Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


Packaging status GitHub tag (latest SemVer) GitHub license Rawsec's CyberSecurity Inventory

Typo3Scan is an open source penetration testing tool that I wrote to automate the process of detecting the Typo3 CMS version and its installed extensions.
Useful parts of the official security advisories are stored in a database and compared with the identified versions. If vulnerabilities are known for the version in use, the corresponding advisory is displayed.

Typo3Scan does not exploit vulnerabilities! Its soley purpose was to enumerate version info and installed extensions in penetration tests ever since.

Typo3Scan is intended to be used for legal security purposes only, and you should only use it to test websites you own or have permission to test. Any other use is not the responsibility of the developer(s). Be sure that you understand and are complying with the laws in your area. In other words, don't be stupid, don't be an asshole, and use this tool responsibly and legally.


You can download the latest tarball by clicking here or latest zipball by clicking here.

Preferably, you can download Typo3Scan by cloning the repository:

git clone

Typo3Scan works with Python 3 version >= 3.7 on Debian/Ubuntu and Windows platforms.

You can install all required packages with pip3:

python3 -m pip install -r requirements.txt


To get a list of all options use:

python3 -h


python3 -d http://dev01.vm-typo3.loc/ --vuln

Bug Reporting / Support

Bug reports are welcome! Please report all bugs on the issue tracker.

I´m developing this in my spare time. If you like my work, please consider supporting my coffee consume:

Buy me a coffee



Typo3Scan - Automatic Typo3 Enumeration Tool

Copyright (c) 2015-2022 Jan Rude

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see