Categories: Kali Linux

Joomscan – OWASP Joomla Vulnerability Scanner Project

JoomScan or OWASP Joomla Vulnerability Scanner is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system. Furthermore, OWASP Joomla Vulnerability Scanner provides a user-friendly interface and compiles the final reports in both text and HTML formats for ease of use and minimization of reporting overheads.

OWASP Joomla Vulnerability Scanner is included in Kali Linux distributions.

Also Read WarChild – Denial Of Service Testing Suite Made For Analyzing

WHY OWASP JOOMSCAN ?

  • Version enumerator
  • Vulnerability enumerator (based on version)
  • Components enumerator (1209 most popular by default)
  • Components vulnerability enumerator (based on version)(+1030 exploit)
  • Firewall detector
  • Reporting to Text & HTML output
  • Finding common log files
  • Finding common backup files

Installation

git clone https://github.com/rezasp/joomscan.git
cd joomscan
perl joomscan.pl

ARGUMENTS

Usage: joomscan.pl [options]

--url | -u <URL>                |   The Joomla URL/domain to scan.
--enumerate-components | -ec    |   Try to enumerate components.

--cookie <String>               |   Set cookie.
--user-agent | -a <user-agent>  |   Use the specified User-Agent.
--random-agent | -r             |   Use a random User-Agent.
--timeout <time-out>            |   set timeout.
--about                         |   About Author
--update                        |   Update to the latest version.
--help | -h                     |   This help screen.
--version                       |   Output the current version and exit.

OWASP Joomla Vulnerability Scanner Usage Examples

Do default checks...
perl joomscan.pl --url www.example.com
or
perl joomscan.pl -u www.example.com
Enumerate installed components…
perl joomscan.pl --url www.example.com --enumerate-components
or
perl joomscan.pl -u www.example.com --ec
Set cookie
perl joomscan.pl --url www.example.com --cookie "test=demo;"
Set user-agent
perl joomscan.pl --url www.example.com --user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"
or
perl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"
Set random user-agent
perl joomscan.pl -u www.example.com --random-agent
or
perl joomscan.pl --url www.example.com -r
Update Joomscan…
perl joomscan.pl --update

OWASP Joomla Vulnerability Scanner Introduction

 

R K

Share
Published by
R K
Tags: cmsJoomlaJoomscanVulnerability Scanner
6 years ago

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

2 days ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

2 days ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

4 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

7 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago