OWASP Joomla Vulnerability Scanner Project
Switch branches/tags
Clone or download
rezasp JoomScan 0.0.7 - Self Challenge
JoomScan 0.0.7 - Self Challenge
Latest commit e3ccf9f Sep 24, 2018

README.md

Version 0.0.7 Perl GPLv3 License Twitter Leader Leader
Black Hat Arsenal USA Black Hat Arsenal ASIA

======

OWASP JoomScan Project

OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system. Furthermore, OWASP JoomScan provides a user-friendly interface and compiles the final reports in both text and HTML formats for ease of use and minimization of reporting overheads.
OWASP JoomScan is included in Kali Linux distributions.

WHY OWASP JOOMSCAN ?

Automated ...
*Version enumerator
*Vulnerability enumerator (based on version)
*Components enumerator (1209 most popular by default)
*Components vulnerability enumerator (based on version)(+1030 exploit)
*Firewall detector
*Reporting to Text & HTML output
*Finding common log files
*Finding common backup files

INSTALL

git clone https://github.com/rezasp/joomscan.git
cd joomscan
perl joomscan.pl

JOOMSCAN ARGUMENTS

Usage:	joomscan.pl [options]

--url | -u <URL>                |   The Joomla URL/domain to scan.
--enumerate-components | -ec    |   Try to enumerate components.

--cookie <String>               |   Set cookie.
--user-agent | -a <user-agent>  |   Use the specified User-Agent.
--random-agent | -r             |   Use a random User-Agent.
--timeout <time-out>            |   set timeout.
--about                         |   About Author
--update                        |   Update to the latest version.
--help | -h                     |   This help screen.
--version                       |   Output the current version and exit.

OWASP JOOMSCAN USAGE EXAMPLES

Do default checks...
perl joomscan.pl --url www.example.com
or
perl joomscan.pl -u www.example.com

Enumerate installed components...
perl joomscan.pl --url www.example.com --enumerate-components
or
perl joomscan.pl -u www.example.com --ec

Set cookie
perl joomscan.pl --url www.example.com --cookie "test=demo;"

Set user-agent
perl joomscan.pl --url www.example.com --user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"
or
perl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"


Set random user-agent
perl joomscan.pl -u www.example.com --random-agent
or
perl joomscan.pl --url www.example.com -r

Set proxy
perl joomscan.pl --url www.example.com --proxy http://127.0.0.1:8080
or
perl joomscan.pl -u www.example.com --proxy https://127.0.0.1:443


Update Joomscan...
perl joomscan.pl --update

OWASP PAGE

https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project

GIT REPOSITORY

https://github.com/rezasp/joomscan

ISSUES

https://github.com/rezasp/joomscan/issues

PROJECT LEADERS

  • Mohammad Reza Espargham [ reza[dot]espargham[at]owasp[dot]org ]
  • Ali Razmjoo [ ali[dot]razmjoo[at]owasp[dot]org ]



OWASP JoomScan introduction (Youtube)

OWASP JoomScan introduction