Typo3Scan is an open source penetration testing tool to automate the process of detecting the Typo3 CMS and it's installed extensions. It also has a database with known vulnerabilities for core and extensions.
To learn more about the Typo3Scan scanner itself visit [https://github.com/whoot/Typo3Scan].
The typo3scan chart can be deployed via helm:
# Install HelmChart (use -n to configure another namespace)helm upgrade --install typo3scan secureCodeBox/typo3scan
The Typo3Scan targets are specified with the
-d parameter. The target should be a hostname, an IP address or an IP range.
Additional Typo3Scan scan features can be configured via the parameter attribute.
Some useful example parameters listed below:
--vuln: Check for extensions with known vulnerabilities only.
--timeout TIMEOUT: Request Timeout. Default: 10 seconds
--auth USER:PASS: Username and Password for HTTP Basic Authorization.
--cookie NAME=VALUE: Can be used for authenticiation based on cookies.
--agent USER-AGENT: Set custom User-Agent for requests.
--threads THREADS: The number of threads to use for enumerating extensions. Default: 5
--json: Output results to json file
--force: Force enumeration
--no-interaction: Do not ask any interactive question
# SPDX-FileCopyrightText: 2021 iteratec GmbH## SPDX-License-Identifier: Apache-2.0apiVersion: "execution.securecodebox.io/v1"kind: Scanmetadata: name: typo3scan-examplespec: scanType: "typo3scan" parameters: - "-d" - "https://www.typo3.example.com" # Change to the website you want to scan # Only show vulnerable extensions - "--vuln" # Set the number of threads to use for enumerating extensions at 10 - "--threads" - "10"