kali工具箱

joomscan Package Description

Joomla! is probably the most widely-used CMS out there due to its flexibility, user-friendlinesss, extensibility to name a few. So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity. It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites.

The following features are currently available:

Exact version Probing (the scanner can tell whether a target is running version 1.5.12)
Common Joomla! based web application firewall detection
Searching known vulnerabilities of Joomla! and its components
Reporting to Text & HTML output
Immediate update capability via scanner or svn

Source: https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project
joomscan Homepage | Kali joomscan Repo

Author: Aung Khant, OWASP.org
License: GPLv3

Tools included in the joomscan package

joomscan – OWASP Joomla Vulnerability Scanner Project

[email protected]:~# joomscan





 ..|''||   '|| '||'  '|'     |      .|'''.|  '||''|.

.|'    ||   '|. '|.  .'     |||     ||..  '   ||   ||

||      ||   ||  ||  |     |  ||     ''|||.   ||...|'

'|.     ||    ||| |||     .''''|.  .     '||  ||

 ''|...|'      |   |     .|.  .||. |'....|'  .||.





=================================================================

 OWASP Joomla! Vulnerability Scanner v0.0.4

 (c) Aung Khant, aungkhant]at[yehg.net

 YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab

 Update by: Web-Center, http://web-center.si (2011)

=================================================================



 Vulnerability Entries: 611

 Last update: February 2, 2012



 Usage:  ./joomscan.pl -u <string> -x proxy:port

         -u <string>      = joomla Url



         ==Optional==



         -x <string:int>  = proXy to tunnel

         -c <string>      = Cookie (name=value;)

         -g "<string>"    = desired useraGent string(within ")

         -nv              = No Version fingerprinting check

         -nf              = No Firewall detection check

         -nvf/-nfv        = No version+firewall check

         -pe          = Poke version only and Exit

         -ot              = Output to Text file (target-joexploit.txt)

         -oh              = Output to Html file (target-joexploit.htm)

         -vu              = Verbose (output every Url scan)

     -sp          = Show completed Percentage



 ~Press ENTER key to continue



 Example:  ./joomscan.pl -u victim.com -x localhost:8080



 Check:    ./joomscan.pl check

           - Check if the scanner update is available or not.



 Update:   ./joomscan.pl update

           - Check and update the local database if newer version is available.



 Download: ./joomscan.pl download

           - Download the scanner latest version as a single zip file - joomscan-latest.zip.



 Defense:  ./joomscan.pl defense

           - Give a defensive note.



 About:    ./joomscan.pl story

           - A short story about joomscan.



 Read:     ./joomscan.pl read DOCFILE

           DOCFILE - changelog,release_note,readme,credits,faq,owasp_project

joomscan Usage Example

Scan the Joomla installation at the given URL (-u http://192.168.1.202/joomla) for vulnerabilities:

[email protected]:~# joomscan -u http://192.168.1.202/joomla





 ..|''||   '|| '||'  '|'     |      .|'''.|  '||''|.  

.|'    ||   '|. '|.  .'     |||     ||..  '   ||   || 

||      ||   ||  ||  |     |  ||     ''|||.   ||...|' 

'|.     ||    ||| |||     .''''|.  .     '||  ||      

 ''|...|'      |   |     .|.  .||. |'....|'  .||.     

    

 

=================================================================

OWASP Joomla! Vulnerability Scanner v0.0.4  

(c) Aung Khant, aungkhant]at[yehg.net

YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab

Update by: Web-Center, http://web-center.si (2011)

=================================================================





Vulnerability Entries: 673

Last update: October 22, 2012



Use "update" option to update the database

Use "check" option to check the scanner update

Use "download" option to download the scanner latest version package

Use svn co to update the scanner and the database

svn co https://joomscan.svn.sourceforge.net/svnroot/joomscan joomscan 





Target: http://192.168.1.202/joomla



Server: Apache/2.2.22 (Debian)

X-Powered-By: PHP/5.4.4-14+deb7u9





## Checking if the target has deployed an Anti-Scanner measure



[!] Scanning Passed ..... OK 





## Detecting Joomla! based Firewall ...



[!] No known firewall detected!





## Fingerprinting in progress ...



Use of uninitialized value in pattern match (m//) at ./joomscan.pl line 1009.

~Unable to detect the version. Is it sure a Joomla? 



## Fingerprinting done.









Vulnerabilities Discovered

==========================



# 1

Info -> Generic: htaccess.txt has not been renamed. 

Versions Affected: Any

Check: /htaccess.txt

Exploit: Generic defenses implemented in .htaccess are not available, so exploiting is more likely to succeed.

Vulnerable? Yes