Typo3Scan is an open source penetration testing tool that I wrote to automate the process of detecting the Typo3 CMS and it's installed extensions. It also has a database with known vulnerabilities for core and extensions.
Typo3Scan does not exploit any vulnerabilities! It´s soley purpose was to enumerate version info and installed extensions in penetration tests ever since.
You can download the latest tarball by clicking here or latest zipball by clicking here.
Preferably, you can download Type3Scan by cloning the Git repository:
git clone https://github.com/whoot/Typo3Scan.git
Typo3Scan works with Python 3 version 3.7 on Debian/Ubuntu and Windows platforms.
You can install all required packages with pip3:
pip install -r requirements.txt
To get a list of all options use:
python typo3scan.py -h
You can use Typo3Scan with domains:
python typo3scan.py -d DOMAIN [DOMAIN ...] [--vuln]
Or with a file with a list of domains:
python typo3scan.py -f FILE [--vuln]
Example:
python typo3scan.py -d http://dev001.vm-typo3.loc --vuln
Bug reports are welcome! Please report all bugs on the issue tracker.
I´m developing this in my spare time. If you like my work, please consider supporting my coffee consume:
Typo3Scan - Automatic Typo3 Enumeration Tool
Copyright (c) 2015-2020 Jan Rude
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/