Our Joomla Security Scanner tool has been extended with the Joomscan security testing tool. Joomscan is a tool that tests a Joomla installation for known vulnerable plugins and core security configuration mistakes. Detection of these vulnerabilities will allow a web site owner to get the plugins update or fixed before they get attacked.joomla! is probably the most widely-used CMS out there due to its flexibility, user-friendlinesss, extensibility to name a few. So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity. It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites.
joomscan -u <string> -x proxy:port -u <string> = joomla Url
==Optional== -x <string:int> = proXy to tunnel -c <string> = Cookie (name=value;) -g "<string>" = desired useraGent string(within ") -nv = No Version fingerprinting check -nf = No Firewall detection check -nvf/-nfv = No version+firewall check -pe = Poke version only and Exit -ot = Output to Text file (target-joexploit.txt) -oh = Output to Html file (target-joexploit.htm) -vu = Verbose (output every Url scan) -sp = Show completed Percentage
cyborg@cyborg:~$ joomscan -u http://192.168.1.15/joom ..|''|| '|| '||' '|' | .|'''.| '||''|. .|' || '|. '|. .' ||| ||.. ' || || || || || || | | || ''|||. ||...|' '|. || ||| ||| .''''|. . '|| || ''|...|' | | .|. .||. |'....|' .||. ================================================================= OWASP Joomla! Vulnerability Scanner v0.0.4 (c) Aung Khant, aungkhant]at[yehg.net YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab Update by: Web-Center, http://web-center.si (2011) ================================================================= Vulnerability Entries: 611 Last update: February 2, 2012 Use "update" option to update the database Use "check" option to check the scanner update Use "download" option to download the scanner latest version package Use svn co to update the scanner and the database svn co https://joomscan.svn.sourceforge.net/svnroot/joomscan joomscan Target: http://192.168.1.15/joom Server: nginx X-Powered-By: PHP/5.4.41-0+deb7u1 ## Checking if the target has deployed an Anti-Scanner measure [!] Scanning Passed ..... OK ## Detecting Joomla! based Firewall ... [!] .htaccess shipped with Joomla! is being deployed for SEO purpose [!] It contains some defensive mod_rewrite rules [!] Payloads that contain strings (mosConfig,base64_encode,<script> GLOBALS,_REQUEST) wil be responsed with 403. ## Fingerprinting in progress ... Use of uninitialized value in pattern match (m//) at joomscan.pl line 1009. ~Unable to detect the version. Is it sure a Joomla? ## Fingerprinting done. Vulnerabilities Discovered ========================== # 1 Info -> Generic: Unprotected Administrator directory Versions Affected: Any Check: /administrator/ Exploit: The default /administrator directory is detected. Attackers can bruteforce administrator accounts. Read: http://yehg.net/lab/pr0js/view.php/MULTIPLE%20TRICKY%20WAYS%20TO%20PROTECT.pdf Vulnerable? Yes # 2 Info -> Core: Multiple XSS/CSRF Vulnerability Versions Affected: 1.5.9 <= Check: /?1.5.9-x Exploit: A series of XSS and CSRF faults exist in the administrator application. Affected administrator components include com_admin, com_media, com_search. Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities. Vulnerable? N/A