A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
Project description
1.18.0
======
* Improved SS detection for new reported bug.
* Improve stats.
* Remove relative redirects or same-site redirects.
1.13.0
======
* Support for SS 3.9.
* Remove super annoying warning by urllib3.
* Usability improvements.
* Add integration tests which should pick up on most issues.
1.12.0
======
* Add PyPI support.
* Add support for virtualenv.
* Add "graceful" handling of SIGINT.
* Documentation improvements.
1.11.0
======
* Improved SS scanning (particularly plugin scanning) a great deal.
* Added 'interesting module urls' for SS.
* More documentation.
* Internal tidy-up.
1.10.0
======
* Added support for interesting module urls.
* Add more documentation.
1.9.0
=====
* Update databases.
* Improve drupal detection.
* SilverStripe improvements.
* Massive internal rework.
1.9.0-rc1
=========
* Add python 3 support.
* More documentation.
* General tidy up of the code.
* Database updates.
* Improved detection for SS modules.
* Fixed memory leak which was showing up after scanning more than 40.000
websites.
* Improved output.
* Added travis support.
* General bug fixes.
1.8.4.1
=======
* Database update. Drupal 7.33 & SS 3.1.7-rc have been released.
1.8.4
=====
* Add global per-site timeout.
* Add functionality for logging standard errors to a file.
1.8.4-rc
========
* Add better handling for websites with fake changelogs, but still utilize them to narrow down when reasonable.
* Deal with websites that always respond with 200 OK, even on not found pages. Add heuristic test to differentiate from real 200 OK responses.
* Misc fixes.
1.8.4-beta
==========
* Improved accuracy for druppagedon as far as possible.
* Fixed aesthetic issues with JSON output.
* Fixed issues with redirects on non-cms websites.
1.8.3
=====
* Added timeouts to prevent hanging on massive scans.
* Avoid unnecessarily discarding connections due to a low max http pool limit.
1.8.3-rc
========
* Improve error handling.
* Final release before stable.
1.8.3-beta
==========
* Improve documentation.
1.8.2-beta
==========
* Add new drupal version so that fully patched up versions of Drupal get
detected properly.
1.8.1-beta
==========
* Fix output issue.
1.8.0-alpha
===========
* Added JSON output.
* Added multi-threaded multi site scanning.
* Improved output.
1.7.3
=====
* Removed DNN.
* Fixed SS updating process.
* Fixed bug on display of loading bar.
* Tag release.
1.7.2-beta
==========
* Released beta of version 1.x.
* Vastly improved version detection and database handling.
0.7.1
=====
* Added administrative interfaces to interesting urls.
* Misc improvements for all plugins.
* Added a progress bar.
* Added warnings on excessive load on the server.
0.7.0
=====
* Added new version information to the database information.
* Improved version detection.
* Automated gathering of versions for SS.
0.6.5
=====
* Updated database file.
* Handled non-cms urls in a more verbose way.
* Automated drupal version gathering.
* Added support for multiple, undistinguishable versions.
* Made dependency optional for standard run.
0.6.4
=====
* Improve version handling.
* Improve release.
* Auto version.
0.6.3
=====
* Added release functionality.
* Changed user agent.
* Got rid of global plugin session state which could have caused issues in the
future.
0.6.2
=====
* Fix exception on non-git.
0.6.1
=====
* Added stats so users can quickly get an overview of how up to date the plugin
database is.
* Added functionality for the finding of interesting URLs.
* Reduced the number of default threads.
0.6.0
====
* Documented support for upstream proxies, and authentication in general.
* Disabled certificate validation so as to allow intercepting and modification
of requests by proxies.
* Internal improvements.
0.5.1
=====
* Made plugins more versatile.
* Add DNN + SilverStripe version detection.
0.5.0
=====
* Add version fingerprinting to drupal.
* Improved argument handling.
* Internal improvements which users don't care about.
* Add version fingerprinting infrastructure.
0.4.1
=====
* Fixed 404 fingerprinting for SilverStripe.
* Improved output & colours.
* Made HEAD the default HTTP verb.
* Added an option to choose the HTTP verb.
* Improved threading.
0.4
===
Improved visuals.
0.3.3
=====
Changed default enumeration to scan for all the things.
0.3.2
=====
Added a changelog.
0.3.1
=====
First stable release:
* Scans Drupal, SilverStripe; contains wordlists for scanning themes as well as
droopescan configuration for it.
* Multi-threaded.
======
* Improved SS detection for new reported bug.
* Improve stats.
* Remove relative redirects or same-site redirects.
1.13.0
======
* Support for SS 3.9.
* Remove super annoying warning by urllib3.
* Usability improvements.
* Add integration tests which should pick up on most issues.
1.12.0
======
* Add PyPI support.
* Add support for virtualenv.
* Add "graceful" handling of SIGINT.
* Documentation improvements.
1.11.0
======
* Improved SS scanning (particularly plugin scanning) a great deal.
* Added 'interesting module urls' for SS.
* More documentation.
