Skip to main content

A plugin-based scanner that aids security researchers in identifying issues with several CMSs: Drupal, Wordpress, Moodle and SilverStripe. https://github.com/droope/droopescan

Project description

1.44.1

  • New Drupal versions, for the new tar.gz RCE.

  • Update other versions as well.

1.44.0

  • Marked Drupal as stable.

  • Contribution by @mbomb007: Added README.md and CHANGELOG.md to Drupal interesting module URLs.

  • Contribution by @masterwebsk: new Drupal version.

  • New versions for all CMS except Joomla.

  • Minor updates to update system.

1.43.0

  • Contribution by @kieran-github: add –user-agent parameter.

  • Contribution by @ageekymonk: Add new drupal 8 path.

  • Contribution by @NicolasCARPi: Add Dockerfile.

  • New Drupal and SS Modules.

1.42.0

  • New version files for all CMS.

  • Updated plugin files for some CMS.

1.41.3

  • New versions for all CMS.

1.41.2

  • New versions for all CMS.

  • Downgrade Drupal due to bad plugin detection on 8.x. PRs encouraged.

1.41.1

  • Minor documentation changes.

  • New CMS versions.

1.41.0

  • Add new versions of Drupal in order to detect RCE again.

  • New Joomla version.

1.40.3

  • Detects “Drupalgeddon 2”

  • New versions for all other CMS.

1.40.2

  • New versions for all CMSs.

1.40.1

  • Reattempt release.

1.40.0

  • Resolved issue that resulted in false negatives for plugins and themes on wordpress sites.

  • Updated versions for drupal and moodle.

1.39.1

  • New versions for all CMSs.

1.39.0

  • Update plugins, themes.

  • Update versions for all CMS.

  • Fix failing test.

1.38.0

  • Resolve issue that occurred when scanning a single site and requiring json output.

  • Add beta version of joomla.

1.37.5

  • Fix Pypi.

1.37.4

  • Bees.

1.37.3

  • Bees.

1.37.2

  • New versions for all CMS except Silverstripe.

1.37.1

  • Add handler for timeouts. Instead of throwing an exception it now shows a warning.

  • Added –hide-progressbar option for people that want standard out but don’t want the progressbar.

1.37.0

  • New version for SilverStripe, Drupal, Joomla and Wordpress.

  • Add detection for modules in modules/ and themes/ for Drupal.

1.36.2

  • New versions for all CMSs.

1.36.1

  • New versions for all CMSs.

1.36.0

  • Improve moodle support.

1.35.4

  • New Drupal and Wordpress versions.

1.35.3

  • New versions for all CMS.

1.35.2

  • Add new Drupal, SS and Joomla versions. Several known issues unfixed, see .todo.txt.

1.35.1

  • Add new SS, Joomla and Drupal versions.

1.35.0

  • New version signatures, and plugin and theme lists for Wordpress.

  • New plugin and theme lists for SilverStripe.

  • New beta versions for several CMSs.

  • Minor internal changes.

1.34.11

  • Added fingerprints for new CMS versions.

1.34.10

  • New Drupal, Joomla and SilverStripe versions.

1.34.9

  • New versions for all the things.

1.34.8

  • New version for Drupal, SilverStripe & Wordpress.

1.34.7

  • New Drupal & Wordpress versions.

1.34.6

  • New Drupal & Joomla versions.

1.34.3

  • New SS & Drupal versions.

1.34.2

  • New Drupal & Silverstripe versions.

1.34.1

  • Fix broken release.

1.34.0

  • New WP, Joomla and Drupal versions out. WP fixes serval security issues, including SSRF, XSS and an arbitrary redirect.

1.33.7

  • New Joomla, WP, SS and Drupal versions. WP has a XSS vuln.

1.33.6

  • Add joomla 3.4.7.

  • New interesting URLs for Joomla.

  • Fixed readme for wordpress.

1.33.5

  • New versions of SS, WP, and Joomla (RCE?)

1.33.4

  • Improved documentation.

  • Drupal 8.0.1 added.

1.33.3

  • Drupal 8.0.0 added to DB.A

  • Add interesting URL for joomla (approximate version disclosure.)

1.33.2

  • Added new SS version (security fixes.)

1.33.1

  • New versions for Joomla (unauthenticated SQL injection) and Drupal (open redirect).

1.33.0

  • Additional interesting URLs for Joomla.

  • Improved SIGINT handling.

  • Improved SilverStripe detection.

  • Notify users when following redirects.

  • Prevent erroneous CMS identification edge case.

1.32.2

  • New versions for Drupal & SilverStripe. No new vulnerabilities released.

1.32.1

  • Security updates for SS & Wordpress.

  • Now supports plugin and theme enumeration for wordpress.

  • Removed async capabilities.

1.32.0

  • New CMS versions (Joomla and Silverstripe)

  • Resolve issue in Kali.

  • Implement async scanning functionality. This coexists with synchronous scanning code and will likely be removed unless performance increases are substantial.

1.32.0-rc8

  • New Joomla and SS versions.

  • Async mode in beta.

1.31.0

  • Added –resume flag. Allows the resuming of long-running scans.

  • New Wordpress and Drupal versions added to scanner. Drupal’s is a security release.

1.30.0

  • Add wordpress support (version enumeration only.)

  • Improve cms identification.

  • Improve mass-scanning.

  • Add capacity to add custom host headers.

  • Improve documentation.

1.29.0

  • CMS identification functionality. This enables droopescan to automatically detect CMS.

  • Prototype implementation for Joomla version detection.

  • New Joomla versions (security fixes.)

  • General output improvements.

1.28.0

  • Update Drupal, new versions: 6.36 & 7.38 (Security fixes)

1.28.0-rc1

  • Internal improvements.

1.27.0

  • UI improvements.

  • Add support for relative paths for -U.

  • Add fingerprints for SS 3.1.13 & 3.0.14.

  • Version detection improvements.

1.27.0-beta

  • Version detection improvement.

  • Accept relative paths in -U.

  • Internal improvements.

1.26.1

  • Bug fix for Kali.

1.26.0

  • Update Drupal and SilverStripe. No security updates.

  • Improve version detection.

  • Added notice for legacy requests library (for Kali users.)

1.25.0

  • Bug fix.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

droopescan-1.44.1.tar.gz (478.6 kB view details)

Uploaded Source

Built Distribution

droopescan-1.44.1-py2.py3-none-any.whl (509.4 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file droopescan-1.44.1.tar.gz.

File metadata

  • Download URL: droopescan-1.44.1.tar.gz
  • Upload date:
  • Size: 478.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: Python-urllib/2.7

File hashes

Hashes for droopescan-1.44.1.tar.gz
Algorithm Hash digest
SHA256 02995a2ee90554cd9bf083fedf1a687456003c08b23b6e5b72cd9dfb27f23ef2
MD5 683073a26e6d13bd9fb0de753403f703
BLAKE2b-256 e4eb272649fad0ffb76b097f7cc860e4c0bd33aa0d7520a8283e25a2871e85e5

See more details on using hashes here.

File details

Details for the file droopescan-1.44.1-py2.py3-none-any.whl.

File metadata

File hashes

Hashes for droopescan-1.44.1-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 331bab1ff9b7d15fbc062147be95a3112347937f5c7d60255e6397af26baff67
MD5 0d2c65da0aae1123494452fb90518f27
BLAKE2b-256 05f923e8ccd84474aa3e52fa7db71c05e9296b966a1a79c854f9aeb6e8118011

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page