JoomlaVS - A Black Box, Ruby Powered, Joomla Vulnerability Scanner

JoomlaVS - A Black Box, Ruby Powered, Joomla Vulnerability Scanner

JoomlaVS is a black box, Ruby powered application that can help automate assessing how vulnerable a Joomla installation is to exploitation. It supports basic fingerprinting and can scan for vulnerabilities in components, modules, and templates as well as vulnerabilities that exist within Joomla itself.

Installation

JoomlaVS has so far only been tested on Debian, but the installation process should be similar across most operating systems.
  1. Ensure Ruby [2.2.6 or above] is installed on your system
  2. Clone the source code using git clone https://github.com/rastating/joomlavs.git
  3. Install bundler and required gems using sudo gem install bundler && bundle install

    If you have issues installing JoomlaVS' dependencies (in particular, Nokogiri), first make sure you have all the tooling necessary to compile C extensions:
    sudo apt-get install build-essential patch

    It's possible that you don’t have important development header files installed on your system. Here’s what you should do if you should find yourself in this situation:
    sudo apt-get install ruby-dev zlib1g-dev liblzma-dev libcurl4-openssl-dev

    How To Use JoomlaVS

    The only required option is the -u / --url option, which specifies the address to target. To do a full scan, however, the --scan-all option should also be specified, e.g. ruby joomlavs.rb -u yourjoomlatarget.com --scan-all.

    A full list of options can be found below:
    usage: joomlavs.rb [options]
    Basic options
    -u, --url The Joomla URL/domain to scan.
    --basic-auth <username:password> The basic HTTP authentication credentials
    -v, --verbose Enable verbose mode
    Enumeration options
    -a, --scan-all Scan for all vulnerable extensions
    -c, --scan-components Scan for vulnerable components
    -m, --scan-modules Scan for vulnerable modules
    -t, --scan-templates Scan for vulnerable templates
    -q, --quiet Scan using only passive methods
    Advanced options
    --follow-redirection Automatically follow redirections
    --no-colour Disable colours in output
    --proxy <[protocol://]host:port> HTTP, SOCKS4 SOCKS4A and SOCKS5
    are supported. If no protocol is given, HTTP will be used
    --proxy-auth <username:password> The proxy authentication credentials
    --threads The number of threads to use when multi-threading requests
    --user-agent The user agent string to send with all requests




    Source: www.effecthacking.com
    JoomlaVS - A Black Box, Ruby Powered, Joomla Vulnerability Scanner JoomlaVS - A Black Box, Ruby Powered, Joomla Vulnerability Scanner Reviewed by Dump3R H3id3gg3R on 12:04 AM Rating: 5