Open In App

Juumla – Tool Designed To Identify And Scan For Version, Config Files In The CMS Joomla

Last Updated : 23 Sep, 2021
Improve
Improve
Like Article
Like
Save
Share
Report

Juumla is an open-source content management system(CMS). It assists you to build powerful dynamic websites and applications. It has an automatic interface that helps you use its features and functionality to the whole. Juumla tool is an automated tool developed in the Python language which is used to identify the Joomla CMS Version running on the target domain. Juumla tool also scans the domains for vulnerabilities that can be present on the target domain server. Juumla tool also searches some config files on the domain which can have sensitive data. Juumla tool is available on the GitHub platform, it’s open-source and free-to-use. Juumla tool performs fast scanning on the target and used LOW CPU and RAM resources.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process – Python Installation Steps on Linux

Installation of Juumla Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/knightm4re/juumla.git

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd juumla

Step 3: You are in the directory of the Juumla. Now you have to install a dependency of the Juumla using the following command.

sudo pip3 install -r requirements.txt

Step 4: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.

python3 main.py -h

Working with Juumla Tool on Kali Linux OS

Example: Run Juumla on target

python3 main.py -u https://vdc.epson.com/

Juumla tool has detected the CMS of the target domain.

Joomla Version of the target domain is displayed in the below screenshot.

Juumla tool has identified some vulnerabilities in the target domain.


Similar Reads

Massc - Subdomain Scanner Tool Designed in JavaScript
Subdomain enumeration is the process of finding valid (resolvable) subdomains for one or more domain(s). The general system is to use a dictionary of common names, trying to resolve them. These detected subdomains can reveal crucial information about the target, which might not be present in the main domain. Massc tool is a Nodejs language-based to
3 min read
CMSsc4n - Tool to identify if a domain is a CMS
A content management system (CMS) is an application that is used to manage web content, allowing multiple givers to create, edit and publish. Content in a CMS is typically stored in a database and displayed in a presentation layer based on a set of templates. In the Security World, this CMS application can contain vulnerabilities that can compromis
3 min read
CMSeeK - CMS Detection and Exploitation Tool
A content management system (CMS) is an application that is used to manage web content, providing multiple givers to create, edit and publish. Content in a CMS is typically saved in a database and displayed in a presentation layer based on a set of templates. In the Security World, this CMS application can contain vulnerabilities that can compromis
3 min read
WPrecon - Vulnerability Recognition Tool In CMS WordPress
A vulnerability is a flaw that could compromise an information system or Web Application's confidentiality, integrity, or availability. Vulnerability identification involves the process of discovering vulnerabilities and documenting these into an inventory within the target environment. Vulnerability Recognition is the crucial step in penetration t
4 min read
CRLFuzz - A Linux Tool To Scan CRLF Vulnerability Written in Go
CRLF injection is a software application coding vulnerability that occurs when an attacker injects a CRLF character sequence where it is not expected. Checking the CRLF Vulnerability manually on the target domain becomes very complicated. So there should be an automated approach for studying the vulnerability. CRLFuzz is a computerized tool designe
4 min read
Scanless - Pentesting Tool to Perform Anonymous open Port Scan on Target Websites
The Information Gathering and Scanning phase is incomplete if the tester has not done Port Scanning or Port Detection on the target host. There can be some services that are running on a specific port. These services can be used to penetrate the host. To detect the active ports on the domain, there are various automated tools. Scanless is an automa
2 min read
Fast Google Dorks Scan - Automatic Dork Hacking Tool
Fast Google Dorks Scan also known as Google Dorking, is a hacker technique that employs Google Search and other Google tools to identify security flaws in website setup and computer code. The OSINT project's main goal is to gather all possible Google dorks search combinations and identify information about a certain website, such as common admin pa
2 min read
Oralyzer : Linux Tool To Identify Open Redirection
Open Redirection is the security vulnerability in a web-based application that causes it to fail to properly authenticate URLs. When any web-based application receives requests for URLs, they are supposed to prove that the requested URLs are an integral part of their domain. No other URLs should be redirected except the authenticated one. So there
4 min read
Kxss - Tool to to Identify XSS Vulnerable Parameters / Patterns
Cross-site scripting is a common vulnerability and bug, which is the trending vulnerability identified in most web-based applications. The attacker injects some malicious popup javascript code in input parameters or sometimes through file uploads. So periodically, website designers or developers validate the input fields by encoding and validating
4 min read
Snallygaster - Scan For Secret Files On HTTP Servers
Some of the files present on the server need to be kept safe from public access, as these can have a bunch of sensitive data like version details, certificates, API keys, and a lot more. So to identify these secret files we have an automated tool names snallygaster. Snallygaster tool is a fully automated cyber security tool that has the potential t
2 min read