Drupwn is a tool that helps efficiently gather drupal information.
The information security expert says that there are two tested versions admitted; Drupal 7 and Drupal 8.
https://asciinema.org/a/J6dQmUJVskyHV07iARITfoLan
Drupwn can be executed using two separate modes; enum and exploit. The enum mode allows enumerations while the exploit mode allows verifying and exploiting CVE.
Regarding the functionalities, first we will see the Enum mode.
- User enumeration
- Node enumeration
- Default files enumeration
- Module enumeration
- Theme enumeration
- Cookies support
- User-Agent support
- Basic authentication support
- Request delay
- Enumeration range
- Logging
Exploit mode
- Vulnerability checker
- CVE exploiter
To add a new module, follow the template used in the User.py file. Next, add a reference in the analyzer and the dispatcher to ensure its compatibility with the reflective factory, says the information security professional.
Running Drupwn against websites without prior mutual consent may be illegal in your country. The equipment does not accept any responsibility and is not responsible for any misuse or damage caused by Drupwn.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.