https://github.com/pepelux/joomlascan
Joomla version and modules scanner
https://github.com/pepelux/joomlascan
joomla joomla-scanner scanner scanner-web vulnerability-scanners webscanner
Last synced: about 1 month ago
JSON representation
Joomla version and modules scanner
- Host: GitHub
- URL: https://github.com/pepelux/joomlascan
- Owner: Pepelux
- License: gpl-3.0
- Created: 2018-08-13T16:17:23.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2018-08-14T12:07:04.000Z (over 7 years ago)
- Last Synced: 2025-06-03T22:05:59.830Z (6 months ago)
- Topics: joomla, joomla-scanner, scanner, scanner-web, vulnerability-scanners, webscanner
- Language: Perl
- Size: 71.3 KB
- Stars: 3
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
README
# JoomlaScan
Joomla Scan v1.5 :: by Pepelux
------------------------------
Joomla Scan is a Joomla! vulnerability scanner. Steps used are:
Identification of components
----------------------------
To identify components installed the program checks index page and search for 'option=com_'
Identification of version
-------------------------
To identify Joomla! version performs several checks in files to search revision date and ID.
Files checked for SVN updates are /htaccess.txt, /configuration.php-dist, /includes/js/joomla.javascript.js, /libraries/joomla/template/tmpl/adminlists.html, /language/en-GB/en-GB.com_media.ini and //language/en-GB/en-GB.com_media.ini.
Also are checked some files that appear and disappear in different versions.
Fingerprinting is based in JoomScan (http://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project). This is a very nice perl script but last update is of August 2009.
To calculate Joomla! version I check ID revision of files and compare with date of new versions (http://es.wikipedia.org/wiki/Joomla!), also check changes in revisions (http://joomlacode.org/gf/project/joomla/scmsvn/?action=browse&path=/development/trunk/) and analyze code of old Joomla! versions.
Identification of firewall
--------------------------
To identify a possible firewall installed in Joomla! it checks any directories: /components/com_rsfirewall/, /components/com_rsfirewall/, /components/com_firewall/, and /components/com_firewall/.
Display possible vulnerabilities in core and compoments for the version used
----------------------------------------------------------------------------
The program use a bugs database of Joomla!. This database is based in advisories of SecurityFocus (http://www.securityfocus.com/) and ExploitDB (http://www.exploit-db.com/). When starts it checks for new updates. I'll try to maintain the database updated with new advisories :)
This program is for educational purposes only. I'm not responsable for a bad use.