Droopescan – CMS Plugin-based Security Scanner

Droopescan is a plugin-based scanner that aids security researchers in identifying issues with several CMS. This tool aims to be the most accurate by default, while not overloading the target server due to excessive concurrent requests.

The current supported CMS are SilverStripe ,Wordpress and Partial functionality for Joomla (version enumeration and interesting URLs only) , Moodle (plugin & theme very limited, watch out) ,Drupal (plugin discovery partial on new installations of Drupal, patches encouraged).

Droopescan - CMS Plugin-based Security Scanner
Droopescan – CMS Plugin-based Security Scanner

This tool is able to perform four kinds of tests. By default all tests are ran, but you can specify one of the following with the -e or --enumerate flag:

  • p — Plugin checks: Performs several thousand HTTP requests and returns a listing of all plugins found to be installed in the target host.
  • t — Theme checks: As above, but for themes.
  • v — Version checks: Downloads several files and, based on the checksums of these files, returns a list of all possible versions.
  • i — Interesting url checks: Checks for interesting urls (admin panels, readme files, etc.)

You can read more and download this tool over here: https://github.com/droope/droopescan

Notify of
Inline Feedbacks
View all comments