Closed wavesailor closed 6 years ago
Hi there,
Glad to hear it generally works, appreciate the feedback. In general, when sites don't work it is because they are doing something weird, like returning 500 responses for known wordpress files and things like that.
If you would like, you could run it with the --debug-requests
parameter to verify.
Hi,
Thanks I did try that but it seem to run better with theses options:
droopescan scan wordpress -u www.example.co.za --method forbidden
modules [ === ] 15/250 (6%)[+] Got an HTTP 500 response.
modules [ ==== ] 23/250 (9%)[+] Got an HTTP 500 response.
modules [ ===== ] 29/250 (11%)[+] Got an HTTP 500 response.
modules [ ======= ] 35/250 (14%)[+] Got an HTTP 500 response.
modules [ ======= ] 39/250 (15%)[+] Got an HTTP 500 response.
modules [ ======================== ] 120/250 (48%)[+] Got an HTTP 500 response.
modules [ =========================== ] 136/250 (54%)[+] Got an HTTP 500 response.
[+] No themes found.
[+] Possible interesting urls found:
This CMS' default changelog. - http://www.example.co.za/readme.html
[+] Possible version(s):
4.6.2
4.6.3
4.7.1
4.7.2
4.7.3
4.7.4
4.7.5
4.8
4.8.1
4.8.2
4.8.3
4.8.4
4.9
4.9.1
[+] Plugins found:
wordpress-seo http://www.example.co.za/wp-content/plugins/wordpress-seo/
http://www.example.co.za/wp-content/plugins/wordpress-seo/readme.txt
http://www.example.co.za/wp-content/plugins/wordpress-seo/license.txt
akismet http://www.example.co.za/wp-content/plugins/akismet/
http://www.example.co.za/wp-content/plugins/akismet/readme.txt
regenerate-thumbnails http://www.example.co.za/wp-content/plugins/regenerate-thumbnails/
http://www.example.co.za/wp-content/plugins/regenerate-thumbnails/readme.txt
http://www.example.co.za/wp-content/plugins/regenerate-thumbnails/screenshot-1.png
w3-total-cache http://www.example.co.za/wp-content/plugins/w3-total-cache/
http://www.example.co.za/wp-content/plugins/w3-total-cache/readme.txt
really-simple-captcha http://www.example.co.za/wp-content/plugins/really-simple-captcha/
http://www.example.co.za/wp-content/plugins/really-simple-captcha/readme.txt
http://www.example.co.za/wp-content/plugins/really-simple-captcha/license.txt
wp-pagenavi http://www.example.co.za/wp-content/plugins/wp-pagenavi/
http://www.example.co.za/wp-content/plugins/wp-pagenavi/readme.txt
redirection http://www.example.co.za/wp-content/plugins/redirection/
http://www.example.co.za/wp-content/plugins/redirection/readme.txt
http://www.example.co.za/wp-content/plugins/redirection/license.txt
http://www.example.co.za/wp-content/plugins/redirection/screenshot-1.png
breadcrumb-navxt http://www.example.co.za/wp-content/plugins/breadcrumb-navxt/
http://www.example.co.za/wp-content/plugins/breadcrumb-navxt/readme.txt
disqus-comment-system http://www.example.co.za/wp-content/plugins/disqus-comment-system/
http://www.example.co.za/wp-content/plugins/disqus-comment-system/readme.txt
php-code-widget http://www.example.co.za/wp-content/plugins/php-code-widget/
http://www.example.co.za/wp-content/plugins/php-code-widget/readme.txt
[+] Scan finished (0:00:27.690410 elapsed)
I came across this error on this site: droopescan scan -u example.com --debug-requests
[head] https://example.com/wp-content/themes/gardener/ None FAILED (<class 'requests.exceptions.ConnectionError'>: ('Connection aborted.', BadStatusLine("''",)))
[head] https://example.com/wp-content/themes/codilight-lite/ None 404
[head] https://example.com/wp-content/themes/gambit/ None 404
Traceback (most recent call last):
File "/home/userx/.local/bin/droopescan", line 5, in <module>
droopescan.main()
File "/home/userx/.local/lib/python2.7/site-packages/dscan/droopescan.py", line 55, in main
ds.run()
File "/home/userx/.local/lib/python2.7/site-packages/cement/core/foundation.py", line 764, in run
self.controller._dispatch()
File "/home/userx/.local/lib/python2.7/site-packages/cement/core/controller.py", line 466, in _dispatch
return func()
File "/home/userx/.local/lib/python2.7/site-packages/cement/core/controller.py", line 472, in _dispatch
return func()
File "/home/userx/.local/lib/python2.7/site-packages/dscan/plugins/internal/scan.py", line 132, in default
inst.process_url(opts, **inst_dict['kwargs'])
File "/home/userx/.local/lib/python2.7/site-packages/dscan/plugins/internal/base_plugin_internal.py", line 316, in process_url
hide_progressbar=hide_progressbar)
File "/home/userx/.local/lib/python2.7/site-packages/dscan/plugins/internal/base_plugin_internal.py", line 443, in url_scan
finds, is_empty = enum['func'](**kwargs)
File "/home/userx/.local/lib/python2.7/site-packages/dscan/plugins/internal/base_plugin_internal.py", line 732, in enumerate_themes
hide_progressbar, imu, headers)
File "/home/userx/.local/lib/python2.7/site-packages/dscan/plugins/internal/base_plugin_internal.py", line 685, in enumerate
r = future_array['future'].result()
File "/home/userx/.local/lib/python2.7/site-packages/concurrent/futures/_base.py", line 462, in result
return self.__get_result()
File "/home/userx/.local/lib/python2.7/site-packages/concurrent/futures/thread.py", line 63, in run
result = self.fn(*self.args, **self.kwargs)
File "/home/userx/.local/lib/python2.7/site-packages/dscan/common/output.py", line 196, in head
return self._print('head', *args, **kwargs)
File "/home/userx/.local/lib/python2.7/site-packages/dscan/common/output.py", line 179, in _print
r = sess_method(*args, **kwargs)
File "/home/userx/.local/lib/python2.7/site-packages/requests/sessions.py", line 543, in head
return self.request('HEAD', url, **kwargs)
File "/home/userx/.local/lib/python2.7/site-packages/requests/sessions.py", line 508, in request
resp = self.send(prep, **send_kwargs)
File "/home/userx/.local/lib/python2.7/site-packages/requests/sessions.py", line 618, in send
r = adapter.send(request, **kwargs)
File "/home/userx/.local/lib/python2.7/site-packages/requests/adapters.py", line 490, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', BadStatusLine("''",))
That error happens when the server does not respond to the request with a valid HTTP response. It may be a WAF or another issue.
Just to confirm, do you have authorisation to test these sites? I've removed the URLs from the post. Of course scanning websites using droopescan is illegal and droopescan can only be used with the authorisation of the targeted website.
Been using on a number of sites lately and works great - Thanks
I came across the Wordpress site that droopescan could not identify.
Not sure how I could help debug it further?
-