Drupwn v0.9.2, tool to make attacks on Drupal sites

Share this…

Drupwn is a tool that helps efficiently gather drupal information.

The information security expert says that there are two tested versions admitted; Drupal 7 and Drupal 8.

drupal

https://asciinema.org/a/J6dQmUJVskyHV07iARITfoLan

Drupwn can be executed using two separate modes; enum and exploit. The enum mode allows enumerations while the exploit mode allows verifying and exploiting CVE.

Regarding the functionalities, first we will see the Enum mode.

  • User enumeration
  • Node enumeration
  • Default files enumeration
  • Module enumeration
  • Theme enumeration
  • Cookies support
  • User-Agent support
  • Basic authentication support
  • Request delay
  • Enumeration range
  • Logging

Exploit mode

  • Vulnerability checker
  • CVE exploiter

drupwn 1

To add a new module, follow the template used in the User.py file. Next, add a reference in the analyzer and the dispatcher to ensure its compatibility with the reflective factory, says the information security professional.

Running Drupwn against websites without prior mutual consent may be illegal in your country. The equipment does not accept any responsibility and is not responsible for any misuse or damage caused by Drupwn.