-
Notifications
You must be signed in to change notification settings - Fork 242
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
OWASP JoomScan 0.0.1 - Reburn
- Loading branch information
Showing
52 changed files
with
3,083 additions
and
4,044 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
OWASP JoomScan 0.0.1 [Reborn] | ||
============ | ||
* Initial release |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,25 +1,103 @@ | ||
![Version 0.0.4](https://img.shields.io/badge/Version-0.0.4-green.svg) | ||
![Version 0.0.1](https://img.shields.io/badge/Version-0.0.1-green.svg) | ||
![perl](https://img.shields.io/badge/Perl-5.x-yellow.svg) | ||
[![GPLv3 License](https://img.shields.io/badge/License-GPLv3-red.svg)](https://github.com/rezasp/joomscan/blob/master/LICENSE) | ||
[![Twitter](https://img.shields.io/badge/Twitter-@OWASP_JoomScan-blue.svg)](http://www.twitter.com/OWASP_JoomScan) | ||
[![GPLv3 License](https://img.shields.io/badge/License-GPLv3-red.svg)](https://github.com/rezasp/joomscan/blob/master/LICENSE.md) | ||
[![Twitter](https://img.shields.io/badge/Twitter-@OWASP_JoomScan-blue.svg)](http://twitter.com/OWASP_JoomScan) | ||
[![Leader](https://img.shields.io/badge/Twitter-@rezesp-blue.svg)](http://www.twitter.com/rezesp) | ||
[![Leader](https://img.shields.io/badge/Twitter-@Ali_Razmjo0-blue.svg)](http://www.twitter.com/Ali_Razmjo0) | ||
|
||
|
||
WE ARE WORKING ON NEW RELEASE OF THIS PROJECT. NEW STRUCTURE WILL BE REPLACED SOON ! | ||
<img src="https://raw.githubusercontent.com/rezasp/Trash/master/joomscan.png" width="200"><img src="https://raw.githubusercontent.com/rezasp/Trash/master/owasp.png" width="500"> | ||
|
||
====== | ||
|
||
OWASP JoomScan Project | ||
====== | ||
|
||
OWASP JoomScan (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analyses them . | ||
OWASP JoomScan (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis them. | ||
|
||
### Why OWASP JoomScan ? | ||
### WHY OWASP JOOMSCAN ? | ||
|
||
If you want to do a penetration test on a Joomla CMS, OWASP JoomScan is Your best shot ever! | ||
If you want to do a penetration test on a Joomla CMS, OWASP JoomScan is Your best shot ever! | ||
This Project is being faster than ever and updated with the latest Joomla vulnerabilities. | ||
|
||
|
||
# INSTALL | ||
|
||
git clone https://github.com/rezasp/joomscan.git | ||
cd joomscan | ||
perl joomscan.pl | ||
|
||
|
||
# JOOMSCAN ARGUMENTS | ||
|
||
Usage: joomscan.pl [options] | ||
|
||
--url | -u <URL> | The Joomla URL/domain to scan. | ||
--enumerate-components | -ec | Try to enumerate components. | ||
|
||
--cookie <String> | Set cookie. | ||
--user-agent | -a <user-agent> | Use the specified User-Agent. | ||
--random-agent | -r | Use a random User-Agent. | ||
--timeout <time-out> | set timeout. | ||
--about | About Author | ||
--update | Update to the latest version. | ||
--help | -h | This help screen. | ||
--version | Output the current version and exit. | ||
|
||
|
||
# OWASP JOOMSCAN EXAMPLES | ||
|
||
Do default checks... | ||
```perl joomscan.pl --url www.example.com``` | ||
or | ||
```perl joomscan.pl -u www.example.com``` | ||
|
||
|
||
Enumerate installed components... | ||
```perl joomscan.pl --url www.example.com --enumerate-components``` | ||
or | ||
```perl joomscan.pl -u www.example.com --ec``` | ||
|
||
|
||
Set cookie | ||
```perl joomscan.pl --url www.example.com --cookie "test=demo;"``` | ||
|
||
|
||
Set user-agent | ||
```perl joomscan.pl --url www.example.com --user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"``` | ||
or | ||
```perl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"``` | ||
|
||
|
||
Set random user-agent | ||
```perl joomscan.pl -u www.example.com --random-agent``` | ||
or | ||
```perl joomscan.pl --url www.example.com -r``` | ||
|
||
|
||
Update Joomscan... | ||
```perl joomscan.pl --update``` | ||
|
||
|
||
# OWASP PAGE | ||
|
||
[https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project) | ||
|
||
# GIT REPOSITORY | ||
|
||
