This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Category:OWASP Joomla Vulnerability Scanner Project

Revision as of 16:58, 8 July 2009 by Paulo Coimbra (talk | contribs)

Jump to: navigation, search



Joomla! is probably the most widely-used CMS out there due to its flexibility, user-friendlinesss, extensibility to name a few.So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites. No web security scanner is dedicated only one CMS.


OWASP Joomla Vulnerability Scanner is released under the GNU GENERAL PUBLIC LICENSE Version 3. For further information on OWASP licenses, please consult the OWASP Licenses page.


Click Primary Source to download the latest.

Click Secondary Source to download the latest.

Current Features

The following features are currently available.

  • Exact version Probing (the scanner can tell whether a target is running version 1.5.9)
  • Searching known vulnerabilities of Joomla! and its components
  • Reporting to Text & HTML output
  • Immediate update capability via scanner or svn

Advantage over a Generic Vulnerability Scanner

  • Faster because it won't fuzz all requests like a generic scanner
  • Detect the application version when a generic scanner knows nothing
  • Detect all possible published vulnerabilities when a generic scanner cannot

Usage Instructions

Click here for documentation regarding the use of the OWASP Joomla Vulnerability Scanner.

Road Map

Click here to view the road map for the latest development version of OWASP Joomla Vulnerability Scanner. Please feel free to add your own change requests or send me patches/diffs!

Feedback and Participation

We hope you find OWASP Joomla Vulnerability Scanner useful. Please contribute back to the project by sending your comments, questions, and suggestions to joomscan[@] Thank you.


The Open Web Application Security Project is purely an open-source community driven effort. As such, all projects and research efforts are contributed and maintained with an individual's spare time. If you have found this or any other project useful, please support OWASP with a donation.

Project Sponsors

The OWASP Joomla Vulnerability Scanner project is sponsored by YGN Ethical Hacker Group, Myanmar yehg_logo.gif.

Project Identification

Project Name OWASP Joomla Vulnerability Scanner Project (OJVS)
Short Project Description

A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site.

Key Project Information

Project Leader
Aung Khant

Project Contibutors

Mailing List
Subscribe here
Use here


Project Type

YGN Ethical Hacker Group, Myanmar

Release Status Main Links Related Projects

Beta Quality
Please see here for complete information.

Work in Progress


This category has only the following subcategory.