Droopescan, Security Scanner of CMS Plugins, The Hack’Everything Tool !
Droopescan is a plugin-based CMS security scanner that that will help you with identifying issues with several CMSs, mainly Drupal & Silverstripe.
Droopescan aims to be the most accurate by default, while not overloading the target server due to excessive concurrent requests. Due to this, by default, a large number of requests will be made with four threads; change these settings by using the –number and –threads arguments respectively.
There are various other tools which perform similar functions such as CMS identification and issue detection:
– WhatWeb – Identify CMS, Blogging Platform, Stats Packages & More
– BlindElephant – Web Application Fingerprinter
– wig – WebApp Information Gatherer – Identify CMS
– Web-Sorrow v1.48 – Version Detection, CMS Identification & Enumeration
– WPScan – WordPress Security/Vulnerability Scanner
Droopescan is able to perform four kinds of tests:
- Plugin checks: Performs several thousand HTTP requests and returns a listing of all plugins found to be installed in the target host.
- Theme checks: As above, but for themes.
- Version checks: Downloads several files and, based on the checksums of these files, returns a list of all possible versions.
- Interesting url checks: Checks for interesting urls (admin panels, readme files, etc.)
Installation is easy using pip:
apt–get install python–pip
pip install droopescan
Manual installation is as follows:
git clone https://github.com/droope/droopescan.git
pip install –r requirements.txt
./droopescan scan —help
The master branch corresponds to the latest release (what is in pypi). Development branch is unstable and all pull requests must be made against it.