lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <b9238af1c6b4b15fa7b38a4cf3d11ce5@unweb.me>
Date: Tue, 24 Apr 2012 16:08:17 +0300
From: mgogoulos@...eb.me
To: <full-disclosure@...ts.grok.org.uk>
Subject: [Tool] Introducing plown: security scanner for
	Plone CMS

 

Hi all!

We are pleased to announce the release of plown, a security
tool for Plone.
Despite the fact that Plone [1] is one of the most
secure CMS, even the most secure system can be penetrated due to
misconfigurations, use of weak passwords and if the admins never apply
the patches released. 

Plown [2] has been developed during penetration
tests on Plone sites and was used to ease the discovery of usernames and
passwords, plus expose known Plone vulnerabilities that might exist on a
system. 

What Plown does 

 	* Username enumeration
 	* Multithreading
password cracking.You can specify the login url (if different that
login_form) and the number of threads (16 default)
 	* Known
vulnerability enumeration, based on urls/objects exposed. If found
vulnerable, the tool informs about the vulnerability and the url of the
patch
 	* Version enumeration is planned, based on md5 hashes of static
content (css, js)

 We hope that plown can act as an assistant to system
administrators to strengthen their Plone sites. 

code:
https://github.com/unweb/plown/ (written on python) 

plown home:
https://unweb.me/projects/open-source/plown

 

Links:
------
[1]
http://plone.org/
[2] https://unweb.me/projects/open-source/plown

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