Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/giovanni-iannaccone/jinjector

Joomla modules backdoor injector 🚪
https://github.com/giovanni-iannaccone/jinjector

backdoor golang golang-hacking hacking injection injector joomla joomla-hacking joomla-module php-backdoor

Last synced: about 9 hours ago
JSON representation

Joomla modules backdoor injector 🚪

Host: GitHub
URL: https://github.com/giovanni-iannaccone/jinjector
Owner: giovanni-iannaccone
License: gpl-3.0
Created: 2024-11-03T09:38:59.000Z (16 days ago)
Default Branch: main
Last Pushed: 2024-11-06T18:35:55.000Z (13 days ago)
Last Synced: 2024-11-06T19:36:32.758Z (13 days ago)
Topics: backdoor, golang, golang-hacking, hacking, injection, injector, joomla, joomla-hacking, joomla-module, php-backdoor
Language: Go
Homepage:
Size: 35.2 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

Logo

( It's pronounced "J in jek′tər" - J injector )

Jinjector is a powerful tool written in Go, designed to inject backdoors into Joomla modules effortlessly. Using this tool, you can easily insert a PHP reverse shell into a Joomla module's main file, allowing a connection back to a specified IP and port whenever the module is triggered. This is perfect for penetration testers or researchers aiming to simulate real-world scenarios.

> [!CAUTION]
> This tool is intended for educational and ethical testing purposes only. Unauthorized use of this tool on live systems without permission is illegal and unethical.

## ✨ Features
- Automatic file discovery: Extracts information from the Joomla XML manifest file to locate the main file.
- Stealthy injection: Injects a PHP reverse shell that connects back to your specified IP and port.
- Ease of use: Specify your IP, port, and the module directory, and let Jinjector handle the rest.

## 📦 Requirements
- Go
- Joomla module directory (with a valid manifest.xml file)

## 🛠️ Installation
1. Clone the repository
```bash
git clone https://github.com/giovanni-iannaccone/Jinjector
cd Jinjector
```
2. Build
```bash
cd cmd
go build -o jinjector
```

## 🚀 Usage
Screenshot
Start the program, enter your ip, your port and the module path

## 🌍 How It Works
**Manifest Extraction**: Jinjector parses the XML file in the given module directory to identify the main PHP file.
**Payload Injection**: Once located, it appends a PHP reverse shell payload to the main file.
**Connection Setup**: Every time the infected Joomla module is used, it attempts to establish a connection to your IP and port.

## ⚡️ Reverse Shell Code
The reverse shell code injected is just a proof of concept, designed to open a connection to the specified IP and port. You can modify the payload if needed for specific testing purposes (backdoor.php file)
I used the pentestmonkey php reverse shell

## 🧩 Contributing
We welcome contributions! Please follow these steps:

1. Fork the repository.
2. Create a new branch ( using this convention).
3. Make your changes and commit them with descriptive messages.
4. Push your changes to your fork.
5. Create a pull request to the main repository.

## ⚖ License
This project is licensed under the GPL-3.0 License. See the LICENSE file for details.

## ⚔ Contact
- For any inquiries or support, please contact [email protected] .
- Visit my site for more informations about me and my work https://giovanni-iannaccone.github.io

🐞 Happy Hacking ...