DrXploit is a powerful and open-source penetration testing and exploitation tool for web applications. This tool is designed to automate the process of discovering and exploiting vulnerabilities, saving time and effort for security researchers.
- Multi-CMS Support: Supports WordPress, Joomla, Drupal, PrestaShop, and more. 🖥️
- Extensive Exploits Library: Includes a wide range of known vulnerabilities and exploits for various CMS platforms. 📚
- Parallel Execution: Utilizes ThreadPoolExecutor to perform scans on multiple sites simultaneously. 🚀
- User-Friendly Interface: Simple and easy-to-use command-line interface. 👨💻
- Integration with External Libraries: Uses Rich for beautifully formatted output. 🎨
- WordPress: 40+ exploits 📝
- Joomla: 30+ exploits 📝
- Drupal: 10+ exploits 📝
- PrestaShop: 20+ exploits 📝
- Other CMS: 15+ exploits 📝
- Python 3.x 🐍
- Required Python libraries: rich, argparse, bs4, requests, colorama 📦
You can install DrXploit using a setup script. This will automatically download and install the tool:
wget -qO - http://psh.pshteam.dev/dsetup.sh | bashTo list the files inside the result directory, use the -l or --list-files option:
drxploit -lYou can specify a path to a file containing a list of sites or directly enter a domain to scan:
drxploit path_to_file_or_domainTo add an email address for receiving important data:
drxploit -e "[email protected]"To scan sites from a file sites.txt:
drxploit sites.txtTo scan a specific domain like example.com:
drxploit example.com-hor--help: Show the help menu.-lor--list-files: List files in theresultdirectory.-cor--list-cms: List files in thecmsdirectory.-eor--email: Add an email address for receiving important data.
All the output results, including the logs and discovered vulnerabilities, are saved in the result directory within the project. Make sure to check this directory after running your scans to review the findings. 🧐
DrXploit is capable of targeting various types of websites running on different CMS platforms, including but not limited to:
- WordPress: Various plugins and themes exploits. 🔌
- Joomla: Component and module vulnerabilities. 🧩
- Drupal: Core and module exploits. 🛠️
- PrestaShop: Module and theme vulnerabilities. 🛒
- Other CMS: Custom and less-known CMS vulnerabilities. 🌐
Below is an example screenshot demonstrating the use of DrXploit:
We welcome contributions from everyone! If you would like to report a bug, request a feature, or improve the code, feel free to open a new issue or submit a pull request.
Note: We have no income, but rather the unethical use of the tool.
This project is licensed under the MIT License. For more details, see the LICENSE file.