joomscan - Joomla Scanner Vulnerability

joomscan - Joomla Scanner Vulnerability

review tools nya :

- Version enumerator
- Vulnerability enumerator (based on version)
- Components enumerator (1209 most popular by default)
- Components vulnerability enumerator (based on version)(+1030 exploit)
- Firewall detector
- Reporting to Text & HTML output
- Finding common log files
- Finding common backup files


cara install :

$ git clone https://github.com/rezasp/joomscan.git
$ cd joomscan
$ perl joomscan.pl

joomscan argument :

$ joomscan.pl [options]

--url | -u <URL>                |   The Joomla URL/domain to scan.
--enumerate-components | -ec    |   Try to enumerate components.

--cookie <String>               |   Set cookie.
--user-agent | -a <user-agent>  |   Use the specified User-Agent.
--random-agent | -r             |   Use a random User-Agent.
--timeout <time-out>            |   set timeout.
--about                         |   About Author
--update                        |   Update to the latest version.
--help | -h                     |   This help screen.
--version                       |   Output the current version and exit.

contoh cara memakai nya :

$ perl joomscan.pl --url www.example.com

atau bisa juga

$ perl joomscan.pl -u www.example.com

cara memakai Enumerate components

$ perl joomscan.pl --url www.example.com --enumerate-components

atau bisa juga

$ perl joomscan.pl -u www.example.com --ec

Joomscan setiap waktu bisa update , jadi kalau kita mau update sekalian ke versi yg paling terbaru bisa memakai command di bawah ini:

$ perl joomscan.pl --update

Thanks to kitploit.com