This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Joomla Vulnerability Scanner Usage
From OWASP
Usage: joomscan.pl [options]
--url | -u <URL> | The Joomla URL/domain to scan.
--enumerate-components | -ec | Try to enumerate components.
--cookie <String> | Set cookie.
--user-agent | -a <User-Agent> | Use the specified User-Agent.
--random-agent | -r | Use a random User-Agent.
--timeout <Time-Out> | Set timeout.
--about | About Author
--update | Update to the latest version.
--help | -h | This help screen.
--version | Output the current version and exit.
Do default checks:
perl joomscan.pl -u www.example.com
or
perl joomscan.pl --url www.example.com
Enumerate installed components:
perl joomscan.pl --url www.example.com --enumerate-components
or
perl joomscan.pl -u www.example.com --ec
Set cookie:
perl joomscan.pl --url www.example.com --cookie "test=demo;"
Set user-agent:
perl joomscan.pl --url www.example.com --user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"
or
perl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"
Set random user-agent:
perl joomscan.pl -u www.example.com --random-agent
or
perl joomscan.pl --url www.example.com -r
Update Joomscan:
perl joomscan.pl --update