* Internal tidy-up.
1.10.0
======
* Added support for interesting module urls.
* Add more documentation.
1.9.0
=====
* Update databases.
* Improve drupal detection.
* SilverStripe improvements.
* Massive internal rework.
1.9.0-rc1
=========
* Add python 3 support.
* More documentation.
* General tidy up of the code.
* Database updates.
* Improved detection for SS modules.
* Fixed memory leak which was showing up after scanning more than 40.000
websites.
* Improved output.
* Added travis support.
* General bug fixes.
1.8.4.1
=======
* Database update. Drupal 7.33 & SS 3.1.7-rc have been released.
1.8.4
=====
* Add global per-site timeout.
* Add functionality for logging standard errors to a file.
1.8.4-rc
========
* Add better handling for websites with fake changelogs, but still utilize them to narrow down when reasonable.
* Deal with websites that always respond with 200 OK, even on not found pages. Add heuristic test to differentiate from real 200 OK responses.
* Misc fixes.
1.8.4-beta
==========
* Improved accuracy for druppagedon as far as possible.
* Fixed aesthetic issues with JSON output.
* Fixed issues with redirects on non-cms websites.
1.8.3
=====
* Added timeouts to prevent hanging on massive scans.
* Avoid unnecessarily discarding connections due to a low max http pool limit.
1.8.3-rc
========
* Improve error handling.
* Final release before stable.
1.8.3-beta
==========
* Improve documentation.
1.8.2-beta
==========
* Add new drupal version so that fully patched up versions of Drupal get
detected properly.
1.8.1-beta
==========
* Fix output issue.
1.8.0-alpha
===========
* Added JSON output.
* Added multi-threaded multi site scanning.
* Improved output.
1.7.3
=====
* Removed DNN.
* Fixed SS updating process.
* Fixed bug on display of loading bar.
* Tag release.
1.7.2-beta
==========
* Released beta of version 1.x.
* Vastly improved version detection and database handling.
0.7.1
=====
* Added administrative interfaces to interesting urls.
* Misc improvements for all plugins.
* Added a progress bar.
* Added warnings on excessive load on the server.
0.7.0
=====
* Added new version information to the database information.
* Improved version detection.
* Automated gathering of versions for SS.
0.6.5
=====
* Updated database file.
* Handled non-cms urls in a more verbose way.
* Automated drupal version gathering.
* Added support for multiple, undistinguishable versions.
* Made dependency optional for standard run.
0.6.4
=====
* Improve version handling.
* Improve release.
* Auto version.
0.6.3
=====
* Added release functionality.
* Changed user agent.
* Got rid of global plugin session state which could have caused issues in the
future.
0.6.2
=====
* Fix exception on non-git.
0.6.1
=====
* Added stats so users can quickly get an overview of how up to date the plugin
database is.
* Added functionality for the finding of interesting URLs.
* Reduced the number of default threads.
0.6.0
====
* Documented support for upstream proxies, and authentication in general.
* Disabled certificate validation so as to allow intercepting and modification
of requests by proxies.
* Internal improvements.
0.5.1
=====
* Made plugins more versatile.
* Add DNN + SilverStripe version detection.
0.5.0
=====
* Add version fingerprinting to drupal.
* Improved argument handling.
* Internal improvements which users don't care about.
* Add version fingerprinting infrastructure.
0.4.1
=====
* Fixed 404 fingerprinting for SilverStripe.
* Improved output & colours.
* Made HEAD the default HTTP verb.
* Added an option to choose the HTTP verb.
* Improved threading.
0.4
===
Improved visuals.
0.3.3
=====
Changed default enumeration to scan for all the things.
0.3.2
=====
Added a changelog.
0.3.1
=====
First stable release:
* Scans Drupal, SilverStripe; contains wordlists for scanning themes as well as
droopescan configuration for it.
* Multi-threaded.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
droopescan-1.18.0.tar.gz
(153.1 kB
view details)
Built Distribution
File details
Details for the file droopescan-1.18.0.tar.gz.
File metadata
- Download URL: droopescan-1.18.0.tar.gz
- Upload date:
- Size: 153.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ca57095a26eb43a4896cc83fc9938b80c5d47b9fca7ed1b705f097c73e58393e |
|
| MD5 | 528ee735bbe273f9854b187ed2121514 |
|
| BLAKE2b-256 | c01edf85e2beaf6b1cf2f919cf9aa5cad50f407b8a59477090729a19152e77a3 |
File details
Details for the file droopescan-1.18.0-py2.py3-none-any.whl.
File metadata
- Download URL: droopescan-1.18.0-py2.py3-none-any.whl
- Upload date:
- Size: 187.1 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f7b35493de8d391051b0f9b838332f98eafab08324116ebac65add8897b00437 |
|
| MD5 | 7fde110cf06d15b5fe5e5365d08faaca |
|
| BLAKE2b-256 | ba883bc9ccff04a8fb52a5b214f3337582a202d51e263f7cb997990e64c00f7a |
