# π‘οΈ DiscourseMap
<div align="center">
**Comprehensive security testing framework for Discourse forums**
[Features](#-features) β’ [Installation](#-installation) β’ [Usage](#-usage) β’ [Modules](#-modules) β’ [Contributing](#-contributing)
</div>
## π Overview
DiscourseMap is a comprehensive, modular security testing framework specifically designed for Discourse forum platforms. It combines Python-based scanning modules with Ruby exploit integration to provide thorough security assessments covering everything from basic information gathering to advanced vulnerability exploitation.
### π― Key Highlights
- **25+ Security Modules** covering all aspects of Discourse security
- **Ruby Exploit Integration** with 25+ CVE-specific exploits
- **Modular Architecture** for easy extension and customization
- **Comprehensive Coverage** from reconnaissance to exploitation
- **Professional Reporting** with detailed findings and recommendations
- **Active Development** with regular updates and new features
## π Features
### π Core Security Testing
| Category | Description | Modules |
|----------|-------------|----------|
| **Information Gathering** | Reconnaissance and fingerprinting | Info, Endpoint, User |
| **Vulnerability Assessment** | Core security testing | Vulnerability, CVE Exploits |
| **Authentication & Authorization** | Access control testing | Auth, Session Management |
| **Configuration Security** | Misconfigurations and hardening | Config, Network |
| **Cryptographic Analysis** | Crypto implementation testing | Crypto, SSL/TLS |
| **Plugin & Theme Security** | Extension security testing | Plugin, Theme Analysis |
### π οΈ Advanced Capabilities
- **Multi-Vector Testing**: Combines automated scanning with manual exploit techniques
- **CVE Database**: Integrated database of Discourse-specific vulnerabilities
- **Custom Payloads**: Sophisticated payload generation and testing
- **Evasion Techniques**: Advanced methods to bypass security controls
- **Real-time Analysis**: Live vulnerability detection and exploitation
- **Detailed Reporting**: Comprehensive reports with remediation guidance
## π¦ Installation
### π Quick Install (Recommended)
```bash
# Install from PyPI - Simple and fast!
pip install discoursemap
# Verify installation
discoursemap --help
# Start scanning immediately
discoursemap -u https://forum.example.com
```
### π¦ Alternative Installation Methods
```bash
# Install with pipx for isolated environment
pipx install discoursemap
# Install specific version
pip install discoursemap==1.1.0
# Upgrade to latest version
pip install --upgrade discoursemap
```
### Prerequisites
```bash
# System Requirements
- Python 3.8 or higher
- Ruby 2.7 or higher
- Git
- Internet connection for dependency installation
```
### π§ Manual Installation
```bash
# Clone the repository
git clone https://github.com/ibrahmsql/discoursemap.git
cd discoursemap
# Install Python dependencies
pip3 install -r requirements.txt
# Install Ruby dependencies
bundle install
# Make scripts executable
chmod +x discoursemap/scanner.py
chmod +x ruby_exploit_runner.rb
# Verify installation
python3 discoursemap/scanner.py --help
```
### Docker Installation
```bash
# Build Docker image
docker build -t discoursemap .
# Run scanner with Docker
docker run --rm -v $(pwd)/reports:/app/reports discoursemap \
python3 main.py -u https://target-forum.com --modules info
# Using Docker Compose
docker-compose build
docker-compose run --rm discoursemap \
python3 main.py -u https://target-forum.com --modules info,vuln
# Interactive mode
docker run -it --rm discoursemap bash
```
### Development Setup
```bash
# Install development dependencies
pip3 install -r requirements-dev.txt
# Install pre-commit hooks
pre-commit install
# Run tests
python3 -m pytest tests/
```
## π― Usage
### Basic Scanning
```bash
# Basic security scan
python3 discoursemap/scanner.py -u https://discourse.example.com
# Scan with specific modules
python3 discoursemap/scanner.py -u https://discourse.example.com -m info,vulnerability,auth
# Aggressive scan with all modules
python3 discoursemap/scanner.py -u https://discourse.example.com --aggressive
# Scan with custom output
python3 discoursemap/scanner.py -u https://discourse.example.com -o results.json
```
### Advanced Options
```bash
# Scan with authentication
python3 discoursemap/scanner.py -u https://discourse.example.com \
--username admin --password secretpass
# Scan with proxy
python3 discoursemap/scanner.py -u https://discourse.example.com \
--proxy http://127.0.0.1:8080
# Scan with custom headers
python3 discoursemap/scanner.py -u https://discourse.example.com \
--headers "X-Forwarded-For: 127.0.0.1" "User-Agent: CustomBot/1.0"
# Stealth mode with delays
python3 discoursemap/scanner.py -u https://discourse.example.com \
--delay 2 --random-delay
```
### Ruby Exploit Integration
```bash
# Run specific CVE exploits
python3 discoursemap/modules/cve_exploit_module.py \
--target https://discourse.example.com \
--cve CVE-2021-41163
# Run all Ruby exploits
ruby ruby_exploit_runner.rb https://discourse.example.com
