OWASP JoomScan Project
OWASP Joomla! Vulnerability Scanner is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system. Furthermore, OWASP JoomScan provides a user-friendly interface and compiles the final reports in both text and HTML formats for ease of use and minimization of reporting overheads.
OWASP JoomScan is included in Kali Linux distributions.
WHY OWASP JOOMSCAN?
*Vulnerability enumerator (based on version)
*Components enumerator (1209 most popular by default)
*Components vulnerability enumerator (based on version)(+1030 exploit)
*Reporting to Text & HTML output
*Finding common log files
*Finding common backup files
- com_joomanager exploiter removed
- Added new module: Local File Disclosure vulnerability detector (Supports detection of [com_joomanager,s5_media_player,com_hdflvplayer,com_macgallery,com_cckjseblod,fsave,com_portfolio,com_picsell,captcha,com_rsfiles,com_addproperty,com_aceftp,com_jtagmembersdirectory,com_facegallery,com_docman,mod_dvfoldercontent,com_contushdvideoshare,com_jetext,com_product_modul,wddownload,com_community,com_download-monitor])
- Updated module: Firewall Detector (supports detection of [CloudFlare, Incapsula, Shieldfy, Mod_Security and 28 other modules ])
- Added exploit for jckeditor
- Updated list of components
- A few enhancements
Copyright (C) 2018 rezasp