This course covers the basics of using Droopescan, the Drupal CMS Scanner. Droopescan is a plugin-based scanner that is used to identify any issues in Drupal-based CMSes. Droopescan is similar to network scanners like NMap, but is used to scan Drupal-based systems instead. Drupal is an open-source content management framework, and is often used to manage and administer websites. Droopescan is often used to spot bugs and issues with the Drupal script, and can, potentially, be used to highlight any exploitable issues.
In this video guide, we’ll be covering the basics of using Droopescan, the content management system scanner. Content management systems, or CMS’s, are used to administer websites, and many use the open-source Drupal software – Droopescan is used to scan these Drupal CMSs.
In this demonstration we’ll cover the basics in 3 steps:
Step 1 – installing Droopescan. In this demonstration, we’ll be scanning a test environment with the IP address 10.1.1.22. As Droopescan is not installed on Kali Linux, we first need to install it using simple python script. In the terminal, type “pip install Droopescan”. Make sure that your device is connected to the internet when doing this, as it downloads Droopescan onto your system.
Step 2 – Scanning a site. Now that Droopescan is installed, we can scan our drupal site. This can be done manually, but using Droopescan makes the task much easier. To do this, type “Droopescan scan Drupal –u http://10.1.1.22”, then select enter – it will then begin to load what it’s found.
Step 3 – Droopescan Findings Droopescan will now begin to return its results. As you can see, it has found a number of themes that are installed on the site, a changelog file available to view and several plugins. This is useful to know, as with this information you could find out if parts of the website are susceptible to any exploits.
In this video guide, we’ve covered how to install Droopescan, how to run Droopescan against a Drupal-based website, and how to view the findings of the scan.