{"id":15034663,"url":"https://github.com/owasp/joomscan","last_synced_at":"2025-05-15T20:07:13.519Z","repository":{"id":43086159,"uuid":"67115839","full_name":"OWASP/joomscan","owner":"OWASP","description":"OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/","archived":false,"fork":false,"pushed_at":"2024-09-11T09:08:50.000Z","size":283,"stargazers_count":1121,"open_issues_count":24,"forks_count":243,"subscribers_count":53,"default_branch":"master","last_synced_at":"2025-05-15T20:06:38.851Z","etag":null,"topics":["0day","exploit","joomla","joomla-cms","joomscan","owasp","scanner","vulnerability-scanners","vunerability"],"latest_commit_sha":null,"homepage":"https://www.secologist.com/open-source-projects","language":"Raku","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OWASP.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-09-01T09:06:17.000Z","updated_at":"2025-05-15T12:05:56.000Z","dependencies_parsed_at":"2024-01-14T08:58:46.781Z","dependency_job_id":"ab26ef63-355f-465d-9a49-ed175c22d315","html_url":"https://github.com/OWASP/joomscan","commit_stats":{"total_commits":61,"total_committers":16,"mean_commits":3.8125,"dds":0.5737704918032787,"last_synced_commit":"2ea8cc7792b3893b80a52e4ad7cc32a1a9dbf7fc"},"previous_names":["rezasp/joomscan"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2Fjoomscan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2Fjoomscan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2Fjoomscan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2Fjoomscan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OWASP","download_url":"https://codeload.github.com/OWASP/joomscan/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254414501,"owners_count":22067272,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["0day","exploit","joomla","joomla-cms","joomscan","owasp","scanner","vulnerability-scanners","vunerability"],"created_at":"2024-09-24T20:25:55.515Z","updated_at":"2025-05-15T20:07:08.325Z","avatar_url":"https://github.com/OWASP.png","language":"Raku","readme":"![Version 0.0.7](https://img.shields.io/badge/Version-0.0.7-green.svg)\n![Perl](https://img.shields.io/badge/Perl-5.x-yellow.svg)\n[![GPLv3 License](https://img.shields.io/badge/License-GPLv3-red.svg)](https://github.com/rezasp/joomscan/blob/master/LICENSE.md)\n[![Twitter](https://img.shields.io/badge/Twitter-@OWASP_JoomScan-blue.svg)](http://twitter.com/OWASP_JoomScan)\n[![Leader](https://img.shields.io/badge/Twitter-@rezesp-blue.svg)](http://www.twitter.com/rezesp)\n[![Leader](https://img.shields.io/badge/Twitter-@Ali_Razmjo0-blue.svg)](http://www.twitter.com/Ali_Razmjo0)\n\u003cbr\u003e\n[![Black Hat Arsenal USA](https://rawgit.com/toolswatch/badges/master/arsenal/usa/2018.svg)](http://www.toolswatch.org/2018/05/black-hat-arsenal-usa-2018-the-w0w-lineup/)\n[![Black Hat Arsenal ASIA](https://rawgit.com/toolswatch/badges/master/arsenal/asia/2018.svg)](http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/)\n\n\n\u003cimg src=\"https://raw.githubusercontent.com/rezasp/Trash/master/joomscan.png\" width=\"200\"\u003e\u003cimg src=\"https://raw.githubusercontent.com/rezasp/Trash/master/owasp.png\" width=\"500\"\u003e\n\n======\n\nOWASP JoomScan Project\n======\n\nOWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system. Furthermore, OWASP JoomScan provides a user-friendly interface and compiles the final reports in both text and HTML formats for ease of use and minimization of reporting overheads.\n\u003cbr\u003e\nOWASP JoomScan is included in Kali Linux distributions.\n\n* **Read More**: https://www.secologist.com/open-source-projects\n\n### WHY OWASP JOOMSCAN  ?\nAutomated ...