# Run exploits with custom parameters
ruby ruby_exploit_runner.rb https://discourse.example.com \
--timeout 30 --threads 5
```
## 𧩠Modules
### π Information Gathering
#### Info Module (`info_module.py`)
- **Server Information**: Version detection, technology stack
- **Configuration Discovery**: Settings, features, plugins
- **User Enumeration**: Active users, administrators, moderators
- **Content Analysis**: Categories, topics, sensitive information
#### Endpoint Module (`endpoint_module.py`)
- **Directory Discovery**: Hidden paths, admin panels, API endpoints
- **File Discovery**: Backup files, configuration files, logs
- **API Enumeration**: REST endpoints, GraphQL schemas
- **Subdomain Discovery**: Related domains and services
### π‘οΈ Security Testing
#### Vulnerability Module (`vulnerability_module.py`)
- **Injection Attacks**: SQL, NoSQL, LDAP, Command injection
- **Cross-Site Scripting**: Reflected, Stored, DOM-based XSS
- **Cross-Site Request Forgery**: CSRF token analysis
- **Server-Side Request Forgery**: SSRF testing
- **XML External Entity**: XXE vulnerability testing
- **Insecure Deserialization**: Object injection attacks
#### Auth Module (`auth_module.py`)
- **Authentication Bypass**: Login bypass techniques
- **Privilege Escalation**: Horizontal and vertical escalation
- **Session Management**: Session fixation, hijacking
- **Password Policy**: Weak password detection
- **Account Lockout**: Brute force protection testing
- **OAuth/SSO Security**: Third-party authentication flaws
### π Cryptographic Security
#### Crypto Module (`crypto_module.py`)
- **Weak Hashing**: MD5, SHA1 detection
- **Weak Encryption**: DES, RC4, ECB mode detection
- **JWT Vulnerabilities**: Algorithm confusion, weak secrets
- **Session Security**: Cookie analysis, CSRF tokens
- **Key Exposure**: Private key leakage
- **Timing Attacks**: Cryptographic timing vulnerabilities
### π Network & Infrastructure
#### Network Module (`network_module.py`)
- **Port Scanning**: Service discovery
- **SSL/TLS Analysis**: Certificate validation, cipher analysis
- **DNS Analysis**: Zone transfers, subdomain enumeration
- **CDN Detection**: Content delivery network analysis
- **Firewall Detection**: Security control identification
- **Load Balancer Analysis**: Infrastructure mapping
#### Config Module (`config_module.py`)
- **Configuration Files**: Exposed settings, backups
- **Debug Information**: Error messages, stack traces
- **Security Headers**: HSTS, CSP, X-Frame-Options
- **CORS Misconfiguration**: Cross-origin policy flaws
- **Default Credentials**: Common username/password combinations
- **Environment Variables**: Sensitive data exposure
### π Plugin & Theme Security
#### Plugin Module (`plugin_module.py`)
- **Plugin Discovery**: Installed plugins and themes
- **Vulnerability Testing**: Plugin-specific security flaws
- **Outdated Components**: Version analysis
- **Dangerous Permissions**: Excessive privileges
- **File Access**: Unauthorized file operations
- **Theme Injection**: Template injection vulnerabilities
### π― User & Content Security
#### User Module (`user_module.py`)
- **User Enumeration**: Username discovery techniques
- **Profile Analysis**: Sensitive information exposure
- **Permission Testing**: Access control verification
- **Social Engineering**: Information gathering
- **Account Takeover**: Session and credential attacks
## π₯ Ruby Exploit Collection
### Critical CVEs (CVSS 9.0+)
| CVE | Description | CVSS | Module |
|-----|-------------|------|--------|
| **CVE-2019-11479** | SQL Injection in search | 9.8 | `CVE-2019-11479.rb` |
| **CVE-2021-41163** | RCE via theme import | 9.8 | `CVE-2021-41163.rb` |
| **CVE-2023-49103** | Admin panel auth bypass | 9.1 | `CVE-2023-49103.rb` |
| **CVE-2024-28084** | File upload RCE | 9.8 | `CVE-2024-28084.rb` |
| **CVE-2024-42364** | SQL injection via search | 9.3 | `CVE-2024-42364.rb` |
### High Severity (CVSS 7.0-8.9)
| CVE | Description | CVSS | Module |
|-----|-------------|------|--------|
| **CVE-2022-31053** | SSRF via onebox preview | 8.6 | `CVE-2022-31053.rb` |
| **CVE-2024-35198** | Server-side template injection | 8.8 | `CVE-2024-35198.rb` |
| **CVE-2023-37467** | CSP nonce reuse XSS | 7.5 | `discourse_cve_exploits.rb` |
### General Vulnerability Categories
- **XSS Exploits** (`discourse_xss.rb`) - Multiple XSS vectors
- **SSRF Exploits** (`discourse_ssrf.rb`) - Server-side request forgery
- **RCE Exploits** (`discourse_rce.rb`) - Remote code execution
- **SQL Injection** (`discourse_sqli.rb`) - Database injection attacks
- **Auth Bypass** (`discourse_auth_bypass.rb`) - Authentication bypass
- **File Upload** (`discourse_file_upload.rb`) - File upload vulnerabilities
- **Info Disclosure** (`discourse_info_disclosure.rb`) - Information leakage
- **CSRF Attacks** (`discourse_csrf.rb`) - Cross-site request forgery
- **XXE Attacks** (`discourse_xxe.rb`) - XML external entity
- **Plugin Exploits** (`discourse_plugin_exploits.rb`) - Plugin vulnerabilities
## π Sample Output
```
π‘οΈ DiscourseMap v2.0
π― Target: https://discourse.example.com
β° Started: 2024-12-20 10:30:15
[INFO] Starting comprehensive security scan...
