JoomScan is a free and Open source tool available on GitHub. It’s a vulnerability scanner tool. This tool is written in perl programming language. When a website is being created developers knowingly or unknowingly do some mistakes in code. A hacker can take advantage of that vulnerability and can access the website data. Joomscan is a tool that can be used to find those vulnerabilities it is also called OWASP Joomla vulnerabilty scanner.
Uses of Joomla Scan :
- Joomla tool is used as a scanner.
- Joomla tool is used to find a vulnerability.
- Joomla tool is used to scan CMS.
- Joomla, WordPress can be scanned by JoomlaScan.
Installation and Step-by-Step tutorial :
OWASP JoomScan is included in Kali Linux distributions.
Step 1: Open you terminal of kali Linux and move to the desktop and Now create a new directory called joomla using the following command.
cd Desktop mkdir joomla cd joomla
Step 2: Now you are under joomla directory here you have to download and install joom tool from GitHub now go to GitHub and search for joom tool .or clone it using the following command.
git clone https://github.com/rezasp/joomscan.git
Step 3: The tool has been downloaded in the joom directory and moves the joomscan dir.
ls cd joomscan
Step 4: Now you have to run the tool using the following command.
perl joomscan.pl -u www.website.com Enumerate installed components... : perl joomscan.pl -u www.website.com --ec Set cookie : perl joomscan.pl --url www.website.com --cookie "test=demo;" Set proxy : perl joomscan.pl -u www.website.com --proxy https://127.0.0.1:443 Set user-agent : perl joomscan.pl -u www.webiste.com -a "Googlebot/2.1 (+http://www.webiste.com/bot.html)" Set random user-agent : perl joomscan.pl --url www.website.com -r
Let’s scan google.com:
perl joomscan.pl -u www.google.com