ClsHack:Computer Security Blog    

joomscan: Scan joomla cms && find security bug

Posted on: 6 February 2012

Joomscan is a tool to test the vulnerability of websites that the famous cms ‘Joomla’.

The original design of this scanner can be found here:

OWASP Joomla Vulnerability Scanner

Since the last update was in 2009, team Web-center.si decided to go further and help users protect their Joomla sites.

The team that has taken over the project has optimized the scanner and put the check for vulnerabilities in new versions of joomla and more check for plugin and various components.

joomscan to look into a joomla cms the following vulnerabilities:

  • XSS
  • CSRF
  • SQL Injection
  • LFI
  • RFI
  • bruteforce

Let's see how to use it on backbox or a distro like debian as ubuntu.
The first thing to do is download joomscan.
Then you can download it from the official site or from my site ;)

Va beh andiamo in /home/user:
cd $HOME
Unload the package:
wget http://web-center.si/joomscan/joomscan.tar.gz
Unzip:(here you are wrong is not a tar file but it is a zip, so that not until fixano)
unzip joomscan.tar.gz
Otherwise:
tar -xvwzf joomscan.tar.gz
Now we go to the directory:
cd joomscan

chmod +x joomscan.pl
Dependencies:
sudo perl -MCPAN -e 'install WWW::Mechanize'
or:
sudo apt-get install libtest-www-mechanize-perl
And execute jooscan:
./joomscan.pl

To do the update:
./joomscan.pl update

Download dal mio blog:
wget http://www.clshack.com/nopaste/joomscan.zip
To extract:
unzip joomscan.zip

Related posts:

  1. OWASP Joomla Vulnerability Scanner
  2. Grendel-Scan:web application security testing tool
  3. Wapiti: Web application security Scanner
  4. [tutorial]Tool for Vulnerability Identification level WEB
  5. RATS: Rough Auditing Tool for Security

This entry was posted on Monday, February 6th, 2012 at 2:19 pm and is filed under GNU/Linux, Hacking, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Tagged with: