joomscan 介绍

Joomla!可能在CMS是最广泛使用的,由于其灵活性,用户友好性,可扩展,仅举几例。所以,看它的脆弱性,加上这些漏洞的KB到Joomla扫描仪需要持续进行的活动。这将帮助Web开发人员和网站管理员,以帮助确定他们的部署的Joomla可能存在网站的安全弱点!。

以下功能目前可供选择:

资料来源
joomscan 首页
joomscan 源代码版本库

包含在joomscan包工具

joomscan - OWASP的Joomla漏洞扫描项目
:~# joomscan

 ..|''||   '|| '||'  '|'     |      .|'''.|  '||''|.
.|'    ||   '|. '|.  .'     |||     ||..  '   ||   ||
||      ||   ||  ||  |     |  ||     ''|||.   ||...|'
'|.     ||    ||| |||     .''''|.  .     '||  ||
 ''|...|'      |   |     .|.  .||. |'....|'  .||.

=================================================================
 OWASP Joomla! Vulnerability Scanner v0.0.4
 (c) Aung Khant, aungkhant]at[yehg.net
 YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab
 Update by: Web-Center, http://web-center.si (2011)
=================================================================

 Vulnerability Entries: 611
 Last update: February 2, 2012

 Usage:  ./joomscan.pl -u <string> -x proxy:port
         -u <string>      = joomla Url

         ==Optional==

         -x <string:int>  = proXy to tunnel
         -c <string>      = Cookie (name=value;)
         -g "<string>"    = desired useraGent string(within ")
         -nv              = No Version fingerprinting check
         -nf              = No Firewall detection check
         -nvf/-nfv        = No version+firewall check
         -pe          = Poke version only and Exit
         -ot              = Output to Text file (target-joexploit.txt)
         -oh              = Output to Html file (target-joexploit.htm)
         -vu              = Verbose (output every Url scan)
     -sp          = Show completed Percentage

 ~Press ENTER key to continue

 Example:  ./joomscan.pl -u victim.com -x localhost:8080

 Check:    ./joomscan.pl check
           - Check if the scanner update is available or not.

 Update:   ./joomscan.pl update
           - Check and update the local database if newer version is available.

 Download: ./joomscan.pl download
           - Download the scanner latest version as a single zip file - joomscan-latest.zip.

 Defense:  ./joomscan.pl defense
           - Give a defensive note.

 About:    ./joomscan.pl story
           - A short story about joomscan.

 Read:     ./joomscan.pl read DOCFILE
           DOCFILE - changelog,release_note,readme,credits,faq,owasp_project

joomscan 用法示例

Joomla扫描指定的URL(-u http://192.168.1.202/joomla)的漏洞:

:~# joomscan -u http://192.168.1.202/joomla

 ..|''||   '|| '||'  '|'     |      .|'''.|  '||''|.
.|'    ||   '|. '|.  .'     |||     ||..  '   ||   ||
||      ||   ||  ||  |     |  ||     ''|||.   ||...|'
'|.     ||    ||| |||     .''''|.  .     '||  ||
 ''|...|'      |   |     .|.  .||. |'....|'  .||.

=================================================================
OWASP Joomla! Vulnerability Scanner v0.0.4  
(c) Aung Khant, aungkhant]at[yehg.net
YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab
Update by: Web-Center, http://web-center.si (2011)
=================================================================

Vulnerability Entries: 673
Last update: October 22, 2012

Use "update" option to update the database
Use "check" option to check the scanner update
Use "download" option to download the scanner latest version package
Use svn co to update the scanner and the database
svn co https://joomscan.svn.sourceforge.net/svnroot/joomscan joomscan

Target: http://192.168.1.202/joomla

Server: Apache/2.2.22 (Debian)
X-Powered-By: PHP/5.4.4-14+deb7u9

## Checking if the target has deployed an Anti-Scanner measure

[!] Scanning Passed ..... OK

## Detecting Joomla! based Firewall ...

[!] No known firewall detected!

br> ## Fingerprinting in progress ...

Use of uninitialized value in pattern match (m//) at ./joomscan.pl line 1009.
~Unable to detect the version. Is it sure a Joomla?

## Fingerprinting done.

Vulnerabilities Discovered
==========================

# 1
Info -> Generic: htaccess.txt has not been renamed.
Versions Affected: Any
Check: /htaccess.txt
Exploit: Generic defenses implemented in .htaccess are not available, so exploiting is more likely to succeed.
Vulnerable? Yes