joomla-logo

Joomla is one of the CMS that I like and testing it for vulnerability would be fun using OWAP’s joomscan. Just in case you wanted it on your system you can download it at sourceforge Joomscan is a vulnerability scanner for websites using joomla CMS.

To install it on ubuntu you can extract it on a directory that you like like the /opt directory. After extracting make it executable and the db text file which is needed for the update:

sudo chmod +x /opt/joomscan/joomscan.pl && sudo chmod +x /opt/joomscan/joomscandb.txt && sudo chmod +x /opt/joomscan/joomscandb-info.txt

By default perl alone does not work using joomscan and it needs a some library to get it working. you can install the needed libraries by using the command:

sudo apt-get install -y libtest-www-mechanize-perl

After the installation go to the path where it was extracted and you can now start using it. A very basic usage is

[email protected]:/opt/joomscan$ perl joomscan.pl -u example.com

Options are fount below which is shown when you used a wrong syntax

=================================================================
OWASP Joomla! Vulnerability Scanner v0.0.4
(c) Aung Khant, aungkhant]at[yehg.net
YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab
Update by: Web-Center, http://web-center.si (2011)
=================================================================

Vulnerability Entries: 611
Last update: February 2, 2012

Usage: joomscan.pl -u -x proxy:port
-u = joomla Url

==Optional==

-x = proXy to tunnel
-c = Cookie (name=value;)
-g “” = desired useraGent string(within “)
-nv = No Version fingerprinting check
-nf = No Firewall detection check
-nvf/-nfv = No version+firewall check
-pe = Poke version only and Exit
-ot = Output to Text file (target-joexploit.txt)
-oh = Output to Html file (target-joexploit.htm)
-vu = Verbose (output every Url scan)
-sp = Show completed Percentage