Categories: Kali Linux

Joomscan – OWASP Joomla Vulnerability Scanner Project

OWASP JoomScan is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis them. If you want to do a penetration test on a Joomla CMS, OWASP JoomScan is Your best shot ever! This Project is being faster than ever and updated with the latest Joomla vulnerabilities.

Installation

git clone https://github.com/rezasp/joomscan.git
cd joomscan
perl joomscan.p

Also Read CuckooDroid – Automated Android Malware Analysis with Cuckoo Sandbox

Joomscan Arguments

Usage: joomscan.pl [options]

--url | -u <URL>                |   The Joomla URL/domain to scan.
--enumerate-components | -ec    |   Try to enumerate components.

--cookie <String>               |   Set cookie.
--user-agent | -a <user-agent>  |   Use the specified User-Agent.
--random-agent | -r             |   Use a random User-Agent.
--timeout <time-out>            |   set timeout.
--about                         |   About Author
--update                        |   Update to the latest version.
--help | -h                     |   This help screen.
--version                       |   Output the current version and exit.

OWASP Joomscan Examples

Do default checks
perl joomscan.pl --url www.example.com
or
perl joomscan.pl -u www.example.com

Enumerate installed components
perl joomscan.pl --url www.example.com --enumerate-components
or
perl joomscan.pl -u www.example.com --ec

Set cookie
perl joomscan.pl --url www.example.com --cookie "test=demo;"

Set user-agent
perl joomscan.pl --url www.example.com --user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"
or
perl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"

Set random user-agent
perl joomscan.pl -u www.example.com --random-agent
or
perl joomscan.pl --url www.example.com -r

Update Joomscan
perl joomscan.pl --update

Video

 

R K

Recent Posts

How Does a Firewall Work Step by Step

How Does a Firewall Work Step by Step? What Is a Firewall and How Does…

9 hours ago

ROADTools: The Modern Azure AD Exploration Framework

ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…

4 days ago

How to Enumerate Microsoft 365 Groups Using PowerShell and Python

Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…

4 days ago

SeamlessPass: Using Kerberos Tickets to Access Microsoft 365

SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…

4 days ago

PPLBlade: Advanced Memory Dumping and Obfuscation Tool

PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…

5 days ago

HikPwn : Simple Scanner For Hikvision Devices With Basic Vulnerability Scanning

HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…

5 days ago