Plown is a security scanner for Plone CMS. Although Plone has the best security track record of any major CMS and is considered highly secure, misconfigurations and weak passwords might enable system break-ins. Plown has been developed to ease the discovery of usernames and passwords, and act as an assistant to system administrators to strengthen their Plone sites

Plown has two modes: enumeration mode and brute force mode. On enumeration mode it tries to find usernames and find out if several known vulnerabilities exist. On brute force mode, Plown will try to authenticate to a Plone site using a list of users and passwords specified, by connecting with multiple threads. By default 16 threads are started, with that number being configurable. Plone version enumeration is scheduled for the next release of Plown.

Download

Download Post in PDF Save Post as PDF