This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Joomla Vulnerability Scanner Usage"

From OWASP
Jump to: navigation, search
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
Usage: joomscan.pl -u <string> -x proxy:port
+
  Usage: joomscan.pl [options]
         -u <string>      = joomla Url
+
    --url | -