Joomscan: How to detect the flaws of a joomla site?

Joomscan Security Scanner is an audit tool websites for joomla, it is written in perl and is capable of detecting more than 550 vulnerabilities such as file inclusions, SQL injections, RFI flaws, LFI, XSS, blind sql injection, directories and other protection.

Joomscan is intended for computer professionals, administrators of websites with Joomla and not forgetting the hackers.



The main features of joomscan

Detecting the version Jommla.
Detection and enumeration of the components, and vulnerable plugin modules.
Displaying a defensive rating properly secure its website.

Installing Joomscan

Joomscan is available with Linux distribution backtrack 5. If you have a Windows computer then I advise you before going further install a Linux distribution (like BackTrack) on a virtual machine. Just download a VMware image and Backtrack 5 R1. Joomscan is already pre-installed on it.
If you have another distribution then you can always download it from this link:

http://web-center.si/joomscan/joomscan.tar.gz

And as it is programmed in perl, you will need to install some libraries:

 Apt-get install perl libwww-perl libtest-www-mechanize-perl

How to use Joomscan?

After installing Joomscan, the analysis starts with a command line, passing as argument the domain of your site:

# cd pentest/web/scanners/joomscan

# perl joomscan.pl –u  monsite.com


After analysis, joomscan deducted version of our portal joomla.


Then he shows us vulnerable components and a description of each vulnerability that can be easily exploited by a hacker.


In my case I found four vulnerabilities on my website joomla, not bad. 😀
That's why I suggest you take a sedative before running the tool if you audit your own site. 😀


If not for correcting found vulnerabilities, it depends on the type of the fault. For me, it took me only some updating and deactivating a component and everything returned to normal.

You can also display a small defensive note, it is very useful to properly secure its site joomla.

#  perl joomscan.pl defense

There is other options for optional joomscan as:

-x= if you like to use a proxy
-ot = copy the analysis result to a txt file
-oh = copy the result of the analysis to an html webpage

Enjoy using this tool, remember to make regular backups of your site and take action before it was too late. :)

Remember that the best support for this blog is to like and share our articles! 😉
Previous
Next Post »