About discoursemap

DiscourseMap is a comprehensive security testing framework for Discourse forum platforms. Written for security professionals and forum administrators.

i

Published by

ibrahmsql

Visit View Profile

README.md

View on GitHub

DiscourseMap

Advanced Security Scanner for Discourse Forums

A comprehensive security assessment tool specifically designed for Discourse forum platforms, featuring 25+ specialized security modules with 100% reliability.

Features • Installation • Quick Start • Documentation • Contributing

🎯 Features

Core Capabilities

25 Security Modules - 100% success rate, optimized for speed
Comprehensive Scanning - CVE detection, plugin analysis, API testing
Performance Optimized - All modules complete within 60 seconds
Detailed Reporting - HTML, JSON, and CLI output formats
Production Ready - Battle-tested and reliable

Security Modules

🔍 Core Analysis

Info Scanner - Forum information gathering
Endpoint Discovery - API endpoint enumeration
User Enumeration - User account analysis
CVE Detection - Known vulnerability scanning
Plugin Analysis - Plugin detection and security testing

🛡️ Security Testing

Authentication Testing - Login security analysis
API Security - REST API vulnerability testing
Configuration Audit - Security misconfiguration detection
Crypto Analysis - Encryption and hashing review
Network Security - Network-level security checks

🎨 Discourse-Specific

Badge Security - Badge system vulnerability testing
Category Permissions - Access control analysis
Trust Level Testing - Trust level bypass detection
Rate Limiting - API rate limit testing
Session Security - Session management review
Admin Panel - Administrative interface testing
Webhook Security - Webhook configuration analysis
Email Security - Email-related vulnerability testing
Search Security - Search functionality testing
Cache Security - Cache misconfiguration detection

🚀 Advanced Features

WAF Bypass - Web Application Firewall evasion testing
Compliance Check - Security standard compliance verification

📦 Installation

Prerequisites

Python 3.8 or higher
pip (Python package manager)

Install via pip (Recommended)

# Install from PyPI
pip install discoursemap

# Or install with all optional dependencies
pip install discoursemap[all]

Install from Source

# Clone the repository
git clone https://github.com/ibrahmsql/discoursemap.git
cd discoursemap

# Install dependencies
pip install -r requirements.txt

# Install in development mode
pip install -e .

Install using pipx (Isolated Environment)

# Install pipx if not already installed
pip install pipx

# Install discoursemap
pipx install discoursemap

🚀 Quick Start

Basic Scan

# Scan a Discourse forum
discoursemap -u https://meta.discourse.org

# Scan specific modules
discoursemap -u https://forum.example.com -m cve,plugin,api

# Enable verbose output
discoursemap -u https://forum.example.com -v

# Synchronous scan (wait for completion)
discoursemap -u https://forum.example.com --sync

Advanced Usage

# Full security audit with all modules
discoursemap -u https://forum.example.com -m all --sync -v

# Output to HTML report
discoursemap -u https://forum.example.com -o report.html

# JSON output for automation
discoursemap -u https://forum.example.com -o results.json

# Custom timeout and threads
discoursemap -u https://forum.example.com --timeout 120 --threads 10

Available Modules

Module	Description	Speed
`info`	Forum information gathering	⚡ Fast
`cve`	CVE vulnerability detection	⚡ Fast
`plugin`	Plugin security analysis	⚡ Fast
`api`	API security testing	⚡ Fast
`auth`	Authentication testing	⚡ Fast
`badge`	Badge system security	🔄 Medium
`category`	Category permissions	🔄 Medium
`rate_limit`	Rate limiting tests	🔄 Medium
`waf_bypass`	WAF evasion testing	🔄 Medium
`all`	Run all 25 modules	🕐 Comprehensive

See full list: Run discoursemap --list-modules

📖 Documentation

Quick References

QUICKSTART.md - Get started in 5 minutes
MANUAL.md - Comprehensive usage guide
API Documentation - Python API reference

Configuration

Create a configuration file ~/.discoursemap/config.yaml:

# Global settings
timeout: 60
threads: 5
verbose: false

# Output settings
output_format: html
save_results: true

# Module settings
default_modules:
  - info
  - cve
  - plugin
  - api
  - auth

# Reporting
report:
  include_severity: true
  show_recommendations: true

🎯 Use Cases

Security Auditing

# Full security audit
discoursemap -u https://forum.example.com -m all --sync

CI/CD Integration

# Automated security checks
discoursemap -u $FORUM_URL -m cve,plugin -o results.json
if [ $? -ne 0 ]; then
  echo "Security issues found!"
  exit 1
fi

Bug Bounty Hunting

# Quick vulnerability scan
discoursemap -u https://target.com -m cve,plugin,waf_bypass -v

Compliance Testing

# Compliance check
discoursemap -u https://forum.example.com -m compliance,config,auth

📊 Performance

DiscourseMap has been optimized for speed and reliability:

Metric	Value
Total Modules	25
Success Rate	100%
Avg. Scan Time	< 60s (all modules)
Memory Usage	< 100MB
Concurrent Requests	Configurable (default: 5)

Module Performance (60s timeout)

✅ 22 modules: < 10s
✅ 3 modules: 40-60s (comprehensive tests)
✅ 0 failures, 0 timeouts

🤝 Contributing

We welcome contributions! Here's how you can help:

Reporting Issues

Pull Requests

Fork the repository
Create a feature branch (git checkout -b feature/amazing-feature)
Commit your changes (git commit -m 'Add amazing feature')
Push to branch (git push origin feature/amazing-feature)
Open a Pull Request

Development Setup

# Clone and setup dev environment
git clone https://github.com/ibrahmsql/discoursemap.git
cd discoursemap
pip install -r requirements-dev.txt

# Run tests
pytest

# Run linter
flake8 discoursemap/

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

Discourse team for creating an amazing platform
Security researchers and contributors
Open source community

📧 Contact

Author: @ibrahmsql
Email: [email protected]
Issues: GitHub Issues

⭐ Star this repo if you find it useful!

Made with ❤️ by @ibrahmsql

discoursemap