droopescan 1.45.0

A plugin-based scanner that aids security researchers in identifying issues with several CMSs: Drupal, Wordpress, Moodle and SilverStripe. https://github.com/droope/droopescan

1.45.0

• New SS modules.

• New versions for all CMS.

• Fix Python version in Kali. Thank you @pr0b3r7 and @NorthShad0w.

1.44.1

• New Drupal versions, for the new tar.gz RCE.

• Update other versions as well.

1.44.0

• Marked Drupal as stable.

• Contribution by @mbomb007: Added README.md and CHANGELOG.md to Drupal interesting module URLs.

• Contribution by @masterwebsk: new Drupal version.

• New versions for all CMS except Joomla.

• Minor updates to update system.

1.43.0

• Contribution by @kieran-github: add –user-agent parameter.

• Contribution by @ageekymonk: Add new drupal 8 path.

• Contribution by @NicolasCARPi: Add Dockerfile.

• New Drupal and SS Modules.

1.42.0

• New version files for all CMS.

• Updated plugin files for some CMS.

1.41.3

• New versions for all CMS.

1.41.2

• New versions for all CMS.

• Downgrade Drupal due to bad plugin detection on 8.x. PRs encouraged.

1.41.1

• Minor documentation changes.

• New CMS versions.

1.41.0

• Add new versions of Drupal in order to detect RCE again.

• New Joomla version.

1.40.3

• Detects “Drupalgeddon 2”

• New versions for all other CMS.

1.40.2

• New versions for all CMSs.

1.40.1

• Reattempt release.

1.40.0

• Resolved issue that resulted in false negatives for plugins and themes on wordpress sites.

• Updated versions for drupal and moodle.

1.39.1

• New versions for all CMSs.

1.39.0

• Update plugins, themes.

• Update versions for all CMS.

• Fix failing test.

1.38.0

• Resolve issue that occurred when scanning a single site and requiring json output.

• Add beta version of joomla.

1.37.5

• Fix Pypi.

1.37.4

• Bees.

1.37.3

• Bees.

1.37.2

• New versions for all CMS except Silverstripe.

1.37.1

• Add handler for timeouts. Instead of throwing an exception it now shows a warning.

• Added –hide-progressbar option for people that want standard out but don’t want the progressbar.

1.37.0

• New version for SilverStripe, Drupal, Joomla and Wordpress.

• Add detection for modules in modules/ and themes/ for Drupal.

1.36.2

• New versions for all CMSs.

1.36.1

• New versions for all CMSs.

1.36.0

• Improve moodle support.

1.35.4

• New Drupal and Wordpress versions.

1.35.3

• New versions for all CMS.

1.35.2

• Add new Drupal, SS and Joomla versions. Several known issues unfixed, see .todo.txt.

1.35.1

• Add new SS, Joomla and Drupal versions.

1.35.0

• New version signatures, and plugin and theme lists for Wordpress.

• New plugin and theme lists for SilverStripe.

• New beta versions for several CMSs.

• Minor internal changes.

1.34.11

• Added fingerprints for new CMS versions.

1.34.10

• New Drupal, Joomla and SilverStripe versions.

1.34.9

• New versions for all the things.

1.34.8

• New version for Drupal, SilverStripe & Wordpress.

1.34.7

• New Drupal & Wordpress versions.

1.34.6

• New Drupal & Joomla versions.

1.34.3

• New SS & Drupal versions.

1.34.2

• New Drupal & Silverstripe versions.

1.34.1

• Fix broken release.

1.34.0

• New WP, Joomla and Drupal versions out. WP fixes serval security issues, including SSRF, XSS and an arbitrary redirect.

1.33.7

• New Joomla, WP, SS and Drupal versions. WP has a XSS vuln.

1.33.6

• Add joomla 3.4.7.

• New interesting URLs for Joomla.

• Fixed readme for wordpress.

1.33.5

• New versions of SS, WP, and Joomla (RCE?)

1.33.4

• Improved documentation.

• Drupal 8.0.1 added.

1.33.3

• Drupal 8.0.0 added to DB.A

• Add interesting URL for joomla (approximate version disclosure.)

1.33.2

• Added new SS version (security fixes.)

1.33.1

• New versions for Joomla (unauthenticated SQL injection) and Drupal (open redirect).

1.33.0

• Additional interesting URLs for Joomla.

• Improved SIGINT handling.

• Improved SilverStripe detection.

• Notify users when following redirects.

• Prevent erroneous CMS identification edge case.

1.32.2

• New versions for Drupal & SilverStripe. No new vulnerabilities released.

1.32.1

• Security updates for SS & Wordpress.

• Now supports plugin and theme enumeration for wordpress.

• Removed async capabilities.

1.32.0

• New CMS versions (Joomla and Silverstripe)

• Resolve issue in Kali.

• Implement async scanning functionality. This coexists with synchronous scanning code and will likely be removed unless performance increases are substantial.

1.32.0-rc8

• New Joomla and SS versions.

• Async mode in beta.

1.31.0

• Added –resume flag. Allows the resuming of long-running scans.

• New Wordpress and Drupal versions added to scanner. Drupal’s is a security release.

1.30.0

• Add wordpress support (version enumeration only.)

• Improve cms identification.

• Improve mass-scanning.

• Add capacity to add custom host headers.

• Improve documentation.

1.29.0

• CMS identification functionality. This enables droopescan to automatically detect CMS.

• Prototype implementation for Joomla version detection.

• New Joomla versions (security fixes.)

• General output improvements.

1.28.0

• Update Drupal, new versions: 6.36 & 7.38 (Security fixes)

1.28.0-rc1

• Internal improvements.

1.27.0

• UI improvements.

• Add support for relative paths for -U.

• Add fingerprints for SS 3.1.13 & 3.0.14.

• Version detection improvements.

1.27.0-beta

• Version detection improvement.

• Accept relative paths in -U.

• Internal improvements.

1.26.1

• Bug fix for Kali.

1.26.0

• Update Drupal and SilverStripe. No security updates.

• Improve version detection.

• Added notice for legacy requests library (for Kali users.)

1.25.0

• Bug fix.