[Full-disclosure] [Tool] Introducing plown: security scanner for Plone CMS
- From: mgogoulos@xxxxxxxx
- Date: Tue, 24 Apr 2012 16:08:17 +0300
We are pleased to announce the release of plown, a security
tool for Plone.
Despite the fact that Plone  is one of the most
secure CMS, even the most secure system can be penetrated due to
misconfigurations, use of weak passwords and if the admins never apply
the patches released.
Plown  has been developed during penetration
tests on Plone sites and was used to ease the discovery of usernames and
passwords, plus expose known Plone vulnerabilities that might exist on a
What Plown does
* Username enumeration
password cracking.You can specify the login url (if different that
login_form) and the number of threads (16 default)
vulnerability enumeration, based on urls/objects exposed. If found
vulnerable, the tool informs about the vulnerability and the url of the
* Version enumeration is planned, based on md5 hashes of static
content (css, js)
We hope that plown can act as an assistant to system
administrators to strengthen their Plone sites.
https://github.com/unweb/plown/ (written on python)
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services
- Next by Date: Re: [Full-disclosure] incorrect integer conversions in OpenSSL can result in memory corruption.
- Previous by thread: [Full-disclosure] [ MDVSA-2012:064 ] openssl0.9.8
- Next by thread: [Full-disclosure] Hacking WolframAlpha