skip to navigation
skip to content

droopescan 1.19.0

A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.

Latest Version: 1.39.0

1.19.0
======

* Added support for Drupal 8.x.
* Usability improvements.
* Add flag for not following redirects.

1.18.0
======

* Improved SS detection for new reported bug.
* Improve stats.
* Remove relative redirects or same-site redirects.

1.13.0
======

* Support for SS 3.9.
* Remove super annoying warning by urllib3.
* Usability improvements.
* Add integration tests which should pick up on most issues.

1.12.0
======

* Add PyPI support.
* Add support for virtualenv.
* Add "graceful" handling of SIGINT.
* Documentation improvements.

1.11.0
======

* Improved SS scanning (particularly plugin scanning) a great deal.
* Added 'interesting module urls' for SS.
* More documentation.
* Internal tidy-up.

1.10.0
======

* Added support for interesting module urls.
* Add more documentation.

1.9.0
=====

* Update databases.
* Improve drupal detection.
* SilverStripe improvements.
* Massive internal rework.

1.9.0-rc1
=========

* Add python 3 support.
* More documentation.
* General tidy up of the code.
* Database updates.
* Improved detection for SS modules.
* Fixed memory leak which was showing up after scanning more than 40.000
websites.
* Improved output.
* Added travis support.
* General bug fixes.

1.8.4.1
=======

* Database update. Drupal 7.33 & SS 3.1.7-rc have been released.

1.8.4
=====

* Add global per-site timeout.
* Add functionality for logging standard errors to a file.

1.8.4-rc
========

* Add better handling for websites with fake changelogs, but still utilize them to narrow down when reasonable.
* Deal with websites that always respond with 200 OK, even on not found pages. Add heuristic test to differentiate from real 200 OK responses.
* Misc fixes.

1.8.4-beta
==========

* Improved accuracy for druppagedon as far as possible.
* Fixed aesthetic issues with JSON output.
* Fixed issues with redirects on non-cms websites.

1.8.3
=====

* Added timeouts to prevent hanging on massive scans.
* Avoid unnecessarily discarding connections due to a low max http pool limit.

1.8.3-rc
========

* Improve error handling.
* Final release before stable.

1.8.3-beta
==========

* Improve documentation.

1.8.2-beta
==========

* Add new drupal version so that fully patched up versions of Drupal get
detected properly.

1.8.1-beta
==========

* Fix output issue.

1.8.0-alpha
===========

* Added JSON output.
* Added multi-threaded multi site scanning.
* Improved output.

1.7.3
=====

* Removed DNN.
* Fixed SS updating process.
* Fixed bug on display of loading bar.
* Tag release.

1.7.2-beta
==========

* Released beta of version 1.x.
* Vastly improved version detection and database handling.

0.7.1
=====

* Added administrative interfaces to interesting urls.
* Misc improvements for all plugins.
* Added a progress bar.
* Added warnings on excessive load on the server.

0.7.0
=====

* Added new version information to the database information.
* Improved version detection.
* Automated gathering of versions for SS.

0.6.5
=====

* Updated database file.
* Handled non-cms urls in a more verbose way.
* Automated drupal version gathering.
* Added support for multiple, undistinguishable versions.
* Made dependency optional for standard run.

0.6.4
=====

* Improve version handling.
* Improve release.
* Auto version.

0.6.3
=====

* Added release functionality.
* Changed user agent.
* Got rid of global plugin session state which could have caused issues in the
future.

0.6.2
=====

* Fix exception on non-git.

0.6.1
=====

* Added stats so users can quickly get an overview of how up to date the plugin
database is.
* Added functionality for the finding of interesting URLs.
* Reduced the number of default threads.

0.6.0
====

* Documented support for upstream proxies, and authentication in general.
* Disabled certificate validation so as to allow intercepting and modification
of requests by proxies.
* Internal improvements.

0.5.1
=====

* Made plugins more versatile.
* Add DNN + SilverStripe version detection.

0.5.0
=====

* Add version fingerprinting to drupal.
* Improved argument handling.
* Internal improvements which users don't care about.
* Add version fingerprinting infrastructure.

0.4.1
=====

* Fixed 404 fingerprinting for SilverStripe.
* Improved output & colours.
* Made HEAD the default HTTP verb.
* Added an option to choose the HTTP verb.
* Improved threading.

0.4
===

Improved visuals.

0.3.3
=====

Changed default enumeration to scan for all the things.

0.3.2
=====

Added a changelog.

0.3.1
=====

First stable release:

* Scans Drupal, SilverStripe; contains wordlists for scanning themes as well as
droopescan configuration for it.
* Multi-threaded.  
File Type Py Version Uploaded on Size
droopescan-1.19.0-py2.py3-none-any.whl (md5) Python Wheel 2.7 2015-02-09 188KB
droopescan-1.19.0.tar.gz (md5) Source 2015-02-09 147KB