Drupwn is a tool that helps efficiently gather drupal information.
The information security expert says that there are two tested versions admitted; Drupal 7 and Drupal 8.
Drupwn can be executed using two separate modes; enum and exploit. The enum mode allows enumerations while the exploit mode allows verifying and exploiting CVE.
Regarding the functionalities, first we will see the Enum mode.
- User enumeration
- Node enumeration
- Default files enumeration
- Module enumeration
- Theme enumeration
- Cookies support
- User-Agent support
- Basic authentication support
- Request delay
- Enumeration range
- Vulnerability checker
- CVE exploiter
To add a new module, follow the template used in the User.py file. Next, add a reference in the analyzer and the dispatcher to ensure its compatibility with the reflective factory, says the information security professional.
Running Drupwn against websites without prior mutual consent may be illegal in your country. The equipment does not accept any responsibility and is not responsible for any misuse or damage caused by Drupwn.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.