A new version of droopescan has been released, which increases the version’s patch digit from 1.33.6 to 1.33.7. With this, droopescan officially reaches elite status. This is a minor increase to update fingerprint databases for all supported CMS’. No serious vulnerabilities have come out this round, although WordPress has patched a Cross Site Scripting vulnerability.
For those that are not aware, a large number of improvements have been implemented between 1.0 and 1.33.7, almost too many to count. A few highlights are:
- Support for CMS type autodetection. This allows you to specify a list of URLs and dscan will automatically determine what CMS it is and perform the usual version and plugin enumeration. Performance is pretty great, and I’ve successfully version scanned several million hosts in three days time.
- Allow for resuming of mass scans with the –resume flag.
- Several performance improvements and tweaks.
- Preliminary support for WordPress and Joomla.
droopescan development continues on, and exciting things for the future include tools that will make updating the fingerprint even easier (for me, as I am very lazy), support for other CMSs, and the release of version 2.0 which will tidy up JSON output.