[https://github.com/rezasp/joomscan](https://github.com/rezasp/joomscan) | ||
|
||
# ISSUES | ||
|
||
[https://github.com/rezasp/joomscan/issues](https://github.com/rezasp/joomscan/joomscan) | ||
|
||
# PROJECT LEADERS | ||
|
||
* Mohammad Reza Espargham [ reza[dot]espargham[at]owasp[dot]org ] | ||
* Ali Razmjoo [ ali[dot]razmjoo[at]owasp[dot]org ] | ||
|
||
|
||
* Project Leader : [Mohammad Reza Espargham] (reza[dot]espargham[at]owasp[dot]org) | ||
* Github : https://github.com/rezasp/joomscan/ | ||
* OWASP Page : https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project | ||
<br><br> | ||
OWASP JoomScan 0.0.1 introduction (Youtube) | ||
|
||
[![OWASP JoomScan 0.0.1 introduction](https://img.youtube.com/vi/Ik2CJ9LkuoI/0.jpg)](https://www.youtube.com/watch?v=Ik2CJ9LkuoI) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
sub max { | ||
my $x = shift; | ||
my $y = shift; | ||
return ( $x > $y ? $x : $y ); | ||
} | ||
|
||
sub version_compare { | ||
my $ver1 = shift || 0; | ||
my $ver2 = shift || 0; | ||
my @v1 = split /[.+:~-]/, $ver1; | ||
my @v2 = split /[.+:~-]/, $ver2; | ||
|
||
for ( my $i = 0 ; $i < max( scalar(@v1), scalar(@v2) ) ; $i++ ) { | ||
|
||
# Add missing version parts if one string is shorter than the other | ||
# i.e. 0 should be lt 0.2.1 and not equal, so we append .0 | ||
# -> 0.0.0 <=> 0.2.1 -> -1 | ||
push( @v1, 0 ) unless defined( $v1[$i] ); | ||
push( @v2, 0 ) unless defined( $v2[$i] ); | ||
if ( int( $v1[$i] ) > int( $v2[$i] ) ) { | ||
return 1; | ||
} | ||
elsif ( int( $v1[$i] ) < int( $v2[$i] ) ) { | ||
return -1; | ||
} | ||
} | ||
return 0; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
#!/usr/bin/perl | ||
|
||
use Term::ANSIColor; | ||
|
||
print color("YELLOW"); | ||
print q{ | ||
____ _____ _____ __ __ ___ ___ __ _ _ | ||
(_ _)( _ )( _ )( \/ )/ __) / __) /__\ ( \( ) | ||
.-_)( )(_)( )(_)( ) ( \__ \( (__ /(__)\ ) ( | ||
\____) (_____)(_____)(_/\/\_)(___/ \___)(__)(__)(_)\_) | ||
}; | ||
print color("red") . "\t\t\t(1337.today)" . color("reset"); | ||
print " | ||
--=[". color("BLUE") . "OWASP JoomScan". color("reset") ." | ||
+---++---==[Version : " | ||
. color("red"). "$version\n". color("reset") . " +---++---==[Update Date : [". color("red") . "$update". color("reset") . "] | ||
+---++---==[Authors : ". color("red") . "$author". color("reset")." | ||
--=[Code name : ". color("red") . "$codename". color("reset")."\n \@OWASP_JoomScan , \@rezesp , \@Ali_Razmjo0 , \@OWASP\n\n"; | ||
|
||
if(!defined $ARGV[0]){ | ||
|
||
print color("cyan"); | ||
printf "\n Usage: | ||
joomscan.pl <target> | ||
joomscan.pl -u http://target.com/joomla | ||
Options: | ||
joomscan.pl --help\n\n"; | ||
print color("reset"); | ||
exit(1); | ||
} | ||
$cookie=1; | ||
#Start help Function | ||
sub help | ||
{ | ||
print color("cyan"); | ||
printf " | ||
Help : | ||
Usage: $0 [options] | ||
--url | -u <URL> | The Joomla URL/domain to scan. | ||
--enumerate-components | -ec | Try to enumerate components. | ||
--cookie <String> | Set cookie. | ||
--user-agent | -a <User-Agent> | Use the specified User-Agent. | ||
--random-agent | -r | Use a random User-Agent. | ||
--timeout <Time-Out> | Set timeout. | ||
--about | About Author | ||
--update | Update to the latest version. | ||
--help | -h | This help screen. | ||
--version | Output the current version and exit. | ||
"; | ||
print color("reset"); | ||
exit(1); | ||
} | ||
sub about | ||
{ | ||
print color("cyan"); | ||
printf " | ||
Author : $author | ||
Twitter : \@rezesp , \@Ali_Razmjo0 | ||
Git repository : https://github.com/rezasp/joomscan/ | ||
Issues : https://github.com/rezasp/joomscan/issues | ||
\n\n"; | ||
print color("reset"); | ||
exit(1); | ||
} | ||
sub update | ||
{ | ||
do "./core/update.pl"; | ||
print color("reset"); | ||
exit(1); | ||
} | ||
|
||
|
||
GetOptions( | ||
'help|h' => sub { help(0) }, | ||
'update' => sub { update(0) }, | ||
'about' => sub { about(0) }, | ||
'enumerate-components|ec' => sub { $components = 1 }, | ||
'random-agent|r' => sub { $randomagent = 1 }, | ||
