supersache/Typo-Enumerator

Enumerate Typo3 version and extensions

Typo3-Enumerator

Typo3-Enumerator is an open source penetration testing tool that automates the process of detecting the Typo3 CMS and it's installed extensions (also the outdated ones). If the --top parameter is set to a value, only the specified most downloaded extensions are tested.

It is possible to do all requests through the TOR Hidden Service network.

Installation

You can download the latest tarball by clicking here or latest zipball by clicking here.

Preferably, you can download Type-Enumerator by cloning the Git repository:

git clone https://github.com/whoot/Typo-Enumerator.git

Typo-Enumerator works with Python version 3.x on Debian/Ubuntu, RedHat and Windows platforms.

You might need to install following packages:

• Requests
• Colorama

You can install the packages with pip3 on Debian/Ubuntu and Windows:

pip3 install requests colorama

On Redhat you can install all needed packages with easy_install:

easy_install argparse
easy_install requests
easy_install colorama

If you want to use Typo-Enumerator with TOR, you need the SocksiPy module.

Usage

To get a list of all options use:

python3 typo3_enumerator.py -h

You can use Typo3-Enumerator with domains:

python3 typo3_enumerator.py -d DOMAIN [DOMAIN ...] [--top VALUE]

Or with a file with a list of domains:

python3 typo3_enumerator.py -f FILE [--top VALUE]

Example: Test if Typo3 and top 200 downloaded extensions are installed on 192.168.0.24:

python3 typo3_enumerator.py -d 192.168.0.24/testsite --top 200

Bug Reporting

Bug reports are welcome! Please report all bugs on the issue tracker.

Links

• Download: .tar.gz or .zip
• Changelog: Here
• TODO: Here
• Issue tracker: Here

License

Typo3 Enumerator - Automatic Typo3 Enumeration Tool

Copyright (c) 2015-2017 Jan Rude

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/