{"id":13539082,"url":"https://github.com/immunit/drupwn","last_synced_at":"2025-04-02T05:33:14.904Z","repository":{"id":48664023,"uuid":"128080482","full_name":"immunIT/drupwn","owner":"immunIT","description":"Drupal enumeration \u0026 exploitation tool","archived":false,"fork":false,"pushed_at":"2020-11-04T13:43:29.000Z","size":342,"stargazers_count":582,"open_issues_count":10,"forks_count":129,"subscribers_count":15,"default_branch":"master","last_synced_at":"2024-10-28T21:40:09.627Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/immunIT.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-04-04T15:13:27.000Z","updated_at":"2024-10-28T18:14:02.000Z","dependencies_parsed_at":"2022-09-17T11:01:49.417Z","dependency_job_id":null,"html_url":"https://github.com/immunIT/drupwn","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/immunIT%2Fdrupwn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/immunIT%2Fdrupwn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/immunIT%2Fdrupwn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/immunIT%2Fdrupwn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/immunIT","download_url":"https://codeload.github.com/immunIT/drupwn/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":222805560,"owners_count":17040423,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T09:01:19.979Z","updated_at":"2024-11-03T04:30:13.988Z","avatar_url":"https://github.com/immunIT.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing"],"sub_categories":["\u003ca id=\"41ae40ed61ab2b61f2971fea3ec26e7c\"\u003e\u003c/a\u003e漏洞利用"],"readme":"# Drupwn [v1.0.4]\n\n## Description\n\nDrupwn claims to provide an efficient way to gather drupal information.\n\nEnumeration\n[![asciicast](https://asciinema.org/a/5InNWAotigwM4bRscUi7yKAtt.svg)](https://asciinema.org/a/5InNWAotigwM4bRscUi7yKAtt)\n\nExploitation\n[![asciicast](https://asciinema.org/a/bZmopDt4lyix1D9sgxwQMCRfn.svg)](https://asciinema.org/a/bZmopDt4lyix1D9sgxwQMCRfn)\n\nFurther explaination on our [blog post article](https://www.immunit.ch/en/blog/2018/04/10/yet-another-drupal-scanner-drupwn-2/)\n\n## Supported tested version\n\n* Drupal 7\n* Drupal 8\n\n## Execution mode\n\nDrupwn can be run, using two seperate modes which are **enum** and **exploit**.\nThe enum mode allows performing enumerations whereas the exploit mode allows checking and exploiting CVEs.\n\n## Functionalities\n\n### Enum mode\n\n* User enumeration\n* Node enumeration\n* Default files enumeration\n* Module enumeration\n* Theme enumeration\n* Cookies support\n* User-Agent support\n* Basic authentication support\n* Request delay\n* Enumeration range\n* Logging\n* Socks and HTTP proxy support\n\n### Exploit mode\n\n* Vulnerability checker\n* CVE exploiter\n\n## Installation\n\n```bash\npip3 install -r requirements.txt\npython3 drupwn --help\n```\n\nor\n\n```bash\npython3 setup.py install\ndrupwn --help\n```\n\n## Usage\n\n```\n$ drupwn -h\n\n        ____\n       / __ \\_______  ______ _      ______\n      / / / / ___/ / / / __ \\ | /| / / __ \\\n     / /_/ / /  / /_/ / /_/ / |/ |/ / / / /\n    /_____/_/   \\__,_/ .___/|__/|__/_/ /_/\n                     /_/\n\nusage: drupwn [-h] [--mode MODE] [--target TARGET] [--users] [--nodes] [--modules] [--dfiles] [--themes]\n              [--version VERSION] [--cookies COOKIES] [--thread THREAD]\n              [--range RANGE] [--ua UA] [--bauth BAUTH]\n              [--delay DELAY] [--log] [--update] \n              [--proxy PROXY | --proxies PROXIES]\n\nDrupwn aims to automate drupal information gathering.\n\noptional arguments:\n  -h, --help         show this help message and exit\n  --mode MODE        enum|exploit\n  --target TARGET    hostname to scan\n  --users            user enumaration\n  --nodes            node enumeration\n  --modules          module enumeration\n  --dfiles           default files enumeration\n  --themes           theme enumeration\n  --version VERSION  Drupal version\n  --cookies COOKIES  cookies\n  --thread THREAD    threads number\n  --range RANGE      enumeration range\n  --ua UA            User Agent\n  --bauth BAUTH      Basic authentication\n  --delay DELAY      request delay\n  --log              file logging\n  --update           update plugins and themes\n  --proxy PROXY      [http|https|socks]://host:port\n  --proxies PROXIES  Proxies file\n```\n\n## Docker alternative\n\n### Official image\n\nYou can pull the official Drupwn image from the dockerhub registry using the following command:\n\n```\ndocker pull immunit/drupwn\n```\n\n### Build\n\nTo build the container, just use this command:\n\n```bash\ndocker build -t drupwn .\n```\n\nDocker will download the Alpine image and then execute the installation steps.\n\n\u003e Be patient, the process can be quite long the first time.\n\n### Run\n\nOnce the build process is over, get and enjoy your new Drupal scanner\n\n```bash\ndocker run --rm -it drupwn --help\n```\n\n## Logging\n\nThe output generated is stored in the **/tmp/** folder.\nWhen using docker, run your container using the following option\n\n```bash\n-v YOUR_PATH_FOLDER:/tmp/\n```\n\n## Enhancement\n\nTo add a new module, follow the template used in the *User.py* file.\nThen, add a reference in the Parser as well as in the Dispatcher in order to ensure its support by the reflective factory.\n\n## Disclaimer of Warranty\n\nDrupwn is provided under this License on an \"as is\" basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the Drupwn is free of defects, merchantable, fit for a particular purpose or non-infringing.\n\n## Disclaimer\n\nRunning Drupwn against websites without prior mutual consent may be illegal in your country. The ImmunIT Team accept no liability and are not responsible for any misuse or damage caused by Drupwn.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fimmunit%2Fdrupwn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fimmunit%2Fdrupwn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fimmunit%2Fdrupwn/lists"}