Droopescan- plugin-based scanner for Drupal & Silverstripe

Web application scanning is very important to identify vulnerabilities and security gaps that allow a hacker to compromise the web servers. Today we have several open source tools that help to make a verification on content management system like Droopescan.

Droopescan is a plugin-based scanner that help security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe. the scanner is python based that make 4 type of security testing:

  • Plugin checks: Performs several thousand HTTP requests and returns a listing of all plugins found to be installed in the target host.
  • Theme checks: As above, but for themes.
  • Version checks: Downloads several files and, based on the checksums of these files, returns a list of all possible versions.
  • Interesting url checks: Checks for interesting urls (admin panels, readme files, etc.)

The application support the authenticated scans to have a better results while crawling the target.

DroopescanDroopescan CMS scanner screenshot

You can read more and download Droopescan over this link: https://github.com/droope/droopescan

Notify of
Inline Feedbacks
View all comments