dash/Typo3Scan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

corrections

Browse Source
This commit is contained in:
root
2014-08-10 16:59:26 +02:00
parent 2437faf917
commit 6d4a3cdc0b
3 changed files with 28 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@@ -1,10 +1,10 @@
Typo-Enumerator Typo3-Enumerator
=============== ===============
Typo-Enumerator is an open source penetration testing tool that automates the process of detecting the [Typo3](https://typo3.org) CMS and its installed [extensions](https://typo3.org/extensions/repository/?id=23&L=0&q=&tx_solr[filter][outdated]=outdated%3AshowOutdated) (also the outdated ones!). Typo3-Enumerator is an open source penetration testing tool that automates the process of detecting the [Typo3](https://typo3.org) CMS and its installed [extensions](https://typo3.org/extensions/repository/?id=23&L=0&q=&tx_solr[filter][outdated]=outdated%3AshowOutdated) (also the outdated ones!).
If the --top parameter is set to a value, only the specified most downloaded extensions are tested. If the --top parameter is set to a value, only the specified most downloaded extensions are tested.
It is possible to use POST instead of GET Requests and do all requests through the [TOR Hidden Service](https://www.torproject.org/) network, with the help of [Privoxy](www.privoxy.org), in order to prevent DNS leakage. It is possible to do all requests through the [TOR Hidden Service](https://www.torproject.org/) network, with the help of [Privoxy](www.privoxy.org), in order to prevent DNS leakage.
Installation Installation
---- ----
@@ -29,7 +29,7 @@ To get a list of all options use:
python typoenum.py -h python typoenum.py -h
You can use Typo-Enumerator with domains: You can use Typo3-Enumerator with domains:
python typoenum.py -d DOMAIN [DOMAIN ...] [--user_agent USER-AGENT] [--top VALUE] [-v] [--tor] python typoenum.py -d DOMAIN [DOMAIN ...] [--user_agent USER-AGENT] [--top VALUE] [-v] [--tor]

38
doc/CHANGELOG.md
View File

@@ -1,4 +1,4 @@
# Version 0.3 ## Version 0.3
* Using modules instead of one class * Using modules instead of one class
* Accepting now strg+c when in multithreaded mode * Accepting now strg+c when in multithreaded mode
@@ -10,50 +10,50 @@
* Typo3 version search is more accurate * Typo3 version search is more accurate
* If the backend login page could not be found, but Typo3 is used, the user is asked, if he want to proceed. This will mostly lead to "no extensions are installed". * If the backend login page could not be found, but Typo3 is used, the user is asked, if he want to proceed. This will mostly lead to "no extensions are installed".
# Version 0.2.1 ## Version 0.2.1
* Fixed some bugs * Fixed some bugs
* It is now possible to specifiy threads * It is now possible to specifiy threads.<br>
Default is 10. Default is 10.<br>
I strongly recommend to use only 2 or even 1 thread when using TOR! I strongly recommend to use only 2 or even 1 thread when using TOR!<br>
This is because TOR is (extremely) slow and will produce connection errors if too many threads are used. This is because TOR is (extremely) slow and will produce connection errors if too many threads are used.
# Version 0.2 ## Version 0.2
* Added support for Privoxy and TOR * Added support for Privoxy and TOR
* It is now possible to use Typo-Enumerator with Privoxy and TOR (--tor) * It is now possible to use Typo-Enumerator with Privoxy and TOR (--tor)<br>
Privoxy is used to prevent dns leakage ;) Privoxy is used to prevent dns leakage ;)<br>
Please make sure the Privoxy config (/etc/privoxy/config) is set to something like: Please make sure the Privoxy config (/etc/privoxy/config) is set to something like:<br>
listen-address 127.0.0.1:8118 listen-address 127.0.0.1:8118<br>
forward-socks5 / 127.0.0.1:9050 . forward-socks5 / 127.0.0.1:9050 .<br>
These are the standart ports for Privoxy and TOR These are the standart ports for Privoxy and TOR<br>
If TOR is used, threads will be set to 2 in order to minimize errors If TOR is used, threads will be set to 2 in order to minimize errors
* Version search for extensions is now more reliable * Version search for extensions is now more reliable
# Version 0.1.6 ## Version 0.1.6
* Added version search for extensions * Added version search for extensions
# Version 0.1.5 ## Version 0.1.5
* Added extension search * Added extension search
# Version 0.1.4 ## Version 0.1.4
* Added support for Typo v6.X * Added support for Typo v6.X
# Version 0.1.3 ## Version 0.1.3
* Optimized requests * Optimized requests
# Version 0.1.2 ## Version 0.1.2
* Added version guessing * Added version guessing
# Version 0.1.1 ## Version 0.1.1
* Added version search for Typo3 * Added version search for Typo3
# Version 0.1 ## Version 0.1
* Prototype * Prototype

6
doc/TODO.md
View File

@@ -4,4 +4,8 @@
* Search for Typo3 version-specific extensions * Search for Typo3 version-specific extensions
* Some extensions don't have any version information. These extensions must be listed in settings.NO_VERSIONINFO. * Some extensions don't have any version information. These extensions must be listed in settings.NO_VERSIONINFO.
* Use http:// or https:// plus the domain ? * Use http:// or https:// plus the domain ?
* Maybe use one library for all requests * Maybe use one library for all requests
* Test on other platforms
* Update "usage" in readme.md
* Add screenshot
* Use POST instead of GET Requests