joomscan

28 марта 2019 в Web Applications

Описание пакета JoomScan

OWASP JoomScan (сокращение от [Joom] la Vulnerability [Scan] ner) - это проект с открытым исходным кодом на языке программирования Perl, позволяющий обнаруживать уязвимости Joomla CMS и анализировать их.

Почему OWASP JoomScan?
Если вы хотите провести тест на проникновение в Joomla CMS, OWASP JoomScan - ваш лучший снимок! Этот проект работает быстрее, чем когда-либо, и обновляется с учетом последних уязвимостей Joomla.

Инструменты, включенные в пакет joomscan

joomscan - проект сканера уязвимостей OWASP Joomla

root@kali:~# joomscan --help
          ____  _____  _____  __  __  ___   ___    __    _  _
         (_  _)(  _  )(  _  )(  \/  )/ __) / __)  /__\  ( \( )
        .-_)(   )(_)(  )(_)(  )    ( \__ \( (__  /(__)\  )  (
        \____) (_____)(_____)(_/\/\_)(___/ \___)(__)(__)(_)\_)
                  (1337.today)
         
          --=[OWASP JoomScan
          +---++---==[Version : 0.0.7
          +---++---==[Update Date : [2018/09/23]
          +---++---==[Authors : Mohammad Reza Espargham , Ali Razmjoo
          --=[Code name : Self Challenge
          @OWASP_JoomScan , @rezesp , @Ali_Razmjo0 , @OWASP
      
         
      
      Help :
      
      Usage:  joomscan [options]
      
      --url | -u                 |   The Joomla URL/domain to scan.
      --enumerate-components | -ec    |   Try to enumerate components.
      
      --cookie                |   Set cookie.
      --user-agent | -a   |   Use the specified User-Agent.
      --random-agent | -r             |   Use a random User-Agent.
      --timeout             |   Set timeout.
      --proxy=PROXY                   |   Use a proxy to connect to the target URL
                 Proxy example: --proxy http://127.0.0.1:8080
                                        https://127.0.0.1:443
                                        socks://127.0.0.1:414
                                       
      --about                         |   About Author
      --help | -h                     |   This help screen.
      --version                       |   Output the current version and exit.

Пример использования joomscan

Сканирование установки Joomla по указанному URL (-u http://192.168.1.202/joomla) на наличие уязвимостей:

root@kali:~# joomscan -u http://localhost/
          ____  _____  _____  __  __  ___   ___    __    _  _
         (_  _)(  _  )(  _  )(  \/  )/ __) / __)  /__\  ( \( )
        .-_)(   )(_)(  )(_)(  )    ( \__ \( (__  /(__)\  )  (
        \____) (_____)(_____)(_/\/\_)(___/ \___)(__)(__)(_)\_)
            (1337.today)
         
          --=[OWASP JoomScan
          +---++---==[Version : 0.0.5
          +---++---==[Update Date : [2018/03/13]
          +---++---==[Authors : Mohammad Reza Espargham , Ali Razmjoo
          --=[Code name : KLOT
          @OWASP_JoomScan , @rezesp , @Ali_Razmjo0 , @OWASP
      
      Processing http://localhost/ ...
      
      
      
      [+] Detecting Joomla Version
      [++] Joomla 3.8.6
      
      [+] Core Joomla Vulnerability
      [++] Target Joomla core is not vulnerable
      
      [+] Checking Directory Listing
      [++] directory has directory listing :
      http://localhost/administrator/components
      http://localhost/administrator/modules
      http://localhost/administrator/templates
      http://localhost/images/banners
      
      
      [+] Checking apache info/status files
      [++] Interesting file is found
      http://localhost/server-status
      
      [+] admin finder
      [++] Admin page : http://localhost/administrator/
      
      [+] Checking robots.txt existing
      [++] robots.txt is found
      path : http://localhost/robots.txt
      
      Interesting path found from robots.txt
      http://localhost/joomla/administrator/
      http://localhost/administrator/
      http://localhost/bin/
      http://localhost/cache/
      http://localhost/cli/
      http://localhost/components/
      http://localhost/includes/
      http://localhost/installation/
      http://localhost/language/
      http://localhost/layouts/
      http://localhost/libraries/
      http://localhost/logs/
      http://localhost/modules/
      http://localhost/plugins/
      http://localhost/tmp/
      
      
      [+] Finding common backup files name
      [++] Backup files are not found
      
      [+] Finding common log files name
      [++] error log is not found
      
      [+] Checking sensitive config.php.x file
      [++] Readable config files are not found
      
      
      Your Report : reports/localhost/
      root@kali:~#
      root@kali:~# ls /usr/share/joomscan/reports/localhost/
      localhost_report_2018-3-19_at_8.37.58.html  localhost_report_2018-3-19_at_8.37.58.txt
      root@kali:~#