\u003cbr\u003e\n  *Version enumerator\u003cbr\u003e\n  *Vulnerability enumerator (based on version)\u003cbr\u003e\n  *Components enumerator (1209 most popular by default)\u003cbr\u003e\n  *Components vulnerability enumerator (based on version)(+1030 exploit)\u003cbr\u003e\n  *Firewall detector\u003cbr\u003e\n  *Reporting to Text \u0026 HTML output\u003cbr\u003e\n  *Finding common log files\u003cbr\u003e\n  *Finding common backup files\u003cbr\u003e\n\n\n# INSTALL\n\n    git clone https://github.com/rezasp/joomscan.git\n    cd joomscan\n    perl joomscan.pl\n\nFor Docker installation and usage\n\n    # Build the docker image\n    docker build -t rezasp/joomscan .\n\n    # Run a new docker container with reports directory mounted at the host\n    docker run -it -v /path/to/reports:/home/joomscan/reports --name joomscan_cli rezasp/joomscan\n\n    # For accessing the docker container you can run the following command\n    docker run -it -v /path/to/reports:/home/joomscan/reports --name joomscan_cli --entrypoint /bin/bash rezasp/joomscan\n\n# JOOMSCAN ARGUMENTS\n\n    Usage:\tjoomscan.pl [options]\n\n    --url | -u \u003cURL\u003e                |   The Joomla URL/domain to scan.\n    --enumerate-components | -ec    |   Try to enumerate components.\n\n    --cookie \u003cString\u003e               |   Set cookie.\n    --user-agent | -a \u003cuser-agent\u003e  |   Use the specified User-Agent.\n    --random-agent | -r             |   Use a random User-Agent.\n    --timeout \u003ctime-out\u003e            |   set timeout.\n    --about                         |   About Author\n    --update                        |   Update to the latest version.\n    --help | -h                     |   This help screen.\n    --version                       |   Output the current version and exit.\n\n\n# OWASP JOOMSCAN USAGE EXAMPLES\n\nDo default checks...\u003cbr\u003e\n```perl joomscan.pl --url www.example.com```\u003cbr\u003e\nor\u003cbr\u003e\n```perl joomscan.pl -u www.example.com```\n\u003cbr\u003e\n\u003cbr\u003e\nEnumerate installed components...\u003cbr\u003e\n```perl joomscan.pl --url www.example.com --enumerate-components```\u003cbr\u003e\nor\u003cbr\u003e\n```perl joomscan.pl -u www.example.com --ec```\u003cbr\u003e\n\u003cbr\u003e\n\nSet cookie\u003cbr\u003e\n```perl joomscan.pl --url www.example.com --cookie \"test=demo;\"```\n\u003cbr\u003e\u003cbr\u003e\n\nSet user-agent\u003cbr\u003e\n```perl joomscan.pl --url www.example.com --user-agent \"Googlebot/2.1 (+http://www.googlebot.com/bot.html)\"```\u003cbr\u003e\nor\u003cbr\u003e\n```perl joomscan.pl -u www.example.com -a \"Googlebot/2.1 (+http://www.googlebot.com/bot.html)\"```\u003cbr\u003e\n\u003cbr\u003e\u003cbr\u003e\n\nSet random user-agent\u003cbr\u003e\n```perl joomscan.pl -u www.example.com --random-agent```\u003cbr\u003e\nor\u003cbr\u003e\n```perl joomscan.pl --url www.example.com -r```\u003cbr\u003e\n\u003cbr\u003e\n\nSet proxy\u003cbr\u003e\n```perl joomscan.pl --url www.example.com --proxy http://127.0.0.1:8080```\u003cbr\u003e\nor\u003cbr\u003e\n```perl joomscan.pl -u www.example.com --proxy https://127.0.0.1:443```\u003cbr\u003e\n\u003cbr\u003e\u003cbr\u003e\n\nUpdate Joomscan...\u003cbr\u003e\n```perl joomscan.pl --update```\u003cbr\u003e\u003cbr\u003e\n\n\n# OWASP PAGE\n\n[https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project](https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project)\n\n# GIT REPOSITORY\n\n[https://github.com/rezasp/joomscan](https://github.com/rezasp/joomscan)\n\n# ISSUES\n\n[https://github.com/rezasp/joomscan/issues](https://github.com/rezasp/joomscan/issues)\n\n# PROJECT LEADERS\n\n*  Mohammad Reza Espargham           [ reza[dot]espargham[at]owasp[dot]org ]\n*  Ali Razmjoo                                    [ ali[dot]razmjoo[at]owasp[dot]org ]\n\n\n\u003cbr\u003e\u003cbr\u003e\nOWASP JoomScan introduction (Youtube)\n\n[![OWASP JoomScan introduction](https://img.youtube.com/vi/Ik2CJ9LkuoI/0.jpg)](https://www.youtube.com/watch?v=Ik2CJ9LkuoI)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowasp%2Fjoomscan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fowasp%2Fjoomscan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowasp%2Fjoomscan/lists"}