Installation

JoomlaVS has so far only been tested on Debian, but the installation process should be similar across most operating systems.

1. Ensure Ruby [2.2.6 or above] is installed on your system
2. Clone the source code using git clone https://github.com/rastating/joomlavs.git
3. Install bundler and required gems using sudo gem install bundler && bundle install

If you have issues installing JoomlaVS' dependencies (in particular, Nokogiri), first make sure you have all the tooling necessary to compile C extensions:

sudo apt-get install build-essential patch

It's possible that you don’t have important development header files installed on your system. Here’s what you should do if you should find yourself in this situation:

sudo apt-get install ruby-dev zlib1g-dev liblzma-dev libcurl4-openssl-dev

How To Use JoomlaVS

A full list of options can be found below:

usage: joomlavs.rb [options]
 Basic options
     -u, --url              The Joomla URL/domain to scan.
     --basic-auth           <username:password> The basic HTTP authentication credentials
     -v, --verbose          Enable verbose mode
 Enumeration options
     -a, --scan-all         Scan for all vulnerable extensions
     -c, --scan-components  Scan for vulnerable components
     -m, --scan-modules     Scan for vulnerable modules
     -t, --scan-templates   Scan for vulnerable templates
     -q, --quiet            Scan using only passive methods
 Advanced options
     --follow-redirection   Automatically follow redirections
     --no-colour            Disable colours in output
     --proxy                <[protocol://]host:port> HTTP, SOCKS4 SOCKS4A and SOCKS5 
                            are supported. If no protocol is given, HTTP will be used
     --proxy-auth           <username:password> The proxy authentication credentials
     --threads              The number of threads to use when multi-threading requests
     --user-agent           The user agent string to send with all requests