Droopescan is a python based scanner that is used to scan the web applications that utilise Drupal, SilverStripe, and Wordpress. The types of information that can be analyzed with Droopescan are those of plugins, themes, versions, and urls like admin panels. This information is useful in identifying known vulnerabilities associated with specific themes and plugins. Some partial scanning features are also added for the Joomla and Moodle CMS. For Joomla, the tool only scans the CMS version and interesting urls like admin panel urls. For Moodle, the tool can check plugins and identify a very limited number of themes. By default, the tool performs all the scanning tests i-e identifying CMS, theme, version number, interesting urls, and installed plugins. However, we can refine the scan by using the enumeration options. The tool also provides the option to limit the number of requests made to the remote target server to avoid overloading at the server side.
Droopescan Installation
There are two ways to install Droopescan. The first method requires pip. Use the following commands to install Droopescan using pip.
apt-get install python-pip pip install droopescan
The other method is the manual installation of the tool. The manual installation can be achieved by cloning the github repository and installing the requirements as follows.
git clone https://github.com/droope/droopescan.git cd droopescan pip install -r requirements.txt
How Droopescan Works
To start scanning the target website, provide Droopescan the host url in the following format.
droopescan scan -u <web url here>
The tool looks for the CMS of the target website before performing the other default scanning tests.
For known Drupal websites, we can skip CMS identification by providing the ‘Drupal’ argument in the following manner.
droopescan scan drupal -u <target web url>
After verifying the CMS, Droopescan looks for the installed themes.
Themes versions are also extraced by the tool. Information about themes and version numbers is helpful in identifying the known vulnerabilities
Besides the above information and interesting urls, Droopescan looks for the installed plugins. The tool searches for the default CMS folders to extract the information. If the server replies with 404 (not found) error, the tool looks for the respective information using the readme.txt file.
What Bunny rating does it get?
The tool is helpful in identifying the outdated themes and plugins, thus identifying the vulnerabilities associated with them, as a result we will be awarding this tool a rating of 4 out of 5 bunnies.
Want to learn more about ethical hacking?
Do you know of another GitHub related hacking tool?
Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.