GNU/LinuxKali Linux ToolsScannerSecurity

joomscan

0

joomscan Package Description

Joomla! is probably the most widely-used CMS out there due to its flexibility, user-friendlinesss, extensibility to name a few. So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity. It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites.

The following features are currently available:

  • Exact version Probing (the scanner can tell whether a target is running version 1.5.12)
  • Common Joomla! based web application firewall detection
  • Searching known vulnerabilities of Joomla! and its components
  • Reporting to Text & HTML output
  • Immediate update capability via scanner or svn

Source: https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project
joomscan Homepage | Kali joomscan Repo

  • Author: Aung Khant, OWASP.org
  • License: GPLv3

Tools included in the joomscan package

joomscan – OWASP Joomla Vulnerability Scanner Project
root@kali:~# joomscan

..|”||   ‘|| ‘||’  ‘|’     |      .|”’.|  ‘||”|.
.|’    ||   ‘|. ‘|.  .’     |||     ||..  ‘   ||   ||
||      ||   ||  ||  |     |  ||     ”|||.   ||…|’
‘|.     ||    ||| |||     .””|.  .     ‘||  ||
”|…|’      |   |     .|.  .||. |’….|’  .||.

=================================================================
OWASP Joomla! Vulnerability Scanner v0.0.4
(c) Aung Khant, aungkhant]at[yehg.net
YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab
Update by: Web-Center, http://web-center.si (2011)
=================================================================

Vulnerability Entries: 611
Last update: February 2, 2012

Usage:  ./joomscan.pl -u <string> -x proxy:port
-u <string>      = joomla Url

==Optional==

-x <string:int>  = proXy to tunnel
-c <string>      = Cookie (name=value;)
-g “<string>”    = desired useraGent string(within “)
-nv              = No Version fingerprinting check
-nf              = No Firewall detection check
-nvf/-nfv        = No version+firewall check
-pe          = Poke version only and Exit
-ot              = Output to Text file (target-joexploit.txt)
-oh              = Output to Html file (target-joexploit.htm)
-vu              = Verbose (output every Url scan)
-sp          = Show completed Percentage

~Press ENTER key to continue

Example:  ./joomscan.pl -u victim.com -x localhost:8080

Check:    ./joomscan.pl check
– Check if the scanner update is available or not.

Update:   ./joomscan.pl update
– Check and update the local database if newer version is available.

Download: ./joomscan.pl download
– Download the scanner latest version as a single zip file – joomscan-latest.zip.

Defense:  ./joomscan.pl defense
– Give a defensive note.

About:    ./joomscan.pl story
– A short story about joomscan.

Read:     ./joomscan.pl read DOCFILE
DOCFILE – changelog,release_note,readme,credits,faq,owasp_project

joomscan Usage Example

Scan the Joomla installation at the given URL (-u http://192.168.1.202/joomla) for vulnerabilities:

root@kali:~# joomscan -u http://192.168.1.202/joomla

..|”||   ‘|| ‘||’  ‘|’     |      .|”’.|  ‘||”|.
.|’    ||   ‘|. ‘|.  .’     |||     ||..  ‘   ||   ||
||      ||   ||  ||  |     |  ||     ”|||.   ||…|’
‘|.     ||    ||| |||     .””|.  .     ‘||  ||
”|…|’      |   |     .|.  .||. |’….|’  .||.

=================================================================
OWASP Joomla! Vulnerability Scanner v0.0.4
(c) Aung Khant, aungkhant]at[yehg.net
YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab
Update by: Web-Center, http://web-center.si (2011)
=================================================================

Vulnerability Entries: 673
Last update: October 22, 2012

Use “update” option to update the database
Use “check” option to check the scanner update
Use “download” option to download the scanner latest version package
Use svn co to update the scanner and the database
svn co https://joomscan.svn.sourceforge.net/svnroot/joomscan joomscan

Target: http://192.168.1.202/joomla

Server: Apache/2.2.22 (Debian)
X-Powered-By: PHP/5.4.4-14+deb7u9

## Checking if the target has deployed an Anti-Scanner measure

[!] Scanning Passed ….. OK

## Detecting Joomla! based Firewall …

[!] No known firewall detected!

## Fingerprinting in progress …

Use of uninitialized value in pattern match (m//) at ./joomscan.pl line 1009.
~Unable to detect the version. Is it sure a Joomla?

## Fingerprinting done.

Vulnerabilities Discovered
==========================

# 1
Info -> Generic: htaccess.txt has not been renamed.
Versions Affected: Any
Check: /htaccess.txt
Exploit: Generic defenses implemented in .htaccess are not available, so exploiting is more likely to succeed.
Vulnerable? Yes

tomcatWarDeployer – Apache Tomcat auto WAR Deployment & Pwning Penetration Testing Tool

Previous article

You may also like

Comments

Leave a reply

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

More in GNU/Linux