DNN + SilverStripe version detection.
0.5.0
=====
* Add version fingerprinting to drupal.
* Improved argument handling.
* Internal improvements which users don't care about.
* Add version fingerprinting infrastructure.
0.4.1
=====
* Fixed 404 fingerprinting for SilverStripe.
* Improved output & colours.
* Made HEAD the default HTTP verb.
* Added an option to choose the HTTP verb.
* Improved threading.
0.4
===
Improved visuals.
0.3.3
=====
Changed default enumeration to scan for all the things.
0.3.2
=====
Added a changelog.
0.3.1
=====
First stable release:
* Scans Drupal, SilverStripe; contains wordlists for scanning themes as well as
droopescan configuration for it.
* Multi-threaded.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
droopescan-1.11.0.tar.gz
(189.5 kB
view details)
Built Distribution
File details
Details for the file droopescan-1.11.0.tar.gz.
File metadata
- Download URL: droopescan-1.11.0.tar.gz
- Upload date:
- Size: 189.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ab3e39ef07e607555c773d2a50d618e54f1eed627278bf5d5ae696dc0a26e954 |
|
| MD5 | 62e2ea1c5023e92c7bc6eada22700454 |
|
| BLAKE2b-256 | 7c7f54460088daa63de5e1ea97fdd2fa9565f1924e8a71dba59ca9310a7f7180 |
File details
Details for the file droopescan-1.11.0-py2.py3-none-any.whl.
File metadata
- Download URL: droopescan-1.11.0-py2.py3-none-any.whl
- Upload date:
- Size: 239.7 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 85eb9b1f239316c822189ded4e4e7115058f0d2f6d6671c9b95838f69f98b5e0 |
|
| MD5 | f94ca03fb710c6edbd6f8526b1c48f12 |
|
| BLAKE2b-256 | fae5fe9961053eb8b376006c138441e75cb8bccf5faaa8ba0103db774c09af3a |
