DPScan Drupal Security Scanner Tutorial

There are different CMS (content management system) are available like wordpress, Joomla, light CMS and Drupal. Security of each CMS is very important and as a penetration tester point we need to make a website secure by doing a penetration testing on it. There are different tools are available to enumerate into wordpress and joomla and to find the known vulnerabilities in wordpress and joomla but there is no tool for other common content management system like drupal.


Ali Elouafiq has released a wonderful tool to enumerate into drupal based CMS, this is the simple python script and anyone can easily use it. This tutorial will show you how DPScan enumerate the modules used by the drupal CMS.


First of all go and download DPScan, I am using backtrack 5 R1 machine for this tutorial that has python by default but if you are using some other operating system like Windows and other Linux distribution then install python first.


Open your terminal and then locate the directory where you have download the python script of DPScan, remember you can copy the script and then paste in your word editor then save it to whatever.py


The best practice is to download and then unzip the script, I have downloaded and unzip the script in my desktop and then locate the desktop is the terminal then the command is like this:




root@bt:~/Desktop# python DPScan.py
DRUPAL Modules Enumerator v0.1beta-- written by Ali Elouafiq 2012
<ScriptName> [filename.txt]
<ScriptName> [URL]
<ScriptName> [URL] user password // FOR HTTP AUTHORIZATION


A simple enumeration




root@bt:~/Desktop# python DPScan.py www.mtv.co.uk
node
user_optin
fckeditor
system
gsa
mtv_videobrowse
nice_menus
user
cck
top_tabs
panels
jquery_update
root@bt:~/Desktop#
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值