Drupwn – Drupal Enumeration Tool and Security Scanner in Kali Linux
Drupal is content management software used for making many of the websites and applications you use every day. Along with its cool features, there can be some risks that are linked with Drupal CMS. The outdated version can lead to Security Compromise on the web application. We can test the Drupal CMS consisting of websites by applying an automated approach. Drupwn tool is an automated tool developed in the Python language which performs Enumeration and Exploitation on the target domain. The tool consists of CVEs that can be tested against the target domain and can be exploited if the application is vulnerable to it. Drupwn tool is available on GitHub, it’s free and open-source to use.
There are two modes available on the Drupwn tool.
- Performs User enumeration
- Performs Node enumeration
- Performs Default files enumeration
- Performs Module enumeration
- Performs Theme enumeration
- Performs Cookies support
- Performs User-Agent support
- Performs Basic authentication support
- Performs Request delay
- Performs Enumeration range
- Performs Logging
- Supports Vulnerability checker
- Supports CVE exploiter
Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process – Python Installation Steps on Linux
Installation of Drupwn Tool on Kali Linux OS
Step 1: Use the following command to install the tool in your Kali Linux operating system.
git clone https://github.com/immunIT/drupwn.git
Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.
Step 3: You are in the directory of the Drupwn. Now you have to install a dependency of the Drupwn using the following command.
sudo pip3 install -r requirements.txt
Step 4: Run the setup.py file to complete the installation.
sudo python3 setup.py install
Step 5: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.
Working with Drupwn Tool on Kali Linux OS
Example 1: Using Enumeration Mode
python3 ./drupwn –mode enum –target http://192.168.206.133/drupal
In this example, we are using the enumeration mode for extracting information about the target. We have got the version of CMS used by the target.
In the below screenshot, er have got the list of themes used by the target domain.
In the below screenshot, we have got the files that are hosted on the domain server,
Example 2: Using Exploitation Mode
python3 ./drupwn –mode exploit –target http://192.168.206.133/drupal
In this example, we are using the exploitation mode for exploiting the vulnerability present on the target. We have got the version of CMS used by the target.
In the below screenshot, we are listing the available CVE present on the Drupwn tool database
In the below screenshot, we are testing the target domain against CVE-2019-7600, and it’s vulnerable to the CVE.
In the below screenshot, we will be exploiting the target domain.
In the below screenshot, we have exploited the target domain and by entering the ls command we have listed out the files and directories available on the system.
In the below screenshot, we are printing the current user name from which we are accessing the system.
Please Login to comment...