Skip to content

D35m0nd142/Joomla-Components-Exploits-Auto-Updating-Scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
COPYING.GPL
COPYING.GPL
 
 
README.md
README.md
 
 
Screenshot.JPG
Screenshot.JPG
 
 
joomscan.py
joomscan.py
 
 
socks.pyc
socks.pyc
 
 

Repository files navigation

Python 2.7.x GPLv3 License Twitter

Joomla! Components/Exploits Auto-Updating Scanner

alt tag

What is Joomla! Components/Exploits Auto-Updating Scanner?

This is a simple auto-updating Joomla! Plugins Scanner able to find installed components and relative exploits. It uses the csv file provided by the Exploit-DB team and an extra plugins' list from Metasploit, but it is totally independent from this last one.

Features

  • Automatic scanning for Joomla! components
  • Automatic retrieving of Joomla! exploits related to previously found components
  • Automatic components/exploits update and download (recommended)
  • It gives the user the chance to use a local file containing his favourite components to scan (read more in the section How to use it?)
  • Tor Proxy tunnel available

[FLOODING] If the target is protected by flooding requests the script won't be successful, clearly.

How to use it?

You simply run the script giving it the following parameters:

needed

optional

  • --tor_proxy: you can specify your TOR active proxy with syntax tor_address:tor_port
  • --no_update: using this option means that you don't want the tool to download updated components and exploits lists from the Web. If you select this option and you don't have the two files comptotest.txt and exp-db_files.csv in your directory, you will have to manually put in your script's directory the two mentioned files, where:

    • comptotest.txt = file containing Joomla! components you want to test
    • exp-db_files.csv = file containing Exploit-db exploits list used by the script to extract exploits related to the previously found components

I strongly recommend you to use this option only after having executed the script at least once, in order to have the two required files updated without you having to do anything . If it's been a long time since the last time you run the script and you want to be sure to be updated do not use this option, and files will be automatically updated.

Dependencies

  • Python 2.7.x
  • Python modules to install: termcolor, requests

Note: You could have not installed some of the required libraries but it will install them for you PROVIDED you run the script as root. Besides you need to install pip in order to get missing libraries quickly.

Disclaimer

I am not responsible for any kind of illegal acts you cause. This is meant to be used for ethical purposes by penetration testers. If you plan to copy, redistribute please give credits to the original author.

Video: Be patient..it will be available in a few days
Follow me: https://twitter.com/d35m0nd142

D35m0nd142

About

Auto Updater Joomla Components and Exploits Scanner

Resources

Readme

License

GPL-3.0 license
Activity

Stars

26 stars

Watchers

7 watching

Forks

19 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages