0004780: Drupwn - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0004780	Kali Linux	New Tool Requests	public	2018-05-31 09:21	2019-12-02 13:55

Reporter	immunIT	Assigned To
Priority	normal	Severity	feature	Reproducibility	N/A
Status	closed	Resolution	won't fix

Summary	0004780: Drupwn
Description	Hi there, It would be awesome if you would be able to add the new Drupal exploitation and enumeration tool, named Drupwn, on your pentesting operating system. Following, the git repository link: https://github.com/immunIT/drupwn Regards

g0tmi1k 2018-05-31 10:54 administrator ~0009189	To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us): [Name] - The name of the tool [Version] - What version of the tool should be added? --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag) [Homepage] - Where can the tool be found online? Where to go to get more information? [Download] - Where to go to get the tool? either a download page or a link to the latest version [Author] - Who made the tool? [Licence] - How is the software distributed? What conditions does it come with? [Description] - What is the tool about? What does it do? [Dependencies] - What is needed for the tool to work? [Similar tools] - What other tools are out there? [Activity] - When did the project start? Is is still actively being deployed? [How to install] - How do you compile it? --- Note, using source code to acquire (e.g. git clone/svn checkout) can't be used - Also downloading from the head. Please use a "tag" or "release" version. [How to use] - What are some basic commands/functions to demonstrate it?

immunIT 2018-05-31 12:42 reporter ~0009192	[Name] Drupwn [Version] release [Homepage] https://github.com/immunIT/drupwn https://www.immunit.ch/blog/2018/04/10/yet-another-drupal-scanner-drupwn/ [Download] https://github.com/immunIT/drupwn/archive/master.zip [Author] Jean Lejeune - Nitrax - Immunit [Licence] GPL V3 [Description] Drupwn is a python script, following a modular architecture for maintenance and enhancement purposes, which allows exploiting and enumerating various kind of information that could be valuable to any security assessment against such platform. [Dependencies] python3 requests veryprettytable prompt_toolkit [Similar tools] Other tools e.g. Droopscan, drupscan allows performing enumeration attack. However, Drupwn is by far well more complete with an exploit mode allowing to exploit last drupal CVE. (Drupalgedon 2/3). [Activity] Drupwn has been release two months ago and still maintained (last push a few days ago) [How to install] Using the setup.py installer. #python3 setup.py install The tag release must be use to get the last release. [How to use] drupwn enum http://example.com #will apply all the numeration module drupwn exploit http://example.com #will use the exploit mode Hope it helps. Best,

immunIT 2019-03-06 09:23 reporter ~0010396	HI there, Any news about the review of the tool above? Best,

g0tmi1k 2019-12-02 13:55 administrator ~0011551	This tool looks good, however, the lack of commits is a little worrying If dev picks up again, then we may add it in

Date Modified	Username	Field	Change
2018-05-31 09:21	immunIT	New Issue
2018-05-31 10:54	g0tmi1k	Category	Feature Requests => Tool Upgrade
2018-05-31 10:54	g0tmi1k	Product Version	2018.2 =>
2018-05-31 10:54	g0tmi1k	Summary	[Tool request] Drupwn => Drupwn
2018-05-31 10:54	g0tmi1k	Note Added: 0009189
2018-05-31 10:55	g0tmi1k	Category	Tool Upgrade => New Tool Requests
2018-05-31 12:42	immunIT	Note Added: 0009192
2019-03-06 09:23	immunIT	Note Added: 0010396
2019-12-02 13:55	g0tmi1k	Note Added: 0011551
2019-12-02 13:55	g0tmi1k	Status	new => closed
2019-12-02 13:55	g0tmi1k	Resolution	open => won't fix