droopescan 1.32.2

A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & SilverStripe. https://github.com/droope/droopescan

1.32.2

• New versions for Drupal & SilverStripe. No new vulnerabilities released.

1.32.1

• Security updates for SS & Wordpress.

• Now supports plugin and theme enumeration for wordpress.

• Removed async capabilities.

1.32.0

• New CMS versions (Joomla and Silverstripe)

• Resolve issue in Kali.

• Implement async scanning functionality. This coexists with synchronous scanning code and will likely be removed unless performance increases are substantial.

1.32.0-rc8

• New Joomla and SS versions.

• Async mode in beta.

1.31.0

• Added –resume flag. Allows the resuming of long-running scans.

• New Wordpress and Drupal versions added to scanner. Drupal’s is a security release.

1.30.0

• Add wordpress support (version enumeration only.)

• Improve cms identification.

• Improve mass-scanning.

• Add capacity to add custom host headers.

• Improve documentation.

1.29.0

• CMS identification functionality. This enables droopescan to automatically detect CMS.

• Prototype implementation for Joomla version detection.

• New Joomla versions (security fixes.)

• General output improvements.

1.28.0

• Update Drupal, new versions: 6.36 & 7.38 (Security fixes)

1.28.0-rc1

• Internal improvements.

1.27.0

• UI improvements.

• Add support for relative paths for -U.

• Add fingerprints for SS 3.1.13 & 3.0.14.

• Version detection improvements.

1.27.0-beta

• Version detection improvement.

• Accept relative paths in -U.

• Internal improvements.

1.26.1

• Bug fix for Kali.

1.26.0

• Update Drupal and SilverStripe. No security updates.

• Improve version detection.

• Added notice for legacy requests library (for Kali users.)

1.25.0

• Bug fix.

1.24.0

• Drupal 7.36, SS 3.0.13.

• Fixed stats.

1.23.1

• Fix botched release. Add more “leetness”.

1.23.0

• Increase “leetness” in invocations without arguments and in stats.

• Improve documentation, github language detection.

• Reduce number of themes scanned by default.

• Improve SS module list.

• Add fancy autocompletion for common command-line arguments.

1.22.1

• Updated versions. New security advisories out for both Drupal & SS.

1.22.0

• Miscelaneous improvements.

1.21.0

• Add new SS version.

• Improved release process to allow the releasing from branches instead of only allowing releases from ‘development’.

1.20.0

• Update SS to version 3.1.10.

• Remove unnecessary files.

• Improve plugin lists.

1.19.1

• Improve documentation.

• Add SS Release Candidates.

1.19.0

• Added support for Drupal 8.x.

• Usability improvements.

• Add flag for not following redirects.

1.18.0

• Improved SS detection for new reported bug.

• Improve stats.

• Remove relative redirects or same-site redirects.

1.13.0

• Support for SS 3.9.

• Remove super annoying warning by urllib3.

• Usability improvements.

• Add integration tests which should pick up on most issues.

1.12.0

• Add PyPI support.

• Add support for virtualenv.

• Add “graceful” handling of SIGINT.

• Documentation improvements.

1.11.0

• Improved SS scanning (particularly plugin scanning) a great deal.

• Added ‘interesting module urls’ for SS.

• More documentation.

• Internal tidy-up.

1.10.0

• Added support for interesting module urls.

• Add more documentation.

1.9.0

• Update databases.

• Improve drupal detection.

• SilverStripe improvements.

• Massive internal rework.

1.9.0-rc1

• Add python 3 support.

• More documentation.

• General tidy up of the code.

• Database updates.

• Improved detection for SS modules.

• Fixed memory leak which was showing up after scanning more than 40.000 websites.

• Improved output.

• Added travis support.

• General bug fixes.

1.8.4.1

• Database update. Drupal 7.33 & SS 3.1.7-rc have been released.

1.8.4

• Add global per-site timeout.

• Add functionality for logging standard errors to a file.

1.8.4-rc

• Add better handling for websites with fake changelogs, but still utilize them to narrow down when reasonable.

• Deal with websites that always respond with 200 OK, even on not found pages. Add heuristic test to differentiate from real 200 OK responses.

• Misc fixes.

1.8.4-beta

• Improved accuracy for druppagedon as far as possible.

• Fixed aesthetic issues with JSON output.

• Fixed issues with redirects on non-cms websites.

1.8.3

• Added timeouts to prevent hanging on massive scans.

• Avoid unnecessarily discarding connections due to a low max http pool limit.

1.8.3-rc

• Improve error handling.

• Final release before stable.

1.8.3-beta

• Improve documentation.

1.8.2-beta

• Add new drupal version so that fully patched up versions of Drupal get detected properly.

1.8.1-beta

• Fix output issue.

1.8.0-alpha

• Added JSON output.

• Added multi-threaded multi site scanning.

• Improved output.

1.7.3

• Removed DNN.

• Fixed SS updating process.

• Fixed bug on display of loading bar.

• Tag release.

1.7.2-beta

• Released beta of version 1.x.

• Vastly improved version detection and database handling.