- Mailing Lists
- Contributors
- Odoo Vulnerability Scanner (Security) – Seeking Ideas & Feedback
Contributors mailing list archives
contributors@odoo-community.org
Browse archives
- By thread
-
By date
- March 2025 96
- February 2025 152
- January 2025 61
- December 2024 89
- November 2024 117
- October 2024 121
- September 2024 62
- August 2024 70
- July 2024 104
- June 2024 160
- May 2024 40
- April 2024 63
- March 2024 104
- February 2024 111
- January 2024 75
- December 2023 46
- November 2023 94
- October 2023 101
- September 2023 91
- August 2023 103
- July 2023 64
- June 2023 92
- May 2023 69
- April 2023 47
- March 2023 106
- February 2023 49
- January 2023 93
- December 2022 50
- November 2022 39
- October 2022 152
- September 2022 73
- August 2022 38
- July 2022 141
- June 2022 87
- May 2022 59
- April 2022 31
- March 2022 68
- February 2022 77
- January 2022 98
- December 2021 75
- November 2021 74
- October 2021 66
- September 2021 68
- August 2021 50
- July 2021 123
- June 2021 86
- May 2021 90
- April 2021 73
- March 2021 146
- February 2021 87
- January 2021 38
- December 2020 159
- November 2020 100
- October 2020 277
- September 2020 193
- August 2020 94
- July 2020 85
- June 2020 158
- May 2020 50
- April 2020 172
- March 2020 121
- February 2020 210
- January 2020 58
- December 2019 35
- November 2019 97
- October 2019 165
- September 2019 118
- August 2019 86
- July 2019 56
- June 2019 124
- May 2019 77
- April 2019 84
- March 2019 64
- February 2019 53
- January 2019 80
- December 2018 64
- November 2018 31
- October 2018 55
- September 2018 69
- August 2018 28
- July 2018 52
- June 2018 34
- May 2018 81
- April 2018 98
- March 2018 47
- February 2018 77
- January 2018 70
- December 2017 64
- November 2017 159
- October 2017 118
- September 2017 161
- August 2017 18
- July 2017 41
- June 2017 56
- May 2017 106
- April 2017 110
- March 2017 112
- February 2017 69
- January 2017 94
- December 2016 115
- November 2016 132
- October 2016 264
- September 2016 124
- August 2016 143
- July 2016 44
- June 2016 137
- May 2016 84
- April 2016 80
- March 2016 130
- February 2016 98
- January 2016 109
- December 2015 140
- November 2015 189
- October 2015 335
- September 2015 136
- August 2015 208
- July 2015 43
- June 2015 64
- May 2015 8
Odoo Vulnerability Scanner (Security) – Seeking Ideas & Feedback
by "Jerôme Dewandre" <jerome.dewandre.mail@gmail.com> - 28/03/2025 11:13:30Hello,
I’m working on OdooScan, a project inspired by WPScan, designed to identify design flaws and security misconfigurations in Odoo instances:
🔗 https://github.com/cyberwave-odoo/odooscan
I’m looking for guidance and ideas to make this project more fun, and engaging for security professionals.
Current Features & Areas for Improvement:
✔️ Detecting the installed Odoo version and related vulnerabilities
✔️ Identifying vulnerable installed modules
✔️ Username enumeration
✔️ Weak password detection via brute force
✔️ Publicly accessible config files and database dumps
✔️ Exposed error logs
✔️ Media file enumeration
✔️ Checking if Odoo-Cron is enabled
✔️ Detecting open user registration
Future Enhancements:
🚀 Static Code Analysis – Identify vulnerabilities in custom Odoo modules
🚀 API Fuzzing – Test the robustness of exposed APIs
I’d love to hear your thoughts on improving OdooScan! Any feedback, suggestions, or feature ideas would be greatly appreciated.
Looking forward to your insights!
Kind regards,
Jérôme