'user-agent|a=s' => \$agent, | ||
'timeout=s' => \$timeout, | ||
'cookie=s' => \$cookie, | ||
'u|url=s' => \$target, | ||
'version' => sub { print "\n\nVersion : $version\n\n";exit; }, | ||
|
||
); | ||
if($target !~ /\./){exit 0;} | ||
if($target !~ /http/) { $target = "http://$target"; }; | ||
|
||
#End help Function |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
#!/usr/bin/perl | ||
|
||
use utf8; | ||
use open ':std', ':encoding(UTF-8)'; | ||
use Term::ANSIColor; | ||
|
||
my $can_regexp=1; | ||
eval "use Regexp::Common \"URI\""; | ||
if($@) { $can_regexp=0; } | ||
|
||
|
||
print color("blue"); | ||
|
||
$ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 }); | ||
$ua->protocols_allowed( [ 'http','https'] ); | ||
|
||
$timeout = $timeout || 60; | ||
$ua->timeout($timeout); | ||
|
||
@weekday = ("Sunday", "Monday", "Tuesday", "Wednesday", "thursday", "Friday", "Saturday"); | ||
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();; | ||
$year = $year + 1900; | ||
$mon += 1; | ||
$stime="$mday/$mon/$year $hour:$min:$sec $weekday[$wday]"; | ||
|
||
|
||
@uagnt=('Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5' | ||
,'Googlebot/2.1 ( http://www.googlebot.com/bot.html)' | ||
,'Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04 Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13' | ||
,'Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)' | ||
,'Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51' | ||
,'Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620' | ||
,'Debian APT-HTTP/1.3 (0.8.10.3)' | ||
,'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)' | ||
,'Googlebot/2.1 (+http://www.googlebot.com/bot.html)' | ||
,'Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)' | ||
,'YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; http://help.yahoo.com/help/us/shop/merchant/)' | ||
,'Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)' | ||
,'Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)' | ||
,'msnbot/1.1 (+http://search.msn.com/msnbot.htm)' | ||
); | ||
|
||
$agent = $agent || 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5'; | ||
|
||
$agent = $uagnt[ rand @uagnt ] if($randomagent==1); | ||
|
||
$ua->agent($agent); | ||
|
||
|
||
$ua->cookie_jar({}) if($cookie!=1); | ||
$ua->default_header('Cookie'=> "$cookie") if($cookie!=1); | ||
|
||
|
||
our @dlog;our @tflog; | ||
|
||
our $log=""; | ||
sub dprint{ | ||
my ($in) = @_; | ||
$in =~ s/\/\//\//g; | ||
$in =~ s/http:\//http:\/\//g; | ||
$#dlog++; | ||
$dlog[$#dlog]=$in; | ||
$in="\n[+] $in\n"; | ||
$log .= $in; | ||
print color("blue"); | ||
print "$in"; | ||
} | ||
sub tprint{ | ||
my ($in) = @_; | ||
$in =~ s/\/\//\//g; | ||
$in =~ s/http:\//http:\/\//g; | ||
$#tflog++; | ||
$tflog[$#tflog]=$in; | ||
$in="[++] $in\n"; | ||
$log .= $in; | ||
print color("yellow"); | ||
print "$in"; | ||
print color("blue"); | ||
} | ||
sub fprint{ | ||
my ($in) = @_; | ||
$in =~ s/\/\//\//g; | ||
$in =~ s/http:\//http:\/\//g; | ||
$#tflog++; | ||
$tflog[$#tflog]="1337false$in"; | ||
$in="[++] $in\n"; | ||
$log .= $in; | ||
print color("red"); | ||
print "$in"; | ||
print color("blue"); | ||
} | ||
|
||
print color("blue"); | ||
print "Processing $target ...\n\n\n"; |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
#!/usr/bin/perl | ||
|
||
my $browser = LWP::UserAgent->new; | ||
$browser->timeout(60); | ||
$browser = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 }); | ||
$browser->protocols_allowed( [ 'http','https'] ); | ||
|
||
|
||
|
||
print "\n[+] Checking newest version\n"; | ||
|
||
my $response = $browser->get('http://raw.githubusercontent.com/rezasp/joomscan/master/version'); | ||
|
||
if($response->is_success){ | ||
if($response->decoded_content =~ /$version/) | ||
{ | ||
print "\n[!] New version available on http://github.com/rezasp/joomscan \n\n"; | ||
}else | ||
{ | ||
print "\n[!] No new version available\n\n"; | ||
|
||
} | ||
|
||
}else{ | ||
print "\nNetwork error!\n"; | ||
} |
Oops, something went wrong.