[INFO] Modules loaded: info, endpoint, vulnerability, auth, crypto
π Information Gathering
βββ [β] Server: Discourse 3.1.2 (Ruby 3.0.4)
βββ [β] Plugins: 12 installed (3 outdated)
βββ [β οΈ] Admin users: 2 discovered
βββ [β] Categories: 15 public, 3 restricted
π Endpoint Discovery
βββ [β] Admin panel: /admin (protected)
βββ [β οΈ] Debug endpoint: /debug (exposed)
βββ [β] API endpoints: 45 discovered
βββ [β] Backup files: config.bak found
π‘οΈ Vulnerability Assessment
βββ [β] SQL Injection: 2 vulnerabilities found
βββ [β οΈ] XSS: 1 stored XSS in user profiles
βββ [β] CSRF: Missing tokens on 3 endpoints
βββ [β] File upload: Properly restricted
π Authentication & Authorization
βββ [β] Default credentials: admin/admin works
βββ [β οΈ] Session management: No timeout configured
βββ [β] Password policy: Strong requirements
βββ [β] Privilege escalation: Role manipulation possible
π Cryptographic Security
βββ [β οΈ] Weak hashing: MD5 found in password reset
βββ [β] SSL/TLS: Properly configured
βββ [β] JWT: Algorithm confusion vulnerability
βββ [β οΈ] Session cookies: Missing secure flag
π Scan Summary
βββ π΄ Critical: 3 vulnerabilities
βββ π‘ High: 5 vulnerabilities
βββ π Medium: 8 vulnerabilities
βββ π’ Low: 12 vulnerabilities
πΎ Report saved: discourse_scan_20241220_103015.json
β±οΈ Scan completed in 4m 32s
```
## π Configuration
### Configuration File (`config.yaml`)
```yaml
# DiscourseMap Configuration
# Target Configuration
target:
url: "https://discourse.example.com"
timeout: 30
retries: 3
verify_ssl: true
# Authentication
auth:
username: ""
password: ""
api_key: ""
session_cookie: ""
# Scanning Options
scan:
modules:
- info
- endpoint
- vulnerability
- auth
- crypto
- network
- config
- plugin
- user
aggressive: false
delay: 1
random_delay: true
threads: 5
# Proxy Configuration
proxy:
http: ""
https: ""
socks: ""
# Output Configuration
output:
format: "json" # json, xml, html, pdf
file: "scan_results.json"
verbose: true
colors: true
# Ruby Exploit Configuration
ruby_exploits:
enabled: true
timeout: 60
max_threads: 3
cve_filter: [] # Empty = all CVEs
# Reporting
reporting:
include_screenshots: false
include_payloads: true
risk_scoring: true
compliance_mapping: true
```
### Environment Variables
```bash
# Set environment variables for sensitive data
export DISCOURSE_USERNAME="admin"
export DISCOURSE_PASSWORD="secretpass"
export DISCOURSE_API_KEY="your-api-key"
export PROXY_URL="http://127.0.0.1:8080"
```
## π§ Development
### Project Structure
```
discoursemap/
βββ discoursemap/
β βββ modules/
β β βββ __init__.py
β β βββ info_module.py
β β βββ endpoint_module.py
β β βββ vulnerability_module.py
β β βββ auth_module.py
β β βββ crypto_module.py
β β βββ network_module.py
β β βββ config_module.py
β β βββ plugin_module.py
β β βββ user_module.py
β β βββ cve_exploit_module.py
β β βββ utils.py
β βββ scanner.py
βββ ruby_exploits/
β βββ CVE-2019-11479.rb
β βββ CVE-2021-41163.rb
β βββ CVE-2022-31053.rb
β βββ CVE-2023-49103.rb
β βββ CVE-2024-28084.rb
β βββ CVE-2024-35198.rb
β βββ CVE-2024-42364.rb
β βββ discourse_xss.rb
β βββ discourse_ssrf.rb
β βββ discourse_rce.rb
β βββ discourse_sqli.rb
β βββ discourse_auth_bypass.rb
β βββ discourse_file_upload.rb
β βββ discourse_info_disclosure.rb
β βββ discourse_csrf.rb
β βββ discourse_xxe.rb
β βββ discourse_plugin_exploits.rb
β βββ discourse_cve_exploits.rb
β βββ discourse_file_upload_exploits.rb
β βββ discourse_api_exploits.rb
β βββ discourse_privilege_escalation.rb
βββ tests/
β βββ test_modules.py
β βββ test_exploits.py
β βββ test_integration.py
βββ docs/
β βββ API.md
β βββ MODULES.md
β βββ EXPLOITS.md
βββ requirements.txt
βββ requirements-dev.txt
βββ Gemfile
βββ Dockerfile
βββ config.yaml.example
βββ TODO.md
βββ README.md
```
### Adding New Modules
```python
# Example: Creating a new module
class CustomModule:
def __init__(self, scanner):
self.scanner = scanner
self.results = {
'module_name': 'Custom Security Testing',
'target': scanner.target_url,
'vulnerabilities': []
}
def run_scan(self):
"""Main scanning logic"""
print(f"[*] Running custom security tests...")
# Your testing logic here
self._test_custom_vulnerability()
return self.results
def _test_custom_vulnerability(self):
"""Test for custom vulnerability"""
# Implementation here
pass
```
### Adding Ruby Exploits
```ruby
# Example: Creating a new Ruby exploit
class CustomExploit
def initialize(target_url)
@target_url = target_url
@results = []
end
def run_exploit
puts "[*] Testing custom vulnerability..."
# Your exploit logic here
test_custom_vulnerability
@results
end
private
def test_custom_vulnerability
# Implementation here
end
end
```
## π§ͺ Testing
### Running Tests
```bash
# Run all tests
python3 -m pytest tests/ -v
# Run specific test categories
python3 -m pytest tests/test_modules.py -v
python3 -m pytest tests/test_exploits.py -v
# Run with coverage
python3 -m pytest tests/ --cov=discoursemap --cov-report=html
# Run integration tests
python3 -m pytest tests/test_integration.py -v --slow
```
### Test Environment Setup
```bash
# Set up test Discourse instance
docker run -d --name discourse-test \
-p 8080:80 \
discourse/discourse:latest
# Run tests against test instance
python3 discoursemap/scanner.py -u http://localhost:8080 --test-mode
```
## π Documentation
- **[API Reference](docs/API.md)** - Complete API documentation
- **[Module Guide](docs/MODULES.md)** - Detailed module documentation
- **[Exploit Guide](docs/EXPLOITS.md)** - Ruby exploit documentation
- **[Contributing Guide](CONTRIBUTING.md)** - How to contribute
- **[Security Policy](SECURITY.md)** - Responsible disclosure
- **[Changelog](CHANGELOG.md)** - Version history
## π€ Contributing
We welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details.
### Quick Start for Contributors
1. **Fork** the repository
2. **Create** a feature branch (`git checkout -b feature/amazing-feature`)
3. **Commit** your changes (`git commit -m 'Add amazing feature'`)
4. **Push** to the branch (`git push origin feature/amazing-feature`)
5. **Open** a Pull Request
### Areas for Contribution
- π **Bug fixes** and improvements
- π **New security modules** and tests
- π **Ruby exploit modules** for new CVEs
- π **Documentation** improvements
- π§ͺ **Test coverage** expansion
- π¨ **UI/UX** enhancements
- π§ **Performance** optimizations
## π License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## β οΈ Disclaimer
**IMPORTANT**: This tool is for educational and authorized security testing purposes only. Users are responsible for ensuring they have proper authorization before testing any systems. The developers assume no liability for misuse of this tool.
