joomlavs: black box Joomla vulnerability scanner – Penetration Testing

JoomlaVS is a Ruby application that can help automate assessing how vulnerable a Joomla installation is to exploitation. It supports basic finger printing and can scan for vulnerabilities in components, modules and templates as well as vulnerabilities that exist within Joomla itself.

Installation

sudo apt-get install build-essential patch
sudo apt-get install ruby-dev zlib1g-dev liblzma-dev libcurl4-openssl-dev

Ensure Ruby [2.2.6 or above] is installed on your system
Clone the source code using git clone http://ift.tt/1kTiAJg
Install bundler and required gems using sudo gem install bundler && bundle install

Usage

usage: joomlavs.rb [options]
Basic options
-u, –url The Joomla URL/domain to scan.
–basic-auth The basic HTTP authentication credentials
-v, –verbose Enable verbose mode
Enumeration options
-a, –scan-all Scan for all vulnerable extensions
-c, –scan-components Scan for vulnerable components
-m, –scan-modules Scan for vulnerable modules
-t, –scan-templates Scan for vulnerable templates
-q, –quiet Scan using only passive methods
Advanced options
–follow-redirection Automatically follow redirections
–no-colour Disable colours in output
–proxy HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given, HTTP will be used
–proxy-auth The proxy authentication credentials
–threads The number of threads to use when multi-threading requests
–user-agent The user agent string to send with all requests

Source: Github

The post joomlavs: black box Joomla vulnerability scanner appeared first on Penetration Testing. http://ift.tt/2qYK4QK http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s