Typo3-Enumerator

Typo3-Enumerator is an open source penetration testing tool that automates the process of detecting the Typo3 CMS and its installed extensions (also the outdated ones!). If the --top parameter is set to a value, only the specified most downloaded extensions are tested.

It is possible to do all requests through the TOR Hidden Service network, with the help of Privoxy, in order to prevent DNS leakage.

Installation

You can download the latest tarball by clicking here or latest zipball by clicking here.

Preferably, you can download Type-Enumerator by cloning the Git repository:

git clone https://github.com/whoot/Typo-Enumerator.git

Typo-Enumerator works with Python version 2.6.x and 2.7.x on Debian/Ubuntu platform.

If you want to use Typo-Enumerator with TOR, you need the SocksiPy module. On Debian/Ubuntu you can install it with apt-get:

sudo apt-get install python-socksipy

Usage

To get a list of all options use:

python typoenum.py -h

You can use Typo3-Enumerator with domains:

python typoenum.py -d DOMAIN [DOMAIN ...] [--user_agent USER-AGENT] [--top VALUE] [-v] [--tor]

Or with a file with a list of domains:

python typoenum.py -f FILE [--user_agent USER-AGENT] [--top VALUE] [-v] [--tor]

Example: Test if Typo3 and top 20 downloaded extensions are installed on localhost:

python typoenum.py -d 127.0.0.1 --top 20

Bug Reporting

Bug reports are welcome! Please report all bugs on the issue tracker.

Links

• Download: .tar.gz or .zip
• Changelog: Here
• TODO: Here
• Issue tracker: https://github.com/whoot/Typo-Enumerator/issues