### Responsible Use Guidelines
- β
**Only test systems you own or have explicit permission to test**
- β
**Follow responsible disclosure practices**
- β
**Respect rate limits and avoid DoS conditions**
- β
**Use in compliance with local laws and regulations**
- β **Do not use for malicious purposes**
- β **Do not test systems without authorization**
## π Acknowledgments
- **Discourse Team** for creating an amazing platform
- **Security Researchers** who discovered and reported vulnerabilities
- **Open Source Community** for tools and libraries used
- **Contributors** who help improve this project
## π Support & Contact
- π **Bug Reports**: [GitHub Issues](https://github.com/ibrahmsql/discoursemap/issues)
- π‘ **Feature Requests**: [GitHub Discussions](https://github.com/ibrahmsql/discoursemap/discussions)
- π **Security Issues**: ibrahimsql@proton.me
- π§ **Email**: ibrahimsql@proton.me
---
<div align="center">
**Made with β€οΈ by Δ°brahimsql**
[](https://github.com/ibrahmsql/discoursemap/stargazers)
[](https://github.com/ibrahmsql/discoursemap/network/members)
[](https://github.com/ibrahmsql/discoursemap/issues)
[](https://github.com/ibrahmsql/discoursemap/pulls)
</div>
Raw data
{
"_id": null,
"home_page": null,
"name": "discoursemap",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": "ibrahimsql <ibrahimsql@proton.me>",
"keywords": "discourse, security, scanner, penetration-testing, vulnerability-scanner, cybersecurity",
"author": null,
"author_email": "ibrahimsql <ibrahimsql@proton.me>",
"download_url": null,
"platform": null,
"description": "# \ud83d\udee1\ufe0f DiscourseMap\n\n<div align=\"center\">\n\n\n\n\n\n\n\n**Comprehensive security testing framework for Discourse forums**\n\n[Features](#-features) \u2022 [Installation](#-installation) \u2022 [Usage](#-usage) \u2022 [Modules](#-modules) \u2022 [Contributing](#-contributing)\n\n</div>\n\n## \ud83d\udccb Overview\n\nDiscourseMap is a comprehensive, modular security testing framework specifically designed for Discourse forum platforms. It combines Python-based scanning modules with Ruby exploit integration to provide thorough security assessments covering everything from basic information gathering to advanced vulnerability exploitation.\n\n### \ud83c\udfaf Key Highlights\n\n- **25+ Security Modules** covering all aspects of Discourse security\n- **Ruby Exploit Integration** with 25+ CVE-specific exploits\n- **Modular Architecture** for easy extension and customization\n- **Comprehensive Coverage** from reconnaissance to exploitation\n- **Professional Reporting** with detailed findings and recommendations\n- **Active Development** with regular updates and new features\n\n## \ud83d\ude80 Features\n\n### \ud83d\udd0d Core Security Testing\n\n| Category | Description | Modules |\n|----------|-------------|----------|\n| **Information Gathering** | Reconnaissance and fingerprinting | Info, Endpoint, User |\n| **Vulnerability Assessment** | Core security testing | Vulnerability, CVE Exploits |\n| **Authentication & Authorization** | Access control testing | Auth, Session Management |\n| **Configuration Security** | Misconfigurations and hardening | Config, Network |\n| **Cryptographic Analysis** | Crypto implementation testing | Crypto, SSL/TLS |\n| **Plugin & Theme Security** | Extension security testing | Plugin, Theme Analysis |\n\n### \ud83d\udee0\ufe0f Advanced Capabilities\n\n- **Multi-Vector Testing**: Combines automated scanning with manual exploit techniques\n- **CVE Database**: Integrated database of Discourse-specific vulnerabilities\n- **Custom Payloads**: Sophisticated payload generation and testing\n- **Evasion Techniques**: Advanced methods to bypass security controls\n- **Real-time Analysis**: Live vulnerability detection and exploitation\n- **Detailed Reporting**: Comprehensive reports with remediation guidance\n\n## \ud83d\udce6 Installation\n\n### \ud83d\ude80 Quick Install (Recommended)\n```bash\n# Install from PyPI - Simple and fast!\npip install discoursemap\n\n# Verify installation\ndiscoursemap --help\n\n# Start scanning immediately\ndiscoursemap -u https://forum.example.com\n```\n\n### \ud83d\udce6 Alternative Installation Methods\n```bash\n# Install with pipx for isolated environment\npipx install discoursemap\n\n# Install specific version\npip install discoursemap==1.1.0\n\n# Upgrade to latest version\npip install --upgrade discoursemap\n```\n\n### Prerequisites\n\n```bash\n# System Requirements\n- Python 3.8 or higher\n- Ruby 2.7 or higher\n- Git\n- Internet connection for dependency installation\n```\n\n### \ud83d\udd27 Manual Installation\n\n```bash\n# Clone the repository\ngit clone https://github.com/ibrahmsql/discoursemap.git\ncd discoursemap\n\n# Install Python dependencies\npip3 install -r requirements.txt\n\n# Install Ruby dependencies\nbundle install\n\n# Make scripts executable\nchmod +x discoursemap/scanner.py\nchmod +x ruby_exploit_runner.rb\n\n# Verify installation\npython3 discoursemap/scanner.py --help\n```\n\n### Docker Installation\n\n```bash\n# Build Docker image\ndocker build -t discoursemap .