joomscan包装说明

的Joomla!可能是最广泛使用的CMS在那里,由于其灵活性,用户friendlinesss,可扩展到仅举几例。所以,看它的脆弱性,加上这些漏洞的KB到Joomla扫描仪需要持续进行的活动。这将帮助Web开发人员和网站管理员,以帮助确定他们的部署的Joomla可能存在的安全弱点!网站。

以下功能目前可供选择:

  • 确切版本探测(扫描仪可以告诉一个目标是否正在运行1.5.12版本)
  • 常见的Joomla!基于Web应用防火墙检测
  • 搜索的Joomla已知的漏洞!及其部件
  • 报告以文本和HTML输出
  • 通过扫描仪或svn立即更新能力

资料来源:https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project
joomscan首页 | 卡利joomscan回购

  • 作者:昂Khant,OWASP.org
  • 许可:GPLv3的

包含在joomscan包工具

joomscan - OWASP的Joomla漏洞扫描项目
[email protected]:~# joomscan


 ..|''||   '|| '||'  '|'     |      .|'''.|  '||''|.
.|'    ||   '|. '|.  .'     |||     ||..  '   ||   ||
||      ||   ||  ||  |     |  ||     ''|||.   ||...|'
'|.     ||    ||| |||     .''''|.  .     '||  ||
 ''|...|'      |   |     .|.  .||. |'....|'  .||.


=================================================================
 OWASP Joomla! Vulnerability Scanner v0.0.4
 (c) Aung Khant, aungkhant]at[yehg.net
 YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab
 Update by: Web-Center, http://web-center.si (2011)
=================================================================

 Vulnerability Entries: 611
 Last update: February 2, 2012

 Usage:  ./joomscan.pl -u <string> -x proxy:port
         -u <string>      = joomla Url

         ==Optional==

         -x <string:int>  = proXy to tunnel
         -c <string>      = Cookie (name=value;)
         -g "<string>"    = desired useraGent string(within ")
         -nv              = No Version fingerprinting check
         -nf              = No Firewall detection check
         -nvf/-nfv        = No version+firewall check
         -pe          = Poke version only and Exit
         -ot              = Output to Text file (target-joexploit.txt)
         -oh              = Output to Html file (target-joexploit.htm)
         -vu              = Verbose (output every Url scan)
     -sp          = Show completed Percentage

 ~Press ENTER key to continue

 Example:  ./joomscan.pl -u victim.com -x localhost:8080

 Check:    ./joomscan.pl check
           - Check if the scanner update is available or not.

 Update:   ./joomscan.pl update
           - Check and update the local database if newer version is available.

 Download: ./joomscan.pl download
           - Download the scanner latest version as a single zip file - joomscan-latest.zip.

 Defense:  ./joomscan.pl defense
           - Give a defensive note.

 About:    ./joomscan.pl story
           - A short story about joomscan.

 Read:     ./joomscan.pl read DOCFILE
           DOCFILE - changelog,release_note,readme,credits,faq,owasp_project

joomscan用法示例

扫描的Joomla安装在给定的URL(-u http://192.168.1.202/joomla)的漏洞:

[email protected]:~# joomscan -u http://192.168.1.202/joomla


 ..|''||   '|| '||'  '|'     |      .|'''.|  '||''|.  
.|'    ||   '|. '|.  .'     |||     ||..  '   ||   ||
||      ||   ||  ||  |     |  ||     ''|||.   ||...|'
'|.     ||    ||| |||     .''''|.  .     '||  ||      
 ''|...|'      |   |     .|.  .||. |'....|'  .||.    
   
 
=================================================================
OWASP Joomla! Vulnerability Scanner v0.0.4  
(c) Aung Khant, aungkhant]at[yehg.net
YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab
Update by: Web-Center, http://web-center.si (2011)
=================================================================


Vulnerability Entries: 673
Last update: October 22, 2012

Use "update" option to update the database
Use "check" option to check the scanner update
Use "download" option to download the scanner latest version package
Use svn co to update the scanner and the database
svn co https://joomscan.svn.sourceforge.net/svnroot/joomscan joomscan


Target: http://192.168.1.202/joomla

Server: Apache/2.2.22 (Debian)
X-Powered-By: PHP/5.4.4-14+deb7u9


## Checking if the target has deployed an Anti-Scanner measure

[!] Scanning Passed ..... OK


## Detecting Joomla! based Firewall ...

[!] No known firewall detected!


## Fingerprinting in progress ...

Use of uninitialized value in pattern match (m//) at ./joomscan.pl line 1009.
~Unable to detect the version. Is it sure a Joomla?

## Fingerprinting done.




Vulnerabilities Discovered
==========================

# 1
Info -> Generic: htaccess.txt has not been renamed.
Versions Affected: Any
Check: /htaccess.txt
Exploit: Generic defenses implemented in .htaccess are not available, so exploiting is more likely to succeed.
Vulnerable? Yes