View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0004780||Kali Linux||[All Projects] New Tool Requests||public||2018-05-31 09:21||2019-12-02 13:55|
|Target Version||Fixed in Version|
It would be awesome if you would be able to add the new Drupal exploitation and enumeration tool, named Drupwn, on your pentesting operating system.
Following, the git repository link:
To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):
- [Name] - The name of the tool
- [Version] - What version of the tool should be added?
--- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
- [Homepage] - Where can the tool be found online? Where to go to get more information?
- [Download] - Where to go to get the tool? either a download page or a link to the latest version
- [Author] - Who made the tool?
- [Licence] - How is the software distributed? What conditions does it come with?
- [Description] - What is the tool about? What does it do?
- [Dependencies] - What is needed for the tool to work?
- [Similar tools] - What other tools are out there?
- [Activity] - When did the project start? Is is still actively being deployed?
- [How to install] - How do you compile it?
--- Note, using source code to acquire (e.g. git clone/svn checkout) can't be used - Also downloading from the head. Please use a "tag" or "release" version.
- [How to use] - What are some basic commands/functions to demonstrate it?
Jean Lejeune - Nitrax - Immunit
Drupwn is a python script, following a modular architecture for maintenance and enhancement purposes, which allows exploiting and enumerating various kind of information that could be valuable to any security assessment against such platform.
Other tools e.g. Droopscan, drupscan allows performing enumeration attack. However, Drupwn is by far well more complete with an exploit mode allowing to exploit last drupal CVE. (Drupalgedon 2/3).
Drupwn has been release two months ago and still maintained (last push a few days ago)
[How to install]
Using the setup.py installer.
#python3 setup.py install
The tag release must be use to get the last release.
[How to use]
drupwn enum http://example.com #will apply all the numeration module
drupwn exploit http://example.com #will use the exploit mode
Hope it helps.
Any news about the review of the tool above?
This tool looks good, however, the lack of commits is a little worrying
If dev picks up again, then we may add it in
|2018-05-31 09:21||immunIT||New Issue|
|2018-05-31 10:54||g0tmi1k||Category||Feature Requests => Tool Upgrade|
|2018-05-31 10:54||g0tmi1k||Product Version||2018.2 =>|
|2018-05-31 10:54||g0tmi1k||Summary||[Tool request] Drupwn => Drupwn|
|2018-05-31 10:54||g0tmi1k||Note Added: 0009189|
|2018-05-31 10:55||g0tmi1k||Category||Tool Upgrade => New Tool Requests|
|2018-05-31 12:42||immunIT||Note Added: 0009192|
|2019-03-06 09:23||immunIT||Note Added: 0010396|
|2019-12-02 13:55||g0tmi1k||Note Added: 0011551|
|2019-12-02 13:55||g0tmi1k||Status||new => closed|
|2019-12-02 13:55||g0tmi1k||Resolution||open => won't fix|