{"id":20900032,"url":"https://github.com/the404hacking/droopescan","last_synced_at":"2025-03-12T20:17:14.621Z","repository":{"id":109047545,"uuid":"110847178","full_name":"The404Hacking/droopescan","owner":"The404Hacking","description":"A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal \u0026 Silverstripe.","archived":false,"fork":false,"pushed_at":"2017-11-15T15:15:08.000Z","size":373,"stargazers_count":1,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-01-19T13:15:07.481Z","etag":null,"topics":["droope","droopescan","the404hacking"],"latest_commit_sha":null,"homepage":"https://T.me/The404Hacking","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/The404Hacking.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-11-15T14:56:32.000Z","updated_at":"2023-11-03T05:03:55.000Z","dependencies_parsed_at":"2023-05-04T02:32:18.201Z","dependency_job_id":null,"html_url":"https://github.com/The404Hacking/droopescan","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/The404Hacking%2Fdroopescan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/The404Hacking%2Fdroopescan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/The404Hacking%2Fdroopescan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/The404Hacking%2Fdroopescan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/The404Hacking","download_url":"https://codeload.github.com/The404Hacking/droopescan/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243285620,"owners_count":20266849,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["droope","droopescan","the404hacking"],"created_at":"2024-11-18T11:17:39.676Z","updated_at":"2025-03-12T20:17:14.597Z","avatar_url":"https://github.com/The404Hacking.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# droopescan.\n\n[![Build Status](https://api.travis-ci.org/droope/droopescan.svg?branch=master)](https://travis-ci.org/droope/droopescan) [![PyPI version](https://img.shields.io/pypi/v/droopescan.svg)](https://pypi.python.org/pypi/droopescan)\n\nA plugin-based scanner that aids security researchers in identifying issues with\nseveral CMS:\n\n* Drupal.\n* SilverStripe.\n* Wordpress.\n\nPartial functionality for:\n\n* Joomla (version enumeration and interesting URLs only).\n* Moodle (plugin \u0026 theme very limited, watch out)\n\n\u003cpre\u003e\ncomputer:~/droopescan$ droopescan scan drupal -u http://example.org/ -t 8\n[+] No themes found.\n\n[+] Possible interesting urls found:\n    Default changelog file - https://www.example.org/CHANGELOG.txt\n    Default admin - https://www.example.org/user/login\n\n[+] Possible version(s):\n    7.34\n\n[+] Plugins found:\n    views https://www.example.org/sites/all/modules/views/\n        https://www.example.org/sites/all/modules/views/README.txt\n        https://www.example.org/sites/all/modules/views/LICENSE.txt\n    token https://www.example.org/sites/all/modules/token/\n        https://www.example.org/sites/all/modules/token/README.txt\n        https://www.example.org/sites/all/modules/token/LICENSE.txt\n    pathauto https://www.example.org/sites/all/modules/pathauto/\n        https://www.example.org/sites/all/modules/pathauto/README.txt\n        https://www.example.org/sites/all/modules/pathauto/LICENSE.txt\n        https://www.example.org/sites/all/modules/pathauto/API.txt\n    libraries https://www.example.org/sites/all/modules/libraries/\n        https://www.example.org/sites/all/modules/libraries/CHANGELOG.txt\n        https://www.example.org/sites/all/modules/libraries/README.txt\n        https://www.example.org/sites/all/modules/libraries/LICENSE.txt\n    entity https://www.example.org/sites/all/modules/entity/\n        https://www.example.org/sites/all/modules/entity/README.txt\n        https://www.example.org/sites/all/modules/entity/LICENSE.txt\n    google_analytics https://www.example.org/sites/all/modules/google_analytics/\n        https://www.example.org/sites/all/modules/google_analytics/README.txt\n        https://www.example.org/sites/all/modules/google_analytics/LICENSE.txt\n    ctools https://www.example.org/sites/all/modules/ctools/\n        https://www.example.org/sites/all/modules/ctools/CHANGELOG.txt\n        https://www.example.org/sites/all/modules/ctools/LICENSE.txt\n        https://www.example.org/sites/all/modules/ctools/API.txt\n    features https://www.example.org/sites/all/modules/features/\n        https://www.example.org/sites/all/modules/features/CHANGELOG.txt\n        https://www.example.org/sites/all/modules/features/README.txt\n        https://www.example.org/sites/all/modules/features/LICENSE.txt\n        https://www.example.org/sites/all/modules/features/API.txt\n    [... snip for README ...]