Jaidam: automatic WordPress/Joomla Vulnerability Scanning

Jaidam

Jaidam is an open source penetration testing tool that would take as input a list of domain names, scan them, determine if WordPress or Joomla platform was used and finally check them automatically, for web vulnerabilities using two well‐known open source tools, WPScan and Joomscan.

The innovative part of Jaidam security tool is that it combines the modules of Joomscan and WPScan in one package providing more functionality to the user saving up much time. Moreover, it can handle a list of sites taken as an input so as the user has the ability to run a distributed web vulnerability scan. There is a builtin multithreaded function for faster results in determining the kind of CMS a site uses.

When the scanning of domain names is completed the user is asked whether he likes to perform a WPScan or a Joomscan. By choosing, for example, a WPScan then it starts to scan for vulnerabilities all the sites that have recognized as WordPress sites

After completing the scan procedure, jaidam stores the results in the wp_vulne_table for WordPress results or in the jm_vulne_table for Joomla results in a sqlite3 database within the file jaidamSQLite.db.

The categories of the vulnerabilities the tool will scan for have been chosen based on the Owasp’s top 10 vulnerability list.

Install

Jaidam has been written and tested in Debian-like distros. The main distro that it was tested on is the new generation of the industry-leading BackTrack Linux penetration testing and security auditing distribution, Kali Linux. In order for the program to run in a Kali Linux distro it is necessary for the distro to be fully updated, upgraded :

  • apt-get update && apt-get upgrade
  • apt-get dist-upgrade
  • git clone https://github.com/stasinopoulos/Jaidam.git

Usage

L / l: Create List
C / c: Create list of custom TXT file
S / s: Scan a single site

W / w: Use WPScan for scanning wordpress sites
J / j: Use Joomscan for scanning joomla sites
M / m: Use Jaidam Extra Modules(*)
D / d: Automatic creation of list using built in function
G / g: Automatic creation of list using built in function (aproximatly 14000 gr sites)

U / u: Update Jaidam to the latest version
Q / q: Quit

Jaidam Toolkit
Copyright (C) 2013 Jaidam Development Team.

Source: https://github.com/stasinopoulos/