Full Disclosure mailing list archives
[Tool] Introducing plown: security scanner for Plone CMS
From: mgogoulos () unweb me
Date: Tue, 24 Apr 2012 16:08:17 +0300
Hi all! We are pleased to announce the release of plown, a security tool for Plone. Despite the fact that Plone [1] is one of the most secure CMS, even the most secure system can be penetrated due to misconfigurations, use of weak passwords and if the admins never apply the patches released. Plown [2] has been developed during penetration tests on Plone sites and was used to ease the discovery of usernames and passwords, plus expose known Plone vulnerabilities that might exist on a system. What Plown does * Username enumeration * Multithreading password cracking.You can specify the login url (if different that login_form) and the number of threads (16 default) * Known vulnerability enumeration, based on urls/objects exposed. If found vulnerable, the tool informs about the vulnerability and the url of the patch * Version enumeration is planned, based on md5 hashes of static content (css, js) We hope that plown can act as an assistant to system administrators to strengthen their Plone sites. code: https://github.com/unweb/plown/ (written on python) plown home: https://unweb.me/projects/open-source/plown Links: ------ [1] http://plone.org/ [2] https://unweb.me/projects/open-source/plown
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [Tool] Introducing plown: security scanner for Plone CMS mgogoulos (Apr 24)