search

SamJoan / droopescan

A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
GNU Affero General Public License v3.0
1.22k stars 246 forks source link

Does not correctly identify this site #31

Closed wavesailor closed 6 years ago

wavesailor commented 6 years ago

Been using on a number of sites lately and works great - Thanks

I came across the Wordpress site that droopescan could not identify.

Not sure how I could help debug it further?

-

SamJoan commented 6 years ago

Hi there,

Glad to hear it generally works, appreciate the feedback. In general, when sites don't work it is because they are doing something weird, like returning 500 responses for known wordpress files and things like that.

If you would like, you could run it with the --debug-requests parameter to verify.

wavesailor commented 6 years ago

Hi,

Thanks I did try that but it seem to run better with theses options:

droopescan scan wordpress -u www.example.co.za  --method forbidden
modules [ ===                                                ] 15/250 (6%)[+]  Got an HTTP 500 response.
modules [ ====                                               ] 23/250 (9%)[+]  Got an HTTP 500 response.
modules [ =====                                              ] 29/250 (11%)[+]  Got an HTTP 500 response.
modules [ =======                                            ] 35/250 (14%)[+]  Got an HTTP 500 response.
modules [ =======                                            ] 39/250 (15%)[+]  Got an HTTP 500 response.
modules [ ========================                           ] 120/250 (48%)[+]  Got an HTTP 500 response.
modules [ ===========================                        ] 136/250 (54%)[+]  Got an HTTP 500 response.
[+] No themes found.

[+] Possible interesting urls found:
    This CMS' default changelog. - http://www.example.co.za/readme.html

[+] Possible version(s):
    4.6.2
    4.6.3
    4.7.1
    4.7.2
    4.7.3
    4.7.4
    4.7.5
    4.8
    4.8.1
    4.8.2
    4.8.3
    4.8.4
    4.9
    4.9.1

[+] Plugins found:
    wordpress-seo http://www.example.co.za/wp-content/plugins/wordpress-seo/
        http://www.example.co.za/wp-content/plugins/wordpress-seo/readme.txt
        http://www.example.co.za/wp-content/plugins/wordpress-seo/license.txt
    akismet http://www.example.co.za/wp-content/plugins/akismet/
        http://www.example.co.za/wp-content/plugins/akismet/readme.txt
    regenerate-thumbnails http://www.example.co.za/wp-content/plugins/regenerate-thumbnails/
        http://www.example.co.za/wp-content/plugins/regenerate-thumbnails/readme.txt
        http://www.example.co.za/wp-content/plugins/regenerate-thumbnails/screenshot-1.png
    w3-total-cache http://www.example.co.za/wp-content/plugins/w3-total-cache/
        http://www.example.co.za/wp-content/plugins/w3-total-cache/readme.txt
    really-simple-captcha http://www.example.co.za/wp-content/plugins/really-simple-captcha/
        http://www.example.co.za/wp-content/plugins/really-simple-captcha/readme.txt
        http://www.example.co.za/wp-content/plugins/really-simple-captcha/license.txt
    wp-pagenavi http://www.example.co.za/wp-content/plugins/wp-pagenavi/
        http://www.example.co.za/wp-content/plugins/wp-pagenavi/readme.txt
    redirection http://www.example.co.za/wp-content/plugins/redirection/
        http://www.example.co.za/wp-content/plugins/redirection/readme.txt
        http://www.example.co.za/wp-content/plugins/redirection/license.txt
        http://www.example.co.za/wp-content/plugins/redirection/screenshot-1.png
    breadcrumb-navxt http://www.example.co.za/wp-content/plugins/breadcrumb-navxt/
        http://www.example.co.za/wp-content/plugins/breadcrumb-navxt/readme.txt
    disqus-comment-system http://www.example.co.za/wp-content/plugins/disqus-comment-system/
        http://www.example.co.za/wp-content/plugins/disqus-comment-system/readme.txt
    php-code-widget http://www.example.co.za/wp-content/plugins/php-code-widget/
        http://www.example.co.za/wp-content/plugins/php-code-widget/readme.txt

[+] Scan finished (0:00:27.690410 elapsed)

Different Error

I came across this error on this site: droopescan scan -u example.com --debug-requests

[head] https://example.com/wp-content/themes/gardener/ None FAILED (<class 'requests.exceptions.ConnectionError'>: ('Connection aborted.', BadStatusLine("''",)))
[head] https://example.com/wp-content/themes/codilight-lite/ None 404
[head] https://example.com/wp-content/themes/gambit/ None 404
Traceback (most recent call last):
  File "/home/userx/.local/bin/droopescan", line 5, in <module>
    droopescan.main()
  File "/home/userx/.local/lib/python2.7/site-packages/dscan/droopescan.py", line 55, in main
    ds.run()
  File "/home/userx/.local/lib/python2.7/site-packages/cement/core/foundation.py", line 764, in run
    self.controller._dispatch()
  File "/home/userx/.local/lib/python2.7/site-packages/cement/core/controller.py", line 466, in _dispatch
    return func()
  File "/home/userx/.local/lib/python2.7/site-packages/cement/core/controller.py", line 472, in _dispatch
    return func()
  File "/home/userx/.local/lib/python2.7/site-packages/dscan/plugins/internal/scan.py", line 132, in default
    inst.process_url(opts, **inst_dict['kwargs'])
  File "/home/userx/.local/lib/python2.7/site-packages/dscan/plugins/internal/base_plugin_internal.py", line 316, in process_url
    hide_progressbar=hide_progressbar)
  File "/home/userx/.local/lib/python2.7/site-packages/dscan/plugins/internal/base_plugin_internal.py", line 443, in url_scan
    finds, is_empty = enum['func'](**kwargs)
  File "/home/userx/.local/lib/python2.7/site-packages/dscan/plugins/internal/base_plugin_internal.py", line 732, in enumerate_themes
    hide_progressbar, imu, headers)
  File "/home/userx/.local/lib/python2.7/site-packages/dscan/plugins/internal/base_plugin_internal.py", line 685, in enumerate
    r = future_array['future'].result()
  File "/home/userx/.local/lib/python2.7/site-packages/concurrent/futures/_base.py", line 462, in result
    return self.__get_result()
  File "/home/userx/.local/lib/python2.7/site-packages/concurrent/futures/thread.py", line 63, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/home/userx/.local/lib/python2.7/site-packages/dscan/common/output.py", line 196, in head
    return self._print('head', *args, **kwargs)
  File "/home/userx/.local/lib/python2.7/site-packages/dscan/common/output.py", line 179, in _print
    r = sess_method(*args, **kwargs)
  File "/home/userx/.local/lib/python2.7/site-packages/requests/sessions.py", line 543, in head
    return self.request('HEAD', url, **kwargs)
  File "/home/userx/.local/lib/python2.7/site-packages/requests/sessions.py", line 508, in request
    resp = self.send(prep, **send_kwargs)
  File "/home/userx/.local/lib/python2.7/site-packages/requests/sessions.py", line 618, in send
    r = adapter.send(request, **kwargs)
  File "/home/userx/.local/lib/python2.7/site-packages/requests/adapters.py", line 490, in send
    raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', BadStatusLine("''",))
SamJoan commented 6 years ago

That error happens when the server does not respond to the request with a valid HTTP response. It may be a WAF or another issue.

Just to confirm, do you have authorisation to test these sites? I've removed the URLs from the post. Of course scanning websites using droopescan is illegal and droopescan can only be used with the authorisation of the targeted website.