Security scanner tool for Plone CMS – https://github.com/unweb/plown
Plown has two modes: enumeration mode and brute force mode. In enumeration mode it tries to find usernames and identify if several known vulnerabilities exist. In brute force mode, it will try to authenticate to a Plone site using a specified list of users and passwords. Plone version enumeration is scheduled for the next release.
Plown has the following facilities and the release notice indicates that it is likely to be developed further:
- Username enumeration
- Multithreading password cracking.You can specify the login url (if different that login_form) and the number of threads (16 default)
- Known vulnerability enumeration, based on urls/objects exposed. If found vulnerable, the tool informs about the vulnerability and the url of the patch
- Version enumeration is planned, based on md5 hashes of static content (css, js)