\n\n# Run scanner with Docker\ndocker run --rm -v $(pwd)/reports:/app/reports discoursemap \\\n python3 main.py -u https://target-forum.com --modules info\n\n# Using Docker Compose\ndocker-compose build\ndocker-compose run --rm discoursemap \\\n python3 main.py -u https://target-forum.com --modules info,vuln\n\n# Interactive mode\ndocker run -it --rm discoursemap bash\n```\n\n### Development Setup\n\n```bash\n# Install development dependencies\npip3 install -r requirements-dev.txt\n\n# Install pre-commit hooks\npre-commit install\n\n# Run tests\npython3 -m pytest tests/\n```\n\n## \ud83c\udfaf Usage\n\n### Basic Scanning\n\n```bash\n# Basic security scan\npython3 discoursemap/scanner.py -u https://discourse.example.com\n\n# Scan with specific modules\npython3 discoursemap/scanner.py -u https://discourse.example.com -m info,vulnerability,auth\n\n# Aggressive scan with all modules\npython3 discoursemap/scanner.py -u https://discourse.example.com --aggressive\n\n# Scan with custom output\npython3 discoursemap/scanner.py -u https://discourse.example.com -o results.json\n```\n\n### Advanced Options\n\n```bash\n# Scan with authentication\npython3 discoursemap/scanner.py -u https://discourse.example.com \\\n --username admin --password secretpass\n\n# Scan with proxy\npython3 discoursemap/scanner.py -u https://discourse.example.com \\\n --proxy http://127.0.0.1:8080\n\n# Scan with custom headers\npython3 discoursemap/scanner.py -u https://discourse.example.com \\\n --headers \"X-Forwarded-For: 127.0.0.1\" \"User-Agent: CustomBot/1.0\"\n\n# Stealth mode with delays\npython3 discoursemap/scanner.py -u https://discourse.example.com \\\n --delay 2 --random-delay\n```\n\n### Ruby Exploit Integration\n\n```bash\n# Run specific CVE exploits\npython3 discoursemap/modules/cve_exploit_module.py \\\n --target https://discourse.example.com \\\n --cve CVE-2021-41163\n\n# Run all Ruby exploits\nruby ruby_exploit_runner.rb https://discourse.example.com\n\n# Run exploits with custom parameters\nruby ruby_exploit_runner.rb https://discourse.example.com \\\n --timeout 30 --threads 5\n```\n\n## \ud83e\udde9 Modules\n\n### \ud83d\udd0d Information Gathering\n\n#### Info Module (`info_module.py`)\n- **Server Information**: Version detection, technology stack\n- **Configuration Discovery**: Settings, features, plugins\n- **User Enumeration**: Active users, administrators, moderators\n- **Content Analysis**: Categories, topics, sensitive information\n\n#### Endpoint Module (`endpoint_module.py`)\n- **Directory Discovery**: Hidden paths, admin panels, API endpoints\n- **File Discovery**: Backup files, configuration files, logs\n- **API Enumeration**: REST endpoints, GraphQL schemas\n- **Subdomain Discovery**: Related domains and services\n\n### \ud83d\udee1\ufe0f Security Testing\n\n#### Vulnerability Module (`vulnerability_module.py`)\n- **Injection Attacks**: SQL, NoSQL, LDAP, Command injection\n- **Cross-Site Scripting**: Reflected, Stored, DOM-based XSS\n- **Cross-Site Request Forgery**: CSRF token analysis\n- **Server-Side Request Forgery**: SSRF testing\n- **XML External Entity**: XXE vulnerability testing\n- **Insecure Deserialization**: Object injection attacks\n\n#### Auth Module (`auth_module.py`)\n- **Authentication Bypass**: Login bypass techniques\n- **Privilege Escalation**: Horizontal and vertical escalation\n- **Session Management**: Session fixation, hijacking\n- **Password Policy**: Weak password detection\n- **Account Lockout**: Brute force protection testing\n- **OAuth/SSO Security**: Third-party authentication flaws\n\n### \ud83d\udd10 Cryptographic Security\n\n#### Crypto Module (`crypto_module.py`)\n- **Weak Hashing**: MD5, SHA1 detection\n- **Weak Encryption**: DES, RC4, ECB mode detection\n- **JWT Vulnerabilities**: Algorithm confusion, weak secrets\n- **Session Security**: Cookie analysis, CSRF tokens\n- **Key Exposure**: Private key leakage\n- **Timing Attacks**: Cryptographic timing vulnerabilities\n\n### \ud83c\udf10 Network & Infrastructure\n\n#### Network Module (`network_module.py`)\n- **Port Scanning**: Service discovery\n- **SSL/TLS Analysis**: Certificate validation, cipher analysis\n- **DNS Analysis**: Zone transfers, subdomain enumeration\n- **CDN Detection**: Content delivery network analysis\n- **Firewall Detection**: Security control identification\n- **Load Balancer Analysis**: Infrastructure mapping\n\n#### Config Module (`config_module.py`)\n- **Configuration Files**: Exposed settings, backups\n- **Debug Information**: Error messages, stack traces\n- **Security Headers**: HSTS, CSP, X-Frame-Options\n- **CORS Misconfiguration**: Cross-origin policy flaws\n- **Default Credentials**: Common username/password combinations\n- **Environment Variables**: Sensitive data exposure\n\n### \ud83d\udd0c Plugin & Theme Security\n\n#### Plugin Module (`plugin_module.py`)\n- **Plugin Discovery**: Installed plugins and themes\n- **Vulnerability Testing**: Plugin-specific security flaws\n- **Outdated