web application – owasp joomla! vulnerability scanner

Joomla! is probably the most widely-used CMS out there due to its flexibility, user-friendlinesss, extensibility to name a few.So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites. No web security scanner is dedicated only one CMS.

backtrack 5 r1


Usage:  ./joomscan.pl -u <string> -x proxy:port
-u <string>      = joomla Url


-x <string:int>  = proXy to tunnel
-c <string>      = Cookie (name=value;)
-g “<string>”    = desired useraGent string(within “)
-nv              = No Version fingerprinting check
-nf              = No Firewall detection check
-nvf/-nfv        = No version+firewall check
-pe           = Poke version only and Exit
-ot              = Output to Text file (target-joexploit.txt)
-oh              = Output to Html file (target-joexploit.htm)
-vu              = Verbose (output every Url scan)
-sp          = Show completed Percentage

~Press ENTER key to continue

Example:  ./joomscan.pl -u victim.com -x localhost:8080

Check:    ./joomscan.pl check
– Check if the scanner update is available or not.

Update:   ./joomscan.pl update
– Check and update the local database if newer version is available.

Download: ./joomscan.pl download
– Download the scanner latest version as a single zip file – joomscan-latest.zip.

Defense:  ./joomscan.pl defense
– Give a defensive note.

About:    ./joomscan.pl story
– A short story about joomscan.

Read:     ./joomscan.pl read DOCFILE
DOCFILE – changelog,release_note,readme,credits,faq,owasp_project

root@bt:/pentest/web/scanners/joomscan# ./joomscan.pl -u IP-Address

OWASP Joomla! Vulnerability Scanner v0.0.3-b
(c) Aung Khant, aungkhant]at[yehg.net
YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab
Update by: Web-Center, http://web-center.si (2011)

Use of uninitialized value $lastupdate in concatenation (.) or string at ./joomscan.pl line 1274.

Vulnerability Entries: 550 November 20, 2011
Last update:

Use “update” option to update the database
Use “check” option to check the scanner update
Use “download” option to download the scanner latest version package
Use svn co to update the scanner
svn co https://joomscan.svn.sourceforge.net/svnroot/joomscan joomscan

Target: http://IP-Address

Server: Apache/2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.8 mod_perl/2.0.4 Perl/v5.10.1
X-Powered-By: PHP/5.3.8

## NOTE: The Administrator URL was renamed. Bruteforce it. ##
## None of /administrator, /admin, /manage ##

## Checking if the target has deployed an Anti-Scanner measure

[!] Scanning Passed ….. OK

## Detecting Joomla! based Firewall …

[!] .htaccess shipped with Joomla! is being deployed for SEO purpose
[!] It contains some defensive mod_rewrite rules
[!] Payloads that contain strings (mosConfig,base64_encode,<script>
GLOBALS,_REQUEST) wil be responsed with 403.

## Fingerprinting in progress …

~Unable to detect the version. Is it sure a Joomla?

## Fingerprinting done.

Vulnerabilities Discovered

# 1
Info -> Component: Joomla Component Mosets Tree 2.1.5 Shell Upload
Versions Affected: 2.1.5
Check: /http:/{target}/components/com_mtree/img/listings/o/{id}.phpwhere{id}
Exploit: /http://{target}/components/com_mtree/img/listings/o/{id}.php where {id}
Vulnerable? N/A

There is a vulnerable point in 1 found entries!

~[*] Time Taken: 22 sec
~[*] Send bugs, suggestions, contributions to joomscan@yehg.net

2 thoughts on “web application – owasp joomla! vulnerability scanner

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s