Joomscan is a scanner by OWASP, intended to automate the task of vulnerability assessment of Joomla-based sites. This Perl-based tool enumerates versions, vulnerabilities, components, firewalls, and more all in one easy-to-use interface.
Install Joomscan
First, let’s clone the repository to our machine.
git clone https://github.com/rezasp/joomscan.git
All components are set. If you already have perl installed on your machine, you are good to go.
Run Joomscan
The Joomscan scanner is very easy to use, just enter your target and it will automate all your tasks.
cd joomscan/ perl joomscan.pl
Try it against a target running Joomla and see what you get. Also, enumerate all components with ‘.-ec‘ Optional. Please wait a moment for all the data to be listed.
peri joomlscan.pl -u <target> -ec
Part of the information we got is that the CMS is not behind a firewall. I also got some admin directories that might be useful later. I also got a big list of all components. The final report is also saved for later review.
How would you rate Bunny?
Joomscan makes the vulnerability assessment process for Joomla sites very easy and hassle-free. The interface is simple and allows you to obtain a variety of information that can be used to exploit your target. However, the evaluation should not be based on a single tool. This tool 3.5 of 5 bunnies.
Want to know more about ethical hacking?
OSCP-level network hacking courses with special discounts here
Support LHN by purchasing a t-shirt or mug.
check out our selection here
Do you know of another GitHub-related hacking tool?
If you would like to explore other GitHub ethical hacking tools, please contact us via the contact form.
