This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Category:OWASP Joomla Vulnerability Scanner Project

From OWASP
Revision as of 15:50, 3 March 2014 by Grégoire Paris (talk | contribs) (add missing requirement)

Jump to: navigation, search


OWASP Inactive Banner.jpg

Main

Overview

Joomla! is probably the most widely-used CMS out there due to its flexibility, user-friendlinesss, extensibility to name a few.So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites. No web security scanner is dedicated only one CMS.

License

OWASP Joomla Vulnerability Scanner is released under the GNU GENERAL PUBLIC LICENSE Version 3. For further information on OWASP licenses, please consult the OWASP Licenses page.

Downloads

Primary Source to download the latest.

Secondary Source to download the latest.

Current Features

The following features are currently available.

  • Exact version Probing (the scanner can tell whether a target is running version 1.5.12)
  • Common Joomla! based web application firewall detection
  • Searching known vulnerabilities of Joomla! and its components
  • Reporting to Text & HTML output
  • Immediate update capability via scanner or svn

Advantage over a Generic Vulnerability Scanner

  • Faster because it won't fuzz all requests like a generic scanner
  • Detect the application version when a generic scanner knows nothing
  • Detect all possible published vulnerabilities when a generic scanner cannot

Requirement

  • Perl 5.6 or up
  • libwww-mechanize-perl

Usage Instructions

Click here for documentation regarding the use of the OWASP Joomla Vulnerability Scanner.

Road Map

Click here to view the road map for the latest development version of OWASP Joomla Vulnerability Scanner. Please feel free to add your own change requests or send me patches/diffs!

Feedback and Participation

We hope you find OWASP Joomla Vulnerability Scanner useful. Please contribute back to the project by sending your comments, questions, and suggestions to joomscan[@]yehg.net. Thank you.

Donations

The Open Web Application Security Project is purely an open-source community driven effort. As such, all projects and research efforts are contributed and maintained with an individual's spare time. If you have found this or any other project useful, please support OWASP with a donation.

Project Sponsors

The OWASP Joomla Vulnerability Scanner project is sponsored by YGN Ethical Hacker Group, Myanmar yehg_logo.gif.


Project Information

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What does this OWASP project release offer you?
what is this project?
OWASP Joomla Vulnerability Scanner Project

Purpose: A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site.

who is working on this project?
Project Leader: Aung Khant

Project Maintainer: Aung Khant

Project Contributor(s): None

how can you learn more?

3x slide presentation: To view, click here

Project Flyer/Pamphlet: To view, click here

Mail list: Subscribe or read the archives

Project Roadmap: To view, click here

Project main links:

Project Health: Yellow button.JPG Not reviewed/Targeted at Level 1
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Project Leader to contribute to this project,
  • Contact Project Leader or GPC to review or sponsor this project,
  • Contact GPC to report a problem or concern about this project or to update information.



current release
OWASP Joomla Vulnerability Scanner Project - First Release - July 09 - (download)

Release Leader: [http://yehg.net/ Aung Khant]

Release details: Main links, release roadmap and assessment

Release Rating: Yellow button.JPG Stable Release
To be reviewed under Assessment Criteria v2.0

OWASP Joomla Vulnerability Scanner Project - Previous Release - Release Information


Subcategories

This category has only the following subcategory.