Joomscan is a scanner by OWASP, which aims to automate the task for vulnerability assessments for Joomla based sites. Based in perl, this tool can enumerate the version, vulnerabilities, components, firewalls and more, all in one friendly to use interface.
Installing Joomscan
First, let’s clone the repository to our machine.
git clone https://github.com/rezasp/joomscan.git
All the components are set, if you have perl already installed in your machine you are good to go.
Running Joomscan
Joomscan scanner is pretty easy to use, just type the target and it will automate all the tasks for you.
cd joomscan/ perl joomscan.pl
Let’s try it against a target which is running Joomla to see what results we get. Also we will enumerate all the components with the ‘-ec‘ option. Give it some time to list you all the data.
peri joomlscan.pl -u <target> -ec
Some of the info we got is that the CMS is not behind a firewall. Also we got some administrator directories, which it might be helpful later. We got a big list of all the components too. The final report is also saved to check it later.
