DPScan - security scanner module for Drupal

1. #! / Usr / bin / python
2. # Drupal modules scanner
3. import  os, sys, socket, Subprocess
4.  
5. __Cmd__ = {
6. # WGET
7. "Wget" : "wget-q-O -" ,
8. "Grep" : "| grep modules" ,
9. "Output_File" : "cat" ,
10. "Help" : "Drupal Modules Enumerator V0.1Beta-- written by Ali Elouafiq 2012"
11. "\ N <ScriptName> [filename.txt]"
12. "\ N <ScriptName> [URL]"
13. "\ N <ScriptName> [URL] user password / / FOR HTTP AUTHORIZATION"
14.  
15. }
16. __Debug_Mode__ = "off"
17. def  call (command):
18. p = Subprocess.popen ([command], shell = True , stdin = Subprocess.pipe, stdout = Subprocess.pipe, stderr = Subprocess.pipe)
19. if  ( len (P.stdout.readlines ()) +  len (P.stderr.readlines ()))> the 0th  :
20. raise  Commandfailure (command)
21. def  main ():
22. # Check options
23. Modules_List = []
24. command = ""
25. if  len (Sys.argv) = = an :
26. print  __Cmd__ [ "help" ]
27. else :
28. if  len (Sys.argv) = =  the second  :
29. url = Sys.argv [ 1 ]
30. if  len (Url.split ( ". txt" ))> the first :
31. command = " "+ __Cmd__ [" Output_File "] + url
32. else : command = " "+ __Cmd__ [" wget "] + url
33. if  len (Sys.argv) = =  the 4th  :
34. url = Sys.argv [ 1 ]
35. user = Sys.argv [ 2nd ]
36. password = Sys.argv [ third ]
37. command = " "+ __Cmd__ [" wget "] + url +"  - - http - user "+ user +"  - - http - password " + password
38.  
39. # Retrieves the Page
40. command = command + __Cmd__ [ "grep" ]
41. # --- Command:
42. p = Subprocess.popen ([command], shell = True , stdin = Subprocess.pipe, stdout = Subprocess.pipe, stderr = Subprocess.pipe)
43. if  __Debug_Mode__ = = "wget" : print  P.stdout
44. # SCAN the page
45. for  line in  P.stdout:
46. line = Line.split ( "modules" )
47. if  len (line)> 1  :
48. Modules_List.append (line [ the first ]. split ( "/" ) [ the first ])
49. # Retrieve Results
50. Modules_List = list ( set (Modules_List))
51. for  module in  Modules_List:
52. print  module
53.  
54. if  __Name__ = = "__Main__" :
55. main ()