Categories: Kali Linux

Joomscan – OWASP Joomla Vulnerability Scanner Project

OWASP Joomla! Vulnerability Scanner  or JoomScan is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments.

Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system.

Furthermore, it provides a user-friendly interface and compiles the final reports in both text and HTML formats for ease of use and minimization of reporting overheads. It is included in Kali Linux distributions.

Also ReadHow Safe is to Use the Internet From Public WiFi?

Installation

git clone https://github.com/rezasp/joomscan.git
cd joomscan
perl joomscan.pl

ARGUMENTS

Usage: joomscan.pl [options]

--url | -u <URL>                |   The Joomla URL/domain to scan.
--enumerate-components | -ec    |   Try to enumerate components.

--cookie <String>               |   Set cookie.
--user-agent | -a <user-agent>  |   Use the specified User-Agent.
--random-agent | -r             |   Use a random User-Agent.
--timeout <time-out>            |   set timeout.
--about                         |   About Author
--update                        |   Update to the latest version.
--help | -h                     |   This help screen.
--version                       |   Output the current version and exit.

JOOMSCAN USAGE EXAMPLES

Do default checks…
perl joomscan.pl --url www.example.com
or
perl joomscan.pl -u www.example.com

Enumerate installed components…
perl joomscan.pl --url www.example.com --enumerate-components
or
perl joomscan.pl -u www.example.com --ec

Set cookie
perl joomscan.pl --url www.example.com --cookie "test=demo;"

Set user-agent
perl joomscan.pl --url www.example.com --user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"
or
perl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"

Set random user-agent
perl joomscan.pl -u www.example.com --random-agent
or
perl joomscan.pl --url www.example.com -r

Set proxy
perl joomscan.pl --url www.example.com --proxy http://127.0.0.1:8080
or
perl joomscan.pl -u www.example.com --proxy https://127.0.0.1:443

Update Joomscan…
perl joomscan.pl --update

Video

R K

Share
Published by
R K
Tags: JoomlaJoomscanowasp
6 years ago

Recent Posts

Burrow – Breaking Through Firewalls With Open Source Ingenuity

Burrow is an open source tool for burrowing through firewalls, built by teenagers at Hack Club.…

12 hours ago

Its-A-Trap : Building Secure Web Applications With A Golang Web Server For Authentication

Simple golang webserver that listens for basic auth or post requests and sends a notification…

12 hours ago

Nutek-Apple : Unleashing Power On macOS And Linux

Nutek Security Platform for macOS and Linux operating systems. Tools for hackers, bug hunters and…

12 hours ago

SecureSphere Labs – A Haven For Cybersecurity Innovators And Ethical Hackers

Welcome to SecureSphere Labs, your go-to destination for a curated collection of powerful hacking tools…

12 hours ago

Vulpes/VulpOS : The Docker-Powered All-in-One Workstation For Penetration Testing And Offsec Labs

All in one Docker-based workstation with hacking tools for Pentesting and offsec Labs by maintained…

13 hours ago

LiCo-Extrator : Revolutionizing Icon Extraction Across Platforms

Got it! Below is the updated README.md file with instructions for downloading the project on…

1 day ago