JoomScan 0.0.5 - OWASP Joomla Vulnerability Scanner Project - KitPloit - PenTest Tools for your Security Arsenal ☣
2018-03-17 23:39:50 Author: www.kitploit.com(查看原文) 阅读量:116 收藏

OWASP JoomScan (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis them.

WHY OWASP JOOMSCAN ?

If you want to do a penetration test on a Joomla CMS, OWASP JoomScan is Your best shot ever! This Project is being faster than ever and updated with the latest Joomla vulnerabilities.


INSTALL

git clone https://github.com/rezasp/joomscan.git
cd joomscan
perl joomscan.pl

JOOMSCAN ARGUMENTS

Usage: joomscan.pl [options]

--url | -u <URL>                         |   The Joomla URL/domain to scan.
--enumerate-components          | -ec    |   Try to enumerate components.

--cookie <String>                       |   Set cookie.
--user-agent | -a <user-agent>   |   Use the specified User-Agent.
--random-agent | -r                   |   Use a random User-Agent.
--timeout <time-out>                  |   set timeout.
--about                                      |   About Author
--update                                    |   Update to the latest version.
--help | -h                                 |   This help screen.
--version                                   |   Output the current version and exit.

OWASP JOOMSCAN EXAMPLES
Do default checks...

perl joomscan.pl --url www.example.com

or

perl joomscan.pl -u www.example.com

Enumerate installed components...

perl joomscan.pl --url www.example.com --enumerate-components

or

perl joomscan.pl -u www.example.com --ec

Set cookie

perl joomscan.pl --url www.example.com --cookie "test=demo;"

Set user-agent

perl joomscan.pl --url www.example.com --user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"

or

perl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"

Set random user-agent

perl joomscan.pl -u www.example.com --random-agent

or

perl joomscan.pl --url www.example.com -r

Update Joomscan...

perl joomscan.pl --update

PROJECT LEADERS

  • Mohammad Reza Espargham [ reza[dot]espargham[at]owasp[dot]org ]
  • Ali Razmjoo [ ali[dot]razmjoo[at]owasp[dot]org ]

OWASP JoomScan 0.0.5 [KLOT]

  • Update components database
  • Bug fixed (updating module)
  • Allow start from any path
  • Update backup finder database
  • Update report module
  • Update validate target method 
  • HTTPS improvements
  • Fix issue #11 - Incorrect URL output for HTTPS site
  • Fix issue #12 - Components scan output issues
  • Fix issue #13 - Check a server is live or not!
  • Fix issue #9 - Disable redirectable requests for components finder module
  • A few enhancements

OWASP JoomScan 0.0.1 introduction (Youtube)

JoomScan 0.0.5 - OWASP Joomla Vulnerability Scanner Project JoomScan 0.0.5 - OWASP Joomla Vulnerability Scanner Project Reviewed by Lydecker Black on 9:55 AM Rating: 5


文章来源: https://www.kitploit.com/2018/03/joomscan-005-owasp-joomla-vulnerability.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29
如有侵权请联系:admin#unsafe.sh