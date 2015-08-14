You can specify a particular host to scan by passing the -u or --url parameter:

droopescan scan drupal -u example.org

You can also omit the drupal argument. This will trigger "CMS identification", like so:

droopescan scan -u example.org

Multiple URLs may be scanned utilizing the -U or --url-file parameter. This parameter should be set to the path of a file which contains a list of URLs.

droopescan scan drupal -U list_of_urls.txt

The drupal parameter may also be omitted in this example. For each site, it will make several GET requests in order to perform CMS identification, and if the site is deemed to be a supported CMS, it is scanned and added to the output list. This can be useful, for example, to run droopescan across all your organization's sites.

droopescan scan -U list_of_urls.txt The code block below contains an example list of URLs, one per line:

http://localhost/drupal/6.0/ http://localhost/drupal/6.1/ http://localhost/drupal/6.10/ http://localhost/drupal/6.11/ http://localhost/drupal/6.12/

A file containing URLs and a value to override the default host header with separated by tabs or spaces is also OK for URL files. This can be handy when conducting a scan through a large range of hosts and you want to prevent unnecessary DNS queries. To clarify, an example below:

192.168.1.1 example.org http://192.168.1.1/ example.org http://192.168.1.2/drupal/ example.org

It is quite tempting to test whether the scanner works for a particular CMS by scanning the official site (e.g. wordpress.org for wordpress), but the official sites rarely run vainilla installations of their respective CMS or do unorthodox things. For example, wordpress.org runs the bleeding edge version of wordpress, which will not be identified as wordpress by droopescan at all because the checksums do not match any known wordpress version.



Authentication The application fully supports .netrc files and http_proxy environment variables.



Use a .netrc file for basic authentication. An example netrc (a file named .netrc placed in your root home directory) file could look as follows:

machine secret.google.com login admin@google.com password Winter01 You can set the http_proxy and https_proxy variables. These allow you to set a parent HTTP proxy, in which you can handle more complex types of authentication (e.g. Fiddler, ZAP, Burp)

export http_proxy='user:password@localhost:8080' export https_proxy='user:password@localhost:8080' droopescan scan drupal --url http://localhost/drupal WARNING: By design, to allow intercepting proxies and the testing of applications with bad SSL, droopescan allows self-signed or otherwise invalid certificates.



Output This application supports both "standard output", meant for human consumption, or JSON, which is more suitable for machine consumption. This output is stable between major versions.

--output flag. Some sample JSON output would look as follows (minus the excessive whitespace):

{ "themes": { "is_empty": true, "finds": [ ] }, "interesting urls": { "is_empty": false, "finds": [ { "url": "https:\/\/www.drupal.org\/CHANGELOG.txt", "description": "Default changelog file." }, { "url": "https:\/\/www.drupal.org\/user\/login", "description": "Default admin." } ] }, "version": { "is_empty": false, "finds": [ "7.29", "7.30", "7.31" ] }, "plugins": { "is_empty": false, "finds": [ { "url": "https:\/\/www.drupal.org\/sites\/all\/modules\/views\/", "name": "views" }, [...snip...] ] } } This can be controlled with theflag. Some sample JSON output would look as follows (minus the excessive whitespace): The code block below contains an example list of URLs, one per line:A file containing URLs and a value to override the default host header with separated by tabs or spaces is also OK for URL files. This can be handy when conducting a scan through a large range of hosts and you want to prevent unnecessary DNS queries. To clarify, an example below:It is quite tempting to test whether the scanner works for a particular CMS by scanning the official site (e.g.for wordpress), but the official sites rarely run vainilla installations of their respective CMS or do unorthodox things. For example,runs the bleeding edge version of wordpress, which will not be identified as wordpress byat all because the checksums do not match any known wordpress version.The application fully supportsfiles andenvironment variables.Use a .netrc file for basic authentication. An example netrc (a file namedplaced in your root home directory) file could look as follows:You can set theandvariables. These allow you to set a parent HTTP proxy, in which you can handle more complex types of authentication (e.g. Fiddler, ZAP, Burp)By design, to allow intercepting proxies and the testing of applications with bad SSL,allows self-signed or otherwise invalid certificates.

Some attributes might be missing from the JSON object if parts of the scan are not ran.