Introduction
JoomScan, OWASP Vulnerability Scanner, is an open source project developed in perl which detects Joomla CMS vulnerabilities and analyses them. This tool enables seamless and effortless scanning of Joomla installations, and has a modular and lightweight architecture, so it doesn’t leave to much footprints.
JoomScan:
If you want to perform penetration testing on a Joomla CMS, then you should try out OWASP JoomScan, since it’s faster then ever with regular updates on Joomla vulnerabilities.
Beside ability to detect known offensive vulnerabilities, JoomScan can also detect many misconfigurations and admin-level shortcomings which can lead to the system compromise. Furthermore, OWASP JoomScan provides a friendly UI and compiles the final reports in both text and HTML formats.
Features:
- Version enumerator
- Vulnerability enumerator (based on version)
- Components enumerator (1209 most popular by default)
- Components vulnerability enumerator (based on version)(+1030 exploit)
- Firewall detector
- Reporting to Text & HTML output
- Finding common log files
- Finding common backup files
How does OWASP JoomScan work?
- First HEAD Check if a vulnerable resource exists rather than GET request and search vulnerable string. This speeds up the process. It is good to minimize IDS alert as it doesn’t send GET storm attack strings Request.
- Only if the resource exists, then it checks if the vulnerability exists with sample exploit string.
- If the exploit string is not available, it works out the vulnerability state with version deduced.
JoomScan Install
OWASP JoomScan comes preinstalled in Kali Linux distributions.
You can download JoomScan or clone it from the git repository:
$ git clone https://github.com/rezasp/joomscan.git $ cd joomscan $ perl joomscan.pl
Update
To update, simply run:
perl joomscan.pl --update
Usage
Just type --help to see available options/arguments:
root@unknown:~# joomscan --help ____ _____ _____ __ __ ___ ___ __ _ _ (_ _)( _ )( _ )( \/ )/ __) / __) /__\ ( \( ) .-_)( )(_)( )(_)( ) ( \__ \( (__ /(__)\ ) ( \____) (_____)(_____)(_/\/\_)(___/ \___)(__)(__)(_)\_) (1337.today) --=[OWASP JoomScan +---++---==[Version : 0.0.7 +---++---==[Update Date : [2018/09/23] +---++---==[Authors : Mohammad Reza Espargham , Ali Razmjoo --=[Code name : Self Challenge @OWASP_JoomScan , @rezesp , @Ali_Razmjo0 , @OWASP Help : Usage: joomscan [options] --url | -u <URL> | The Joomla URL/domain to scan. --enumerate-components | -ec | Try to enumerate components. --cookie <String> | Set cookie. --user-agent | -a <User-Agent> | Use the specified User-Agent. --random-agent | -r | Use a random User-Agent. --timeout <Time-Out> | Set timeout. --about | About Author --help | -h | This help screen. --version | Output the current version and exit. root@unknown:~#
Examples
Default checks:
$ perl joomscan.pl --url www.example.com
or
$ perl joomscan.pl -u www.example.com
To enumerate installed components, run:
$ perl joomscan.pl --url www.example.com --enumerate-components
or
$ perl joomscan.pl -u www.example.com --ec
Set cookie:
$ perl joomscan.pl --url www.example.com --cookie "test=demo;"
Set user-agent:
$ perl joomscan.pl --url www.example.com --user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"
or
$ perl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"
Set random user-agent:
$ perl joomscan.pl -u www.example.com --random-agent
or
$ perl joomscan.pl --url www.example.com -r
Set proxy:
$ perl joomscan.pl --url www.example.com --proxy http://127.0.0.1:8080
or
$ perl joomscan.pl -u www.example.com --proxy https://127.0.0.1:443