Components**: Version analysis\n- **Dangerous Permissions**: Excessive privileges\n- **File Access**: Unauthorized file operations\n- **Theme Injection**: Template injection vulnerabilities\n\n### \ud83c\udfaf User & Content Security\n\n#### User Module (`user_module.py`)\n- **User Enumeration**: Username discovery techniques\n- **Profile Analysis**: Sensitive information exposure\n- **Permission Testing**: Access control verification\n- **Social Engineering**: Information gathering\n- **Account Takeover**: Session and credential attacks\n\n## \ud83d\udd25 Ruby Exploit Collection\n\n### Critical CVEs (CVSS 9.0+)\n\n| CVE | Description | CVSS | Module |\n|-----|-------------|------|--------|\n| **CVE-2019-11479** | SQL Injection in search | 9.8 | `CVE-2019-11479.rb` |\n| **CVE-2021-41163** | RCE via theme import | 9.8 | `CVE-2021-41163.rb` |\n| **CVE-2023-49103** | Admin panel auth bypass | 9.1 | `CVE-2023-49103.rb` |\n| **CVE-2024-28084** | File upload RCE | 9.8 | `CVE-2024-28084.rb` |\n| **CVE-2024-42364** | SQL injection via search | 9.3 | `CVE-2024-42364.rb` |\n\n### High Severity (CVSS 7.0-8.9)\n\n| CVE | Description | CVSS | Module |\n|-----|-------------|------|--------|\n| **CVE-2022-31053** | SSRF via onebox preview | 8.6 | `CVE-2022-31053.rb` |\n| **CVE-2024-35198** | Server-side template injection | 8.8 | `CVE-2024-35198.rb` |\n| **CVE-2023-37467** | CSP nonce reuse XSS | 7.5 | `discourse_cve_exploits.rb` |\n\n### General Vulnerability Categories\n\n- **XSS Exploits** (`discourse_xss.rb`) - Multiple XSS vectors\n- **SSRF Exploits** (`discourse_ssrf.rb`) - Server-side request forgery\n- **RCE Exploits** (`discourse_rce.rb`) - Remote code execution\n- **SQL Injection** (`discourse_sqli.rb`) - Database injection attacks\n- **Auth Bypass** (`discourse_auth_bypass.rb`) - Authentication bypass\n- **File Upload** (`discourse_file_upload.rb`) - File upload vulnerabilities\n- **Info Disclosure** (`discourse_info_disclosure.rb`) - Information leakage\n- **CSRF Attacks** (`discourse_csrf.rb`) - Cross-site request forgery\n- **XXE Attacks** (`discourse_xxe.rb`) - XML external entity\n- **Plugin Exploits** (`discourse_plugin_exploits.rb`) - Plugin vulnerabilities\n\n## \ud83d\udcca Sample Output\n\n```\n\ud83d\udee1\ufe0f DiscourseMap v2.0\n\ud83c\udfaf Target: https://discourse.example.com\n\u23f0 Started: 2024-12-20 10:30:15\n\n[INFO] Starting comprehensive security scan...\n[INFO] Modules loaded: info, endpoint, vulnerability, auth, crypto\n\n\ud83d\udccb Information Gathering\n\u251c\u2500\u2500 [\u2713] Server: Discourse 3.1.2 (Ruby 3.0.4)\n\u251c\u2500\u2500 [\u2713] Plugins: 12 installed (3 outdated)\n\u251c\u2500\u2500 [\u26a0\ufe0f] Admin users: 2 discovered\n\u2514\u2500\u2500 [\u2713] Categories: 15 public, 3 restricted\n\n\ud83d\udd0d Endpoint Discovery\n\u251c\u2500\u2500 [\u2713] Admin panel: /admin (protected)\n\u251c\u2500\u2500 [\u26a0\ufe0f] Debug endpoint: /debug (exposed)\n\u251c\u2500\u2500 [\u2713] API endpoints: 45 discovered\n\u2514\u2500\u2500 [\u274c] Backup files: config.bak found\n\n\ud83d\udee1\ufe0f Vulnerability Assessment\n\u251c\u2500\u2500 [\u274c] SQL Injection: 2 vulnerabilities found\n\u251c\u2500\u2500 [\u26a0\ufe0f] XSS: 1 stored XSS in user profiles\n\u251c\u2500\u2500 [\u274c] CSRF: Missing tokens on 3 endpoints\n\u2514\u2500\u2500 [\u2713] File upload: Properly restricted\n\n\ud83d\udd10 Authentication & Authorization\n\u251c\u2500\u2500 [\u274c] Default credentials: admin/admin works\n\u251c\u2500\u2500 [\u26a0\ufe0f] Session management: No timeout configured\n\u251c\u2500\u2500 [\u2713] Password policy: Strong requirements\n\u2514\u2500\u2500 [\u274c] Privilege escalation: Role manipulation possible\n\n\ud83d\udd12 Cryptographic Security\n\u251c\u2500\u2500 [\u26a0\ufe0f] Weak hashing: MD5 found in password reset\n\u251c\u2500\u2500 [\u2713] SSL/TLS: Properly configured\n\u251c\u2500\u2500 [\u274c] JWT: Algorithm confusion vulnerability\n\u2514\u2500\u2500 [\u26a0\ufe0f] Session cookies: Missing secure flag\n\n\ud83d\udcc8 Scan Summary\n\u251c\u2500\u2500 \ud83d\udd34 Critical: 3 vulnerabilities\n\u251c\u2500\u2500 \ud83d\udfe1 High: 5 vulnerabilities \n\u251c\u2500\u2500 \ud83d\udfe0 Medium: 8 vulnerabilities\n\u2514\u2500\u2500 \ud83d\udfe2 Low: 12 vulnerabilities\n\n\ud83d\udcbe Report saved: discourse_scan_20241220_103015.json\n\u23f1\ufe0f Scan completed in 4m 32s\n```\n\n## \ud83d\udccb Configuration\n\n### Configuration File (`config.yaml`)\n\n```yaml\n# DiscourseMap Configuration\n\n# Target Configuration\ntarget:\n url: \"https://discourse.example.com\"\n timeout: 30\n retries: 3\n verify_ssl: true\n\n# Authentication\nauth:\n username: \"\"\n password: \"\"\n api_key: \"\"\n session_cookie: \"\"\n\n# Scanning Options\nscan:\n modules:\n - info\n - endpoint\n - vulnerability\n - auth\n - crypto\n - network\n - config\n - plugin\n - user\n \n aggressive: false\n delay: 1\n random_delay: true\n threads: 5\n\n# Proxy Configuration\nproxy:\n http: \"\"\n https: \"\"\n socks: \"\"\n\n# Output