Skip to content

JavanXD/Typo3AccessChecker

master
Switch branches/tags
Code

Latest commit

Add Dockerfile for Docker Support (Possible CI/CD Implemetation)
f3547a5

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 

Typo3AccessChecker License: GPL v3 Twitter Follow

Check if TYPO3 security guidelines are followed. This tool scans if your typo3 instance is correctly secured by testing restrictions and permissions to important endpoints.

With great astonishment we had to find out while testing our tool that many of the Typo3 instances on the Internet have obviously skipped the step from the installation manual to secure them.

Installation

git clone https://github.com/JavanXD/Typo3AccessChecker.git
cd Typo3AccessChecker
python3 -m pip install requests progressbar

Docker Image

docker build -t typo3accesschecker:latest .

Usage

Start a Scan of https://typo3.org with the default checklist:

python3 check_axxess.py https://typo3.org checklist.txt

Start a Scan of https://typo3.org and use a proxy (e.g. OWASP ZAP/Burp/Fiddler). The proxy function helps you during a manual check by displaying the exact answer you received.

python3 check_axxess.py https://typo3.org checklist.txt --proxy localhost:8080  --verify False

List of possible arguments:

python3 check_axxess.py -h

To use the Docker Image

docker run --rm -e URL=URLofTYPO3 --name typo3accesschecker typo3accesschecker

Checklist

The checklist contains a default set of URLs that should be protected. You can expand the checklist by adding lines in the format https://my.domain/. Please do not replace my.domain with your real URL, this is done by the application using the host parameter that is passed on startup.

Contribute

Feel free to open issues / pull requests if you want to contribute to this project.