\n\n[+] Scan finished (0:04:59.502427 elapsed)\n\u003c/pre\u003e\n\nYou can get a full list of options by running:\n\n\u003cpre\u003e\ndroopescan --help\ndroopescan scan --help\n\u003c/pre\u003e\n\n# Why not X?\n\nBecause droopescan:\n\n* is fast\n* is stable\n* is up to date\n* allows simultaneous scanning of multiple sites\n* is 100% python\n\n# Installation\n\nInstallation is easy using pip:\n\n\u003cpre\u003e\napt-get install python-pip\npip install droopescan\n\u003c/pre\u003e\n\nManual installation is as follows:\n\n\u003cpre\u003e\ngit clone https://github.com/The404Hacking/droopescan.git\ncd droopescan\npip install -r requirements.txt\n./droopescan scan --help\n\u003c/pre\u003e\n\nThe master branch corresponds to the latest release (what is in pypi).\nDevelopment branch is unstable and all pull requests must be made against it.\nMore notes regarding installation can be [found here](https://droope.github.io/droopescan-docs/_build/html/installation.html).\n\n# Features\n## Scan types.\n\nDroopescan aims to be the most accurate by default, while not overloading the\ntarget server due to excessive concurrent requests. Due to this, by default, a\nlarge number of requests will be made with four threads; change these settings\nby using the `--number` and `--threads` arguments respectively.\n\nThis tool is able to perform four kinds of tests. By default all tests are ran,\nbut you can specify one of the following with the `-e` or `--enumerate` flag:\n\n* p -- *Plugin checks*: Performs several thousand HTTP requests and returns a\nlisting of all plugins found to be installed in the target host.\n* t -- *Theme checks*: As above, but for themes.\n* v -- *Version checks*: Downloads several files and, based on the checksums of these\nfiles, returns a list of all possible versions.\n* i -- *Interesting url checks*: Checks for interesting urls (admin panels, readme\nfiles, etc.)\n\nMore notes regarding scanning can be [found here](https://droope.github.io/droopescan-docs/_build/html/intro.html).\n\n## Target specification.\n\nYou can specify a particular host to scan by passing the `-u` or `--url`\nparameter:\n\n\u003cpre\u003e\n    droopescan scan drupal -u example.org\n\u003c/pre\u003e\n\nYou can also omit the `drupal` argument. This will trigger “CMS identification”, like so:\n\n\u003cpre\u003e\n    droopescan scan -u example.org\n\u003c/pre\u003e\n\nMultiple URLs may be scanned utilising the `-U` or `--url-file` parameter. This\nparameter should be set to the path of a file which contains a list of URLs. \n\n\u003cpre\u003e\n    droopescan scan drupal -U list_of_urls.txt\n\u003c/pre\u003e\n\nThe `drupal` parameter may also be ommited in this example. For each site, it\nwill make several GET requests in order to perform CMS identification, and if\nthe site is deemed to be a supported CMS, it is scanned and added to the output\nlist. This can be useful, for example, to run `droopescan` across all your\norganisation's sites.\n\n\u003cpre\u003e\n    droopescan scan -U list_of_urls.txt\n\u003c/pre\u003e\n\nThe code block below contains an example list of URLs, one per line:\n\n\u003cpre\u003e\nhttp://localhost/drupal/6.0/\nhttp://localhost/drupal/6.1/\nhttp://localhost/drupal/6.10/\nhttp://localhost/drupal/6.11/\nhttp://localhost/drupal/6.12/\n\u003c/pre\u003e\n\nA file containing URLs and a value to override the default host header with\nseparated by tabs or spaces is also OK for URL files. This can be handy when\nconducting a scan through a large range of hosts and you want to prevent\nunnecessary DNS queries. To clarify, an example below:\n\n\u003cpre\u003e\n192.168.1.1\texample.org\nhttp://192.168.1.1/\texample.org\nhttp://192.168.1.2/drupal/\texample.org\n\u003c/pre\u003e\n\nIt is quite tempting to test whether the scanner works for a particular CMS\nby scanning the official site (e.g. `wordpress.org` for wordpress), but the\nofficial sites rarely run vainilla installations of their respective CMS or do\nunorthodox things. For example, `wordpress.org` runs the bleeding edge version of\nwordpress, which will not be identified as wordpress by `droopescan` at all\nbecause the checksums do not match any known wordpress version.\n\n## Authentication.\n\nThe application fully supports `.netrc` files and `http_proxy` environment\nvariables.\n\nUse a .netrc file for basic authentication. An example [netrc](https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html) (a file named\n`.netrc` placed in your root home directory) file could look as follows:\n\n\u003cpre\u003e\nmachine secret.google.com\n    login admin@google.com\n    password Winter01\n\u003c/pre\u003e\n\nYou can set the `http_proxy` and `https_proxy` variables. These allow you to\nset a parent HTTP proxy, in which you can handle more complex types of\nauthentication (e.g. Fiddler, ZAP, Burp)\n\n\u003cpre\u003e\nexport http_proxy='user:password@localhost:8080'\nexport https_proxy='user:password@localhost:8080'\ndroopescan scan drupal --url http://localhost/drupal\n\u003c/pre\u003e\n\n*WARNING:* By design, to allow intercepting proxies and the testing of\napplications with bad SSL, droopescan allows self-signed or otherwise invalid\ncertificates. ˙ ͜ʟ˙\n\n## Output.\n\nThis application supports both \"standard output\", meant for human consumption,\nor JSON, which is more suitable for machine consumption. This output is stable\nbetween major versions.\n\nThis can be controlled with the `--output` flag. Some sample JSON output would\nlook as follows (minus the excessive whitespace):\n\n\u003cpre\u003e\n{\n  \"themes\": {\n    \"is_empty\": true,\n    \"finds\": [\n\n    ]\n  },\n  \"interesting urls\": {\n    \"is_empty\": false,\n    \"finds\": [\n      {\n        \"url\": \"https:\\/\\/www.drupal.org\\/CHANGELOG.txt\",\n        \"description\": \"Default changelog file.\"\n      },\n      {\n        \"url\": \"https:\\/\\/www.drupal.org\\/user\\/login\",\n        \"description\": \"Default admin.\"\n      }\n    ]\n  },\n  \"version\": {\n    \"is_empty\": false,\n    \"finds\": [\n      \"7.29\",\n      \"7.30\",\n      \"7.31\"\n    ]\n  },\n  \"plugins\": {\n    \"is_empty\": false,\n    \"finds\": [\n      {\n        \"url\": \"https:\\/\\/www.drupal.org\\/sites\\/all\\/modules\\/views\\/\",\n        \"name\": \"views\"\n      },\n      [...snip...]\n    ]\n  }\n}\n\u003c/pre\u003e\n\nSome attributes might be missing from the JSON object if parts of the scan are\nnot ran.\n\nThis is how multi-site output looks like; each line contains a valid JSON object\nas shown above.\n\n\u003cpre\u003e\n    $ droopescan scan drupal -U six_and_above.txt -e v\n    {\"host\": \"http://localhost/drupal-7.6/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.6\"]}}\n    {\"host\": \"http://localhost/drupal-7.7/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.7\"]}}\n    {\"host\": \"http://localhost/drupal-7.8/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.8\"]}}\n    {\"host\": \"http://localhost/drupal-7.9/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.9\"]}}\n    {\"host\": \"http://localhost/drupal-7.10/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.10\"]}}\n    {\"host\": \"http://localhost/drupal-7.11/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.11\"]}}\n    {\"host\": \"http://localhost/drupal-7.12/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.12\"]}}\n    {\"host\": \"http://localhost/drupal-7.13/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.13\"]}}\n    {\"host\": \"http://localhost/drupal-7.14/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.14\"]}}\n    {\"host\": \"http://localhost/drupal-7.15/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.15\"]}}\n    {\"host\": \"http://localhost/drupal-7.16/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.16\"]}}\n    {\"host\": \"http://localhost/drupal-7.17/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.17\"]}}\n    {\"host\": \"http://localhost/drupal-7.18/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.18\"]}}\n    {\"host\": \"http://localhost/drupal-7.19/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.19\"]}}\n    {\"host\": \"http://localhost/drupal-7.20/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.20\"]}}\n    {\"host\": \"http://localhost/drupal-7.21/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.21\"]}}\n    {\"host\": \"http://localhost/drupal-7.22/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.22\"]}}\n    {\"host\": \"http://localhost/drupal-7.23/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.23\"]}}\n    {\"host\": \"http://localhost/drupal-7.24/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.24\"]}}\n    {\"host\": \"http://localhost/drupal-7.25/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.25\"]}}\n    {\"host\": \"http://localhost/drupal-7.26/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.26\"]}}\n    {\"host\": \"http://localhost/drupal-7.27/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.27\"]}}\n    {\"host\": \"http://localhost/drupal-7.28/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.28\"]}}\n    {\"host\": \"http://localhost/drupal-7.29/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.29\"]}}\n    {\"host\": \"http://localhost/drupal-7.30/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.30\"]}}\n    {\"host\": \"http://localhost/drupal-7.31/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.31\"]}}\n    {\"host\": \"http://localhost/drupal-7.32/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.32\"]}}\n    {\"host\": \"http://localhost/drupal-7.33/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.33\"]}}\n    {\"host\": \"http://localhost/drupal-7.34/\", \"version\": {\"is_empty\": false, \"finds\": [\"7.34\"]}}\n\u003c/pre\u003e\n\n## Debug.\n\nWhen things are not going exactly your way, you can check why by using the\n`--debug-requests` command.\n\nSome output might look like this:\n\n\u003cpre\u003e\ncomputer:~/droopescan# droopescan scan silverstripe -u http://localhost -n 10 -e p --debug-requests\n[head] http://localhost/framework/... 403\n[head] http://localhost/cms/css/layout.css... 404\n[head] http://localhost/framework/css/UploadField.css... 200\n[head] http://localhost/misc/test/error/404/ispresent.html... 404\n[head] http://localhost/widgetextensions/... 404\n[head] http://localhost/orbit/... 404\n[head] http://localhost/sitemap/... 404\n[head] http://localhost/simplestspam/... 404\n[head] http://localhost/ecommerce_modifier_example/... 404\n[head] http://localhost/silverstripe-hashpath/... 404\n[head] http://localhost/timeline/... 404\n[head] http://localhost/silverstripe-hiddenfields/... 404\n[head] http://localhost/addressable/... 404\n[head] http://localhost/silverstripe-description/... 404\n[+] No plugins found.\n\n[+] Scan finished (0:00:00.058422 elapsed)\n\u003c/pre\u003e\n\nThe `--debug` paramter also exists and may be used to debug application internals.\n\n## Stats.\n\nYou can get an up to date report on the capabilities of the scanner by running\nthe following command\n\n\u003cpre\u003e\n    droopescan stats\n\u003c/pre\u003e\n\nSome sample output might look as follows:\n\n\u003cpre\u003e\nFunctionality available for ‘drupal’:\n- Enumerate plugins (XXXX plugins.)\n- Enumerate themes (XXXX themes.)\n- Enumerate interesting urls (X urls.)\n- Enumerate version (up to version X.X.X-alphaXX, X.XX, X.XX.)\nFunctionality available for ‘joomla’:\n- Enumerate interesting urls (X urls.)\n- Enumerate version (up to version XX.X, X.X.X, X.X.XX.rcX.)\nFunctionality available for ‘wordpress’:\n- Enumerate interesting urls (X urls.)\n- Enumerate version (up to version X.X.X, X.X.X, X.X.X.)\nFunctionality available for ‘silverstripe’:\n- Enumerate plugins (XXX plugins.)\n- Enumerate themes (XX themes.)\n- Enumerate interesting urls (X urls.)\n- Enumerate version (up to version X.X.XX, X.X.XX, X.X.XX.)\n\u003c/pre\u003e\n\nIt is important to verify that the latest version available for the CMS\ninstallation is available within `droopescan`, as otherwise results may be\ninaccurate.\n\n# Contribute.\n\n## Create your own plugin.\n\nYou can add suport for your favourite CMS. The process is actually quite\nsimple, and a lot of information can be glimpsed by viewing the example.py file\nin the plugins/ folder.\n\nThis file should serve well as a base for your implementation.\n\nYou can create your own plugin for `Joomla` and enable it as follows:\n\n\u003cpre\u003e\n$ cp plugins/example.py plugins/joomla.py\n$ cp plugins.d/example.conf plugins.d/joomla.conf\n\u003c/pre\u003e\n\nYou then need to go to `plugins/joomla.py` and change a few things:\n\n- The class name needs to be Joomla.\n- The plugin label (located at Meta.label) needs to be changed to joomla.\n- At the end of the file, the register call needs to be modified to reflect the\n  correct class name.\n- The exposed function, 'example', needs to be renamed to joomla.\n\n\u003cpre\u003e\n    @controller.expose(help='example scanner')\n    def joomla(self):\n        self.plugin_init()\n\u003c/pre\u003e\n\nWe also need to change the `plugins.d/joomla.conf` file, and change it to the\nfollowing:\n\n\u003cpre\u003e\n[joomla]\nenable_plugin = true\n\u003c/pre\u003e\n\nWe should now be in a state which looks as follows:\n\n\u003cpre\u003e\n$ droopescan scan joomla\n[+] --url parameter is required.\n\u003c/pre\u003e\n\nYour next step would be to generate a valid plugin wordlist, a valid theme\nwordlist, a\n[versions.xml](https://github.com/droope/droopescan/blob/development/plugins/drupal/versions.xml)\nfile, and optionally a list of interesting URLs, as well as replace all variables\nthat are in joomla.py with values that are correct for your implementation.\n\nThe plugin needs to update automatically in order for a pull request to be\naccepted. Further documentation may be later made available, but for now, keep\nin mind that the update_version_check, update_version, update_plugins_check and\nupdate_plugins need to be implemented. For reference, please review the\n`drupal.py` file. This is required in order to ensure plugins are kept to date.\n\n## Issues \u0026 Pull Requests.\n\nPull requests that create new plugins are welcome provided that maintenance for\nthose plugins is done automatically.\n\nPlease remember to make your pull requests against the develoment branch\nrather than the master. Issues can be raised on the issue tracker here\non GitHub.\n\nTo run tests, some dependencies must be installed. Running the following\ncommands will result in them being installed and the tests being ran:\n\n\u003cpre\u003e\n    apt-get install libxslt1-dev libxml2-dev zlib1g-dev python python-pip python-dev python3 python3-pip python3-dev\n    pip install -r requirements.txt -r requirements_test.txt\n    pip3 install -r requirements.txt -r requirements_test.txt\n    ./droopescan test\n\u003c/pre\u003e\n\nYou can run individual tests with the `-s` flag.\n\n\u003cpre\u003e\n./droopescan test -s test_integration_drupal\n\u003c/pre\u003e\n\n# License.\n\nThe project is licensed under the AGPL license.\n\n\n## Download and Clone\n\u003e Download: [https://github.com/The404Hacking/droopescan/archive/master.zip](https://github.com/The404Hacking/droopescan/archive/master.zip)\n\n\u003e Clone: git clone [https://github.com/The404Hacking/droopescan](https://github.com/The404Hacking/droopescan.git)\n\n## The404Hacking | Digital UnderGround Team\n[The404Hacking](https://T.me/The404Hacking)\n\n## Follow us !\n[The404Hacking](https://T.me/The404Hacking) - [The404Cracking](https://T.me/The404Cracking)\n\n[Instagram](https://instagram.com/The404Hacking) - [GitHub](https://github.com/The404Hacking)\n\n[YouTube](http://yon.ir/youtube404) - [Aparat](http://www.aparat.com/The404Hacking)\n\n[Weblog](http://the404hacking.blogsky.com) - [Email](mailto:The404Hacking.Team@Gmail.Com)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthe404hacking%2Fdroopescan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthe404hacking%2Fdroopescan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthe404hacking%2Fdroopescan/lists"}