Open In App

Drupwn – Drupal Enumeration Tool and Security Scanner in Kali Linux

Improve
Improve
Like Article
Like
Save
Share
Report

Drupal is content management software used for making many of the websites and applications you use every day. Along with its cool features, there can be some risks that are linked with Drupal CMS. The outdated version can lead to Security Compromise on the web application. We can test the Drupal CMS consisting of websites by applying an automated approach. Drupwn tool is an automated tool developed in the Python language which performs Enumeration and Exploitation on the target domain. The tool consists of CVEs that can be tested against the target domain and can be exploited if the application is vulnerable to it. Drupwn tool is available on GitHub, it’s free and open-source to use.

There are two modes available on the Drupwn tool.

  • Enumeration
  • Exploitation

1. Enumeration

  1. Performs User enumeration
  2. Performs Node enumeration
  3. Performs Default files enumeration
  4. Performs Module enumeration
  5. Performs Theme enumeration
  6. Performs  Cookies support
  7. Performs User-Agent support
  8. Performs Basic authentication support
  9. Performs Request delay
  10. Performs Enumeration range
  11. Performs Logging

2. Exploitation

  1. Supports Vulnerability checker
  2. Supports CVE exploiter

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process – Python Installation Steps on Linux

Installation of Drupwn Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/immunIT/drupwn.git

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd drupwn

Step 3: You are in the directory of the Drupwn. Now you have to install a dependency of the Drupwn using the following command.

sudo pip3 install -r requirements.txt

Step 4: Run the setup.py file to complete the installation.

sudo python3 setup.py install

Step 5: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.

drupwn -h

Working with Drupwn Tool on Kali Linux OS

Example 1: Using Enumeration Mode

python3 ./drupwn –mode enum –target http://192.168.206.133/drupal 

In this example, we are using the enumeration mode for extracting information about the target. We have got the version of CMS used by the target.

In the below screenshot, er have got the list of themes used by the target domain.

In the below screenshot, we have got the files that are hosted on the domain server,

Example 2: Using Exploitation  Mode

python3 ./drupwn –mode exploit –target http://192.168.206.133/drupal 

In this example, we are using the exploitation mode for exploiting the vulnerability present on the target. We have got the version of CMS used by the target.

In the below screenshot, we are listing the available CVE present on the Drupwn tool database

In the below screenshot, we are testing the target domain against CVE-2019-7600, and it’s vulnerable to the CVE.

In the below screenshot, we will be exploiting the target domain.

In the below screenshot, we have exploited the target domain and by entering the ls command we have listed out the files and directories available on the system.

In the below screenshot, we are printing the current user name from which we are accessing the system.



Last Updated : 23 Sep, 2021
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads