Closed mathewmarcus closed 6 years ago
Hi @mathewmarcus
In the output above it shows the possible versions being 7.2x. If you look up that version you'll see it is one of the versions affected by the vulnerability.
Thinking about it now, I can see how this is confusing for new users, as droopescan doesn't really scan for any specific vulnerabilities but rather simply reports on the versions. Do you think a documentation change is warranted? I'm thinking of an additional sentence on the README.
Thanks, Pedro
Ah gotcha, that makes sense. And yeah, I think maybe an additional sentence could be beneficial. Thanks!
I'm running
droopescan
, against Vulnhub's VulnOS: 2, which has a known Drupalgeddon2 vulnerability (verified by running the Metasploit module exploit/unix/webapp/drupal_drupalgeddon2).However, based on the below output,
droopescan
does not appear to detect Drupalgeddon2. I tested this usingdroopescan
installed viapip
and manually. Also I can't include the debug output because it causes this issue to exceed the 65536 character limit.Given that
Detects "Drupalgeddon 2"
is included in the CHANGELOG, I'm confused. Am I missing something?