Dicas, tutoriais e reviews sobre Android, Linux e Windows.

Droopescan – Indentifique falhas em CMSs inclusive Drupal & Silverstripe

7

Droopescan – Indentifique falhas em CMSs inclusive Drupal & Silverstripe. Se você é um profissional de segurança da informação essa ferramenta é simplesmente indispensávelUm scanner  que ajuda  pesquisadores de segurança na identificação de problemas com vários CMSs:

  • Drupal.
  • SilverStripe.

Funcionalidade parcial para :

  • WordPress.
  • Joomla.
computer:~/droopescan$ droopescan scan drupal -u http://example.org/ -t 8
[+] No themes found.

[+] Possible interesting urls found:
    Default changelog file - https://www.example.org/CHANGELOG.txt
    Default admin - https://www.example.org/user/login

[+] Possible version(s):
    7.34

[+] Plugins found:
    views https://www.example.org/sites/all/modules/views/
        https://www.example.org/sites/all/modules/views/README.txt
        https://www.example.org/sites/all/modules/views/LICENSE.txt
    token https://www.example.org/sites/all/modules/token/
        https://www.example.org/sites/all/modules/token/README.txt
        https://www.example.org/sites/all/modules/token/LICENSE.txt
    pathauto https://www.example.org/sites/all/modules/pathauto/
        https://www.example.org/sites/all/modules/pathauto/README.txt
        https://www.example.org/sites/all/modules/pathauto/LICENSE.txt
        https://www.example.org/sites/all/modules/pathauto/API.txt
    libraries https://www.example.org/sites/all/modules/libraries/
        https://www.example.org/sites/all/modules/libraries/CHANGELOG.txt
        https://www.example.org/sites/all/modules/libraries/README.txt
        https://www.example.org/sites/all/modules/libraries/LICENSE.txt
    entity https://www.example.org/sites/all/modules/entity/
        https://www.example.org/sites/all/modules/entity/README.txt
        https://www.example.org/sites/all/modules/entity/LICENSE.txt
    google_analytics https://www.example.org/sites/all/modules/google_analytics/
        https://www.example.org/sites/all/modules/google_analytics/README.txt
        https://www.example.org/sites/all/modules/google_analytics/LICENSE.txt
    ctools https://www.example.org/sites/all/modules/ctools/
        https://www.example.org/sites/all/modules/ctools/CHANGELOG.txt
        https://www.example.org/sites/all/modules/ctools/LICENSE.txt
        https://www.example.org/sites/all/modules/ctools/API.txt
    features https://www.example.org/sites/all/modules/features/
        https://www.example.org/sites/all/modules/features/CHANGELOG.txt
        https://www.example.org/sites/all/modules/features/README.txt
        https://www.example.org/sites/all/modules/features/LICENSE.txt
        https://www.example.org/sites/all/modules/features/API.txt
    [... snip for README ...]

[+] Scan finished (0:04:59.502427 elapsed)
Você pode obter uma lista completa de opções de execução:
droopescan --help
droopescan scan --help
Porque droopescan :
    • é rápido.
      • é estável.
      • permite a digitalização simultânea de vários sites.
      • E é 100% em python.
    Instalação é fácil usando pip:
    apt-get install python-pip
    pip install droopescan
    Instalação manual:
    git clone https://github.com/droope/droopescan.git
    cd droopescan
    pip install -r requirements.txt
    droopescan scan --help
    Mais informações e download:
                     DOWNLOAD Droopescan
     
    VEJA TAMBÉM:

    Os comentários estão fechados, mas trackbacks E pingbacks estão abertos.