Configuration\noutput:\n format: \"json\" # json, xml, html, pdf\n file: \"scan_results.json\"\n verbose: true\n colors: true\n\n# Ruby Exploit Configuration\nruby_exploits:\n enabled: true\n timeout: 60\n max_threads: 3\n cve_filter: [] # Empty = all CVEs\n\n# Reporting\nreporting:\n include_screenshots: false\n include_payloads: true\n risk_scoring: true\n compliance_mapping: true\n```\n\n### Environment Variables\n\n```bash\n# Set environment variables for sensitive data\nexport DISCOURSE_USERNAME=\"admin\"\nexport DISCOURSE_PASSWORD=\"secretpass\"\nexport DISCOURSE_API_KEY=\"your-api-key\"\nexport PROXY_URL=\"http://127.0.0.1:8080\"\n```\n\n## \ud83d\udd27 Development\n\n### Project Structure\n\n```\ndiscoursemap/\n\u251c\u2500\u2500 discoursemap/\n\u2502 \u251c\u2500\u2500 modules/\n\u2502 \u2502 \u251c\u2500\u2500 __init__.py\n\u2502 \u2502 \u251c\u2500\u2500 info_module.py\n\u2502 \u2502 \u251c\u2500\u2500 endpoint_module.py\n\u2502 \u2502 \u251c\u2500\u2500 vulnerability_module.py\n\u2502 \u2502 \u251c\u2500\u2500 auth_module.py\n\u2502 \u2502 \u251c\u2500\u2500 crypto_module.py\n\u2502 \u2502 \u251c\u2500\u2500 network_module.py\n\u2502 \u2502 \u251c\u2500\u2500 config_module.py\n\u2502 \u2502 \u251c\u2500\u2500 plugin_module.py\n\u2502 \u2502 \u251c\u2500\u2500 user_module.py\n\u2502 \u2502 \u251c\u2500\u2500 cve_exploit_module.py\n\u2502 \u2502 \u2514\u2500\u2500 utils.py\n\u2502 \u2514\u2500\u2500 scanner.py\n\u251c\u2500\u2500 ruby_exploits/\n\u2502 \u251c\u2500\u2500 CVE-2019-11479.rb\n\u2502 \u251c\u2500\u2500 CVE-2021-41163.rb\n\u2502 \u251c\u2500\u2500 CVE-2022-31053.rb\n\u2502 \u251c\u2500\u2500 CVE-2023-49103.rb\n\u2502 \u251c\u2500\u2500 CVE-2024-28084.rb\n\u2502 \u251c\u2500\u2500 CVE-2024-35198.rb\n\u2502 \u251c\u2500\u2500 CVE-2024-42364.rb\n\u2502 \u251c\u2500\u2500 discourse_xss.rb\n\u2502 \u251c\u2500\u2500 discourse_ssrf.rb\n\u2502 \u251c\u2500\u2500 discourse_rce.rb\n\u2502 \u251c\u2500\u2500 discourse_sqli.rb\n\u2502 \u251c\u2500\u2500 discourse_auth_bypass.rb\n\u2502 \u251c\u2500\u2500 discourse_file_upload.rb\n\u2502 \u251c\u2500\u2500 discourse_info_disclosure.rb\n\u2502 \u251c\u2500\u2500 discourse_csrf.rb\n\u2502 \u251c\u2500\u2500 discourse_xxe.rb\n\u2502 \u251c\u2500\u2500 discourse_plugin_exploits.rb\n\u2502 \u251c\u2500\u2500 discourse_cve_exploits.rb\n\u2502 \u251c\u2500\u2500 discourse_file_upload_exploits.rb\n\u2502 \u251c\u2500\u2500 discourse_api_exploits.rb\n\u2502 \u2514\u2500\u2500 discourse_privilege_escalation.rb\n\u251c\u2500\u2500 tests/\n\u2502 \u251c\u2500\u2500 test_modules.py\n\u2502 \u251c\u2500\u2500 test_exploits.py\n\u2502 \u2514\u2500\u2500 test_integration.py\n\u251c\u2500\u2500 docs/\n\u2502 \u251c\u2500\u2500 API.md\n\u2502 \u251c\u2500\u2500 MODULES.md\n\u2502 \u2514\u2500\u2500 EXPLOITS.md\n\u251c\u2500\u2500 requirements.txt\n\u251c\u2500\u2500 requirements-dev.txt\n\u251c\u2500\u2500 Gemfile\n\u251c\u2500\u2500 Dockerfile\n\u251c\u2500\u2500 config.yaml.example\n\u251c\u2500\u2500 TODO.md\n\u2514\u2500\u2500 README.md\n```\n\n### Adding New Modules\n\n```python\n# Example: Creating a new module\nclass CustomModule:\n def __init__(self, scanner):\n self.scanner = scanner\n self.results = {\n 'module_name': 'Custom Security Testing',\n 'target': scanner.target_url,\n 'vulnerabilities': []\n }\n \n def run_scan(self):\n \"\"\"Main scanning logic\"\"\"\n print(f\"[*] Running custom security tests...\")\n \n # Your testing logic here\n self._test_custom_vulnerability()\n \n return self.results\n \n def _test_custom_vulnerability(self):\n \"\"\"Test for custom vulnerability\"\"\"\n # Implementation here\n pass\n```\n\n### Adding Ruby Exploits\n\n```ruby\n# Example: Creating a new Ruby exploit\nclass CustomExploit\n def initialize(target_url)\n @target_url = target_url\n @results = []\n end\n \n def run_exploit\n puts \"[*] Testing custom vulnerability...\"\n \n # Your exploit logic here\n test_custom_vulnerability\n \n @results\n end\n \n private\n \n def test_custom_vulnerability\n # Implementation here\n end\nend\n```\n\n## \ud83e\uddea Testing\n\n### Running Tests\n\n```bash\n# Run all tests\npython3 -m pytest tests/ -v\n\n# Run specific test categories\npython3 -m pytest tests/test_modules.py -v\npython3 -m pytest tests/test_exploits.py -v\n\n# Run with coverage\npython3 -m pytest tests/ --cov=discoursemap --cov-report=html\n\n# Run integration tests\npython3 -m pytest tests/test_integration.py -v --slow\n```\n\n### Test Environment Setup\n\n```bash\n# Set up test Discourse instance\ndocker run -d --name discourse-test \\\n -p 8080:80 \\\n discourse/discourse:latest\n\n# Run tests against test instance\npython3 discoursemap/scanner.py -u http://localhost:8080 --test-mode\n```\n\n## \ud83d\udcda Documentation\n\n- **[API Reference](docs/API.md)** - Complete API documentation\n- **[Module Guide](docs/MODULES.md)** - Detailed module documentation\n- **[Exploit Guide](docs/EXPLOITS.md)** - Ruby exploit documentation\n- **[Contributing Guide](CONTRIBUTING.md)** - How to contribute\n- **[Security Policy](SECURITY.md)** - Responsible disclosure\n- **[Changelog](CHANGELOG.md)** - Version history\n\n## \ud83e\udd1d Contributing\n\nWe welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details.