DROOPESCAN-Plugin Based Scanner


A plugin-based scanner that aids security researchers in identifying issues with several CMS.

Usage of droopescan for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Please note that while droopescan outputs the most CMS likely version installed on the remote host, any correlation between version numbers and vulnerabilities must be done manually by the user


Lock image

Supported CMS are:

  • Wordpress

  • Joomla (version enumeration and interesting URLs only)

  • Moodle (plugin & theme very limited, watch out)

  • Drupal (plugin discovery partial on new installations of Drupal, patches encouraged)

Installation of the tool

git clone https://github.com/droope/droopescan.git

cd droopescan

pip install -r requirements.txt

./droopescan scan --help

Usage of the tool

  • You can specify a particular host to scan by passing the -u or --url parameter:

    droopescan scan drupal -u example.org

  • You can also omit the drupal argument. This will trigger “CMS identification”, like so:

    droopescan scan -u example.org

  • Multiple URLs may be scanned utilising the -U or --url-file parameter. This parameter should be set to the path of a file which contains a list of URLs.

    droopescan scan drupal -U list_of_urls.txt

  • The drupal parameter may also be ommited in this example. For each site, it will make several GET requests in order to perform CMS identification, and if the site is deemed to be a supported CMS, it is scanned and added to the output list. This can be useful, for example, to run droopescan across all your organisation's sites.

droopescan scan -U list_of_urls.txt

Scan types

Droopescan aims to be the most accurate by default, while not overloading the target server due to excessive concurrent requests. Due to this, by default, a large number of requests will be made with four threads; change these settings by using the --number and --threads arguments respectively.

This tool is able to perform four kinds of tests. By default all tests are ran, but you can specify one of the following with the -e or --enumerate flag:

  • p -- Plugin checks: Performs several thousand HTTP requests and returns a listing of all plugins found to be installed in the target host.

  • t -- Theme checks: As above, but for themes.

  • v -- Version checks: Downloads several files and, based on the checksums of these files, returns a list of all possible versions.

  • i -- Interesting url checks: Checks for interesting urls (admin panels, readme files, etc.)