Typo3Scan is an open source penetration testing tool that I wrote to automate the process of detecting the Typo3 CMS and it's installed extensions. It also has a database with known vulnerabilities for core and extensions.
Typo3Scan does not exploit any vulnerabilities! It´s soley purpose was to enumerate version info and installed extensions in penetration tests ever since.
Preferably, you can download Type3Scan by cloning the Git repository:
git clone https://github.com/whoot/Typo3Scan.git
Typo3Scan works with Python 3 version 3.7 on Debian/Ubuntu and Windows platforms.
You can install all required packages with pip3:
pip install -r requirements.txt
To get a list of all options use:
python typo3scan.py -h
You can use Typo3Scan with domains:
python typo3scan.py -d DOMAIN [DOMAIN ...] [--vuln]
Or with a file with a list of domains:
python typo3scan.py -f FILE [--vuln]
python typo3scan.py -d http://dev001.vm-typo3.loc --vuln
Bug reports are welcome! Please report all bugs on the issue tracker.
I´m developing this in my spare time. If you like my work, please consider supporting my coffee consume:
Typo3Scan - Automatic Typo3 Enumeration Tool
Copyright (c) 2015-2020 Jan Rude
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/