OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system.




Automated ...
*Version enumerator
*Vulnerability enumerator (based on version)
*Components enumerator (1209 most popular by default)
*Components vulnerability enumerator (based on version)(+1030 exploit)
*Firewall detector
*Reporting to Text & HTML output
*Finding common log files
*Finding common backup files

How to install

Run the script

  • perl joomscan.pl

How to use

1. Display the menu

  • joomscan --help

2. Basic scan

  • joomscan --url

3. You can enumerate components using “-ec” option

  • joomscan --url -ec

4. Using an existing cookie

  • joomscan --url --cookie=74n2dshlg2gp2nmv0emvqltfv1

5. Spoof user agent

  • joomscan --url --user-agent Mozilla/5.0

6. Use a random value for spoofed user agent

  • joomscan --url --random-agent

7. Set a time out value, in this case (1)

  • joomscan --url --timeout 1


Script information

1. Know about the author

  • joomscan --about

2. know the version

  • joomscan --version