\n\n### Quick Start for Contributors\n\n1. **Fork** the repository\n2. **Create** a feature branch (`git checkout -b feature/amazing-feature`)\n3. **Commit** your changes (`git commit -m 'Add amazing feature'`)\n4. **Push** to the branch (`git push origin feature/amazing-feature`)\n5. **Open** a Pull Request\n\n### Areas for Contribution\n\n- \ud83d\udc1b **Bug fixes** and improvements\n- \ud83d\ude80 **New security modules** and tests\n- \ud83d\udc8e **Ruby exploit modules** for new CVEs\n- \ud83d\udcda **Documentation** improvements\n- \ud83e\uddea **Test coverage** expansion\n- \ud83c\udfa8 **UI/UX** enhancements\n- \ud83d\udd27 **Performance** optimizations\n\n## \ud83d\udcc4 License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## \u26a0\ufe0f Disclaimer\n\n**IMPORTANT**: This tool is for educational and authorized security testing purposes only. Users are responsible for ensuring they have proper authorization before testing any systems. The developers assume no liability for misuse of this tool.\n\n### Responsible Use Guidelines\n\n- \u2705 **Only test systems you own or have explicit permission to test**\n- \u2705 **Follow responsible disclosure practices**\n- \u2705 **Respect rate limits and avoid DoS conditions**\n- \u2705 **Use in compliance with local laws and regulations**\n- \u274c **Do not use for malicious purposes**\n- \u274c **Do not test systems without authorization**\n\n## \ud83d\ude4f Acknowledgments\n\n- **Discourse Team** for creating an amazing platform\n- **Security Researchers** who discovered and reported vulnerabilities\n- **Open Source Community** for tools and libraries used\n- **Contributors** who help improve this project\n\n## \ud83d\udcde Support & Contact\n\n- \ud83d\udc1b **Bug Reports**: [GitHub Issues](https://github.com/ibrahmsql/discoursemap/issues)\n- \ud83d\udca1 **Feature Requests**: [GitHub Discussions](https://github.com/ibrahmsql/discoursemap/discussions)\n- \ud83d\udd12 **Security Issues**: ibrahimsql@proton.me\n- \ud83d\udce7 **Email**: ibrahimsql@proton.me\n\n---\n\n<div align=\"center\">\n\n**Made with \u2764\ufe0f by \u0130brahimsql**\n\n[](https://github.com/ibrahmsql/discoursemap/stargazers)\n[](https://github.com/ibrahmsql/discoursemap/network/members)\n[](https://github.com/ibrahmsql/discoursemap/issues)\n[](https://github.com/ibrahmsql/discoursemap/pulls)\n\n</div>\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Discourse forum security scanner. Written for security professionals and forum administrators.",
"version": "1.2.0",
"project_urls": {
"Bug Reports": "https://github.com/ibrahmsql/discoursemap/issues",
"Documentation": "https://github.com/ibrahmsql/discoursemap#readme",
"Homepage": "https://github.com/ibrahmsql/discoursemap",
"Source": "https://github.com/ibrahmsql/discoursemap"
},
"split_keywords": [
"discourse",
" security",
" scanner",
" penetration-testing",
" vulnerability-scanner",
" cybersecurity"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "e6c0b8f89a15ab3392378226a1bbe77babe97a52d44115c6a39e083ed6ce95d1",
"md5": "845012cfe32ea6b391b6266a24103500",
"sha256": "1fb3389c8940610e7ec6b7a97ae3d055f92adee5dabbadec269720d68774468a"
},
"downloads": -1,
"filename": "discoursemap-1.2.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "845012cfe32ea6b391b6266a24103500",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 250978,
"upload_time": "2025-07-10T01:38:24",
"upload_time_iso_8601": "2025-07-10T01:38:24.308806Z",
"url": "https://files.pythonhosted.org/packages/e6/c0/b8f89a15ab3392378226a1bbe77babe97a52d44115c6a39e083ed6ce95d1/discoursemap-1.2.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-07-10 01:38:24",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "ibrahmsql",
"github_project": "discoursemap",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "PyYAML",
"specs": [
[
"==",
"6.0.2"
]
]
},
{
"name": "requests",
"specs": [
[
">=",
"2.28.0"
]
]
},
{
"name": "beautifulsoup4",
"specs": [
[
">=",
"4.11.0"
]
]
},
{
"name": "lxml",
"specs": [
[
">=",
"4.9.0"
]
]
},
{
"name": "colorama",
"specs": [
[
">=",
"0.4.5"
]
]
},
{
"name": "tqdm",
"specs": [
[
">=",
"4.64.0"
]
]
},
{
"name": "jinja2",
"specs": [
[
">=",
"3.1.0"
]
]
},
{
"name": "urllib3",
"specs": [
[
">=",
"1.26.0"
]
]
},
{
"name": "certifi",
"specs": [
[
">=",
"2022.0.0"
]
]
},
{
"name": "chardet",
"specs": [
[
">=",
"5.0.0"
]
]
},
{
"name": "idna",
"specs": [
[
">=",
"3.4"
]
]
},
{
"name": "pysocks",
"specs": [
[
">=",
"1.7.1"
]
]
},
{
"name": "cryptography",
"specs": [
[
">=",
"3.4.8"
]
]
},
{
"name": "pyopenssl",
"specs": [
[
">=",
"22.0.0"
]
]
},
{
"name": "pytest",
"specs": [
[
">=",
"7.0.0"
]
]
},
{
"name": "pytest-cov",
"specs": [
[
">=",
"4.0.0"
]
]
},
{
"name": "flake8",
"specs": [
[
">=",
"5.0.0"
]
]
},
{
"name": "black",
"specs": [
[
">=",
"22.0.0"
]
]
}
],
"lcname": "discoursemap"
}
JSON
