OWASP JoomScan (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis them.
WHY OWASP JOOMSCAN ?
If you want to do a penetration test on a Joomla CMS, OWASP JoomScan is Your best shot ever! This Project is being faster than ever and updated with the latest Joomla vulnerabilities.
INSTALL
git clone https://github.com/rezasp/joomscan.git
cd joomscan
perl joomscan.pl
JOOMSCAN ARGUMENTS
Usage: joomscan.pl [options]
--url | -u <URL> | The Joomla URL/domain to scan.
--enumerate-components | -ec | Try to enumerate components.
--cookie <String> | Set cookie.
--user-agent | -a <user-agent> | Use the specified User-Agent.
--random-agent | -r | Use a random User-Agent.
--timeout <time-out> | set timeout.
--about | About Author
--update | Update to the latest version.
--help | -h | This help screen.
--version | Output the current version and exit.
OWASP JOOMSCAN EXAMPLES
Do default checks…
perl joomscan.pl --url www.example.com
or
perl joomscan.pl -u www.example.com
Enumerate installed components…
perl joomscan.pl --url www.example.com --enumerate-components
or
perl joomscan.pl -u www.example.com --ec
Set cookie
perl joomscan.pl --url www.example.com --cookie "test=demo;"
Set user-agent
perl joomscan.pl --url www.example.com --user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"
or
perl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"
Set random user-agent
perl joomscan.pl -u www.example.com --random-agent
or
perl joomscan.pl --url www.example.com -r
Update Joomscan…
perl joomscan.pl --update
PROJECT LEADERS
- Mohammad Reza Espargham [ reza[dot]espargham[at]owasp[dot]org ]
- Ali Razmjoo [ ali[dot]razmjoo[at]owasp[dot]org ]
OWASP JoomScan 0.0.5 [KLOT]
- Update components database
- Bug fixed (updating module)
- Allow start from any path
- Update backup finder database
- Update report module
- Update validate target method
- HTTPS improvements
- Fix issue #11 – Incorrect URL output for HTTPS site
- Fix issue #12 – Components scan output issues
- Fix issue #13 – Check a server is live or not!
- Fix issue #9 – Disable redirectable requests for components finder module
- A few enhancements
Add Comment