View Issue Details

IDProjectCategoryView StatusLast Update
0004780Kali Linux[All Projects] New Tool Requestspublic2019-12-02 13:55
ReporterimmunIT Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
Status closedResolutionwon't fix 
Product Version 
Target VersionFixed in Version 
Summary0004780: Drupwn
DescriptionHi there,

It would be awesome if you would be able to add the new Drupal exploitation and enumeration tool, named Drupwn, on your pentesting operating system.

Following, the git repository link:

https://github.com/immunIT/drupwn

Regards

Activities

g0tmi1k

2018-05-31 10:54

administrator   ~0009189

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

- [Name] - The name of the tool
- [Version] - What version of the tool should be added?
--- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
- [Homepage] - Where can the tool be found online? Where to go to get more information?
- [Download] - Where to go to get the tool? either a download page or a link to the latest version
- [Author] - Who made the tool?
- [Licence] - How is the software distributed? What conditions does it come with?
- [Description] - What is the tool about? What does it do?
- [Dependencies] - What is needed for the tool to work?
- [Similar tools] - What other tools are out there?
- [Activity] - When did the project start? Is is still actively being deployed?
- [How to install] - How do you compile it?
--- Note, using source code to acquire (e.g. git clone/svn checkout) can't be used - Also downloading from the head. Please use a "tag" or "release" version.
- [How to use] - What are some basic commands/functions to demonstrate it?

immunIT

2018-05-31 12:42

reporter   ~0009192

[Name]
Drupwn

[Version]
release

[Homepage]
https://github.com/immunIT/drupwn
https://www.immunit.ch/blog/2018/04/10/yet-another-drupal-scanner-drupwn/

[Download]
https://github.com/immunIT/drupwn/archive/master.zip

[Author]
Jean Lejeune - Nitrax - Immunit

[Licence]
GPL V3

[Description]
Drupwn is a python script, following a modular architecture for maintenance and enhancement purposes, which allows exploiting and enumerating various kind of information that could be valuable to any security assessment against such platform.

[Dependencies]
python3
requests
veryprettytable
prompt_toolkit

[Similar tools]
Other tools e.g. Droopscan, drupscan allows performing enumeration attack. However, Drupwn is by far well more complete with an exploit mode allowing to exploit last drupal CVE. (Drupalgedon 2/3).

[Activity]
Drupwn has been release two months ago and still maintained (last push a few days ago)

[How to install]
Using the setup.py installer.
#python3 setup.py install

The tag release must be use to get the last release.


[How to use]
drupwn enum http://example.com #will apply all the numeration module
drupwn exploit http://example.com #will use the exploit mode

Hope it helps.
Best,

immunIT

2019-03-06 09:23

reporter   ~0010396

HI there,

Any news about the review of the tool above?

Best,

g0tmi1k

2019-12-02 13:55

administrator   ~0011551

This tool looks good, however, the lack of commits is a little worrying
If dev picks up again, then we may add it in

Issue History

Date Modified Username Field Change
2018-05-31 09:21 immunIT New Issue
2018-05-31 10:54 g0tmi1k Category Feature Requests => Tool Upgrade
2018-05-31 10:54 g0tmi1k Product Version 2018.2 =>
2018-05-31 10:54 g0tmi1k Summary [Tool request] Drupwn => Drupwn
2018-05-31 10:54 g0tmi1k Note Added: 0009189
2018-05-31 10:55 g0tmi1k Category Tool Upgrade => New Tool Requests
2018-05-31 12:42 immunIT Note Added: 0009192
2019-03-06 09:23 immunIT Note Added: 0010396
2019-12-02 13:55 g0tmi1k Note Added: 0011551
2019-12-02 13:55 g0tmi1k Status new => closed
2019-12-02 13:55 g0tmi1k Resolution open => won't fix