OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system. Furthermore, OWASP JoomScan provides a user-friendly interface and compiles the final reports in both text and HTML formats for ease of use and minimization of reporting overheads.
OWASP JoomScan is included in Kali Linux distributions.
$ git clone https://github.com/rezasp/joomscan.git
$ cd joomscan
$ perl joomscan.pl
For Docker installation and usage
# Build the docker image
docker build -t rezasp/joomscan .
# Run a new docker container with reports directory mounted at the host
docker run -it -v /path/to/reports:/home/joomscan/reports –name joomscan_cli rezasp/joomscan
# For accessing the docker container you can run the following command
docker run -it -v /path/to/reports:/home/joomscan/reports –name joomscan_cli –entrypoint /bin/bash rezasp/joomscan