JoomScan – OWASP Joomla Vulnerability Scanner Project

Last Release: 09/24/2018     Last Commit: 10/02/2019

JoomScan – OWASP Joomla Vulnerability Scanner Project

Introduction

JoomScan, OWASP Vulnerability Scanner, is an open source project developed in perl which detects Joomla CMS vulnerabilities and analyses them. This tool enables seamless and effortless scanning of Joomla installations, and has a modular and lightweight architecture, so it doesn’t leave to much footprints.

OWASP JoomScan

JoomScan:

If you want to perform penetration testing on a Joomla CMS, then you should try out OWASP JoomScan, since it’s faster then ever with regular updates on Joomla vulnerabilities.

Beside ability to detect known offensive vulnerabilities, JoomScan can also detect many misconfigurations and admin-level shortcomings which can lead to the system compromise. Furthermore, OWASP JoomScan provides a friendly UI and compiles the final reports in both text and HTML formats.

Features:

  • Version enumerator
  • Vulnerability enumerator (based on version)
  • Components enumerator (1209 most popular by default)
  • Components vulnerability enumerator (based on version)(+1030 exploit)
  • Firewall detector
  • Reporting to Text & HTML output
  • Finding common log files
  • Finding common backup files

How does OWASP JoomScan work?

  1. First HEAD Check if a vulnerable resource exists rather than GET request and search vulnerable string. This speeds up the process. It is good to minimize IDS alert as it doesn’t send GET storm attack strings Request.
  2. Only if the resource exists, then it checks if the vulnerability exists with sample exploit string.
  3. If the exploit string is not available, it works out the vulnerability state with version deduced.

JoomScan Install

OWASP JoomScan comes preinstalled in Kali Linux distributions.

You can download JoomScan or clone it from the git repository:

$ git clone https://github.com/rezasp/joomscan.git
$ cd joomscan
$ perl joomscan.pl

Update

To update, simply run:

perl joomscan.pl --update

Usage

Just type --help to see available options/arguments:

root@unknown:~# joomscan --help
    ____  _____  _____  __  __  ___   ___    __    _  _ 
   (_  _)(  _  )(  _  )(  \/  )/ __) / __)  /__\  ( \( )
  .-_)(   )(_)(  )(_)(  )    ( \__ \( (__  /(__)\  )  ( 
  \____) (_____)(_____)(_/\/\_)(___/ \___)(__)(__)(_)\_)
            (1337.today)
   
    --=[OWASP JoomScan
    +---++---==[Version : 0.0.7
    +---++---==[Update Date : [2018/09/23]
    +---++---==[Authors : Mohammad Reza Espargham , Ali Razmjoo
    --=[Code name : Self Challenge
    @OWASP_JoomScan , @rezesp , @Ali_Razmjo0 , @OWASP

Help :

Usage:  joomscan [options]

--url | -u <URL>                |   The Joomla URL/domain to scan.
--enumerate-components | -ec    |   Try to enumerate components.

--cookie <String>               |   Set cookie.
--user-agent | -a <User-Agent>  |   Use the specified User-Agent.
--random-agent | -r             |   Use a random User-Agent.
--timeout <Time-Out>            |   Set timeout.
--about                         |   About Author
--help | -h                     |   This help screen.
--version                       |   Output the current version and exit.

root@unknown:~#

Examples

Default checks:

$ perl joomscan.pl --url www.example.com

or

$ perl joomscan.pl -u www.example.com

To enumerate installed components, run:

$ perl joomscan.pl --url www.example.com --enumerate-components

or

$ perl joomscan.pl -u www.example.com --ec

Set cookie:

$ perl joomscan.pl --url www.example.com --cookie "test=demo;"

Set user-agent:

$ perl joomscan.pl --url www.example.com --user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"

or

$ perl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"

Set random user-agent:

$ perl joomscan.pl -u www.example.com --random-agent

or

$ perl joomscan.pl --url www.example.com -r

Set proxy:

$ perl joomscan.pl --url www.example.com --proxy http://127.0.0.1:8080

or

$ perl joomscan.pl -u www.example.com --proxy https://127.0.0.1:443
Documentation Box
Download Box