There are different CMS (content management system) are available like wordpress, Joomla, light CMS and Drupal. Security of each CMS is very important and as a penetration tester point we need to make a website secure by doing a penetration testing on it. There are different tools are available to enumerate into wordpress and joomla and to find the known vulnerabilities in wordpress and joomla but there is no tool for other common content management system like drupal.
Ali Elouafiq has released a wonderful tool to enumerate into drupal based CMS, this is the simple python script and anyone can easily use it. This tutorial will show you how DPScan enumerate the modules used by the drupal CMS.
First of all go and download DPScan, I am using backtrack 5 R1 machine for this tutorial that has python by default but if you are using some other operating system like Windows and other Linux distribution then install python first.
Open your terminal and then locate the directory where you have download the python script of DPScan, remember you can copy the script and then paste in your word editor then save it to whatever.py
The best practice is to download and then unzip the script, I have downloaded and unzip the script in my desktop and then locate the desktop is the terminal then the command is like this:
[email protected]:~/Desktop# python DPScan.pyDRUPAL Modules Enumerator v0.1beta– written by Ali Elouafiq 2012<ScriptName> [filename.txt]<ScriptName> [URL]<ScriptName> [URL] user password // FOR HTTP AUTHORIZATION
A simple enumeration
[email protected]:~/Desktop# python DPScan.py www.mtv.co.uknodeuser_optinfckeditorsystemgsamtv_videobrowsenice_menususerccktop_tabspanelsjquery_update[email protected]:~/Desktop#