Skip to main content

A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.

Project description

1.17.0
======

* Alias for 1.16.0.
* Usability improvements.

1.16.0
======

* Improved SS detection for new reported bug.
* Improve stats.
* Remove relative redirects or same-site redirects.

1.15.0
======

* Improved documentation.
* Usability fixes.

1.14.0
======

* New stable version with SS 3.1.9 support.

1.14.0-rc4
==========

* Fix release script.
* Ah, did I say fix release script?

1.14.0-rc3
==========

* Test pypi.

1.14.0-rc2
==========

* Add better documentation.

1.14.0-rc
=========

* Fix release script.

1.13.0
======

* Support for SS 3.9.
* Remove super annoying warning by urllib3.
* Usability improvements.
* Add integration tests which should pick up on most issues.

1.12.0
======

* Add PyPI support.
* Add support for virtualenv.
* Add "graceful" handling of SIGINT.
* Documentation improvements.

1.11.0
======

* Improved SS scanning (particularly plugin scanning) a great deal.
* Added 'interesting module urls' for SS.
* More documentation.
* Internal tidy-up.

1.10.0
======

* Added support for interesting module urls.
* Add more documentation.

1.9.0
=====

* Update databases.
* Improve drupal detection.
* SilverStripe improvements.
* Massive internal rework.

1.9.0-rc1
=========

* Add python 3 support.
* More documentation.
* General tidy up of the code.
* Database updates.
* Improved detection for SS modules.
* Fixed memory leak which was showing up after scanning more than 40.000
websites.
* Improved output.
* Added travis support.
* General bug fixes.

1.8.4.1
=======

* Database update. Drupal 7.33 & SS 3.1.7-rc have been released.

1.8.4
=====

* Add global per-site timeout.
* Add functionality for logging standard errors to a file.

1.8.4-rc
========

* Add better handling for websites with fake changelogs, but still utilize them to narrow down when reasonable.
* Deal with websites that always respond with 200 OK, even on not found pages. Add heuristic test to differentiate from real 200 OK responses.
* Misc fixes.

1.8.4-beta
==========

* Improved accuracy for druppagedon as far as possible.
* Fixed aesthetic issues with JSON output.
* Fixed issues with redirects on non-cms websites.

1.8.3
=====

* Added timeouts to prevent hanging on massive scans.
* Avoid unnecessarily discarding connections due to a low max http pool limit.

1.8.3-rc
========

* Improve error handling.
* Final release before stable.

1.8.3-beta
==========

* Improve documentation.

1.8.2-beta
==========

* Add new drupal version so that fully patched up versions of Drupal get
detected properly.

1.8.1-beta
==========

* Fix output issue.

1.8.0-alpha
===========

* Added JSON output.
* Added multi-threaded multi site scanning.
* Improved output.

1.7.3
=====

* Removed DNN.
* Fixed SS updating process.
* Fixed bug on display of loading bar.
* Tag release.

1.7.2-beta
==========

* Released beta of version 1.x.
* Vastly improved version detection and database handling.

0.7.1
=====

* Added administrative interfaces to interesting urls.
* Misc improvements for all plugins.
* Added a progress bar.
* Added warnings on excessive load on the server.

0.7.0
=====

* Added new version information to the database information.
* Improved version detection.
* Automated gathering of versions for SS.

0.6.5
=====

* Updated database file.
* Handled non-cms urls in a more verbose way.
* Automated drupal version gathering.
* Added support for multiple, undistinguishable versions.
* Made dependency optional for standard run.

0.6.4
=====

* Improve version handling.
* Improve release.
* Auto version.

0.6.3
=====

* Added release functionality.
* Changed user agent.
* Got rid of global plugin session state which could have caused issues in the
future.

0.6.2
=====

* Fix exception on non-git.

0.6.1
=====

* Added stats so users can quickly get an overview of how up to date the plugin
database is.
* Added functionality for the finding of interesting URLs.
* Reduced the number of default threads.

0.6.0
====

* Documented support for upstream proxies, and authentication in general.
* Disabled certificate validation so as to allow intercepting and modification
of requests by proxies.
* Internal improvements.

0.5.1
=====

* Made plugins more versatile.
* Add DNN + SilverStripe version detection.

0.5.0
=====

* Add version fingerprinting to drupal.
* Improved argument handling.
* Internal improvements which users don't care about.
* Add version fingerprinting infrastructure.

0.4.1
=====

* Fixed 404 fingerprinting for SilverStripe.
* Improved output & colours.
* Made HEAD the default HTTP verb.
* Added an option to choose the HTTP verb.
* Improved threading.

0.4
===

Improved visuals.

0.3.3
=====

Changed default enumeration to scan for all the things.

0.3.2
=====

Added a changelog.

0.3.1
=====

First stable release:

* Scans Drupal, SilverStripe; contains wordlists for scanning themes as well as
droopescan configuration for it.
* Multi-threaded.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

droopescan-1.17.0.tar.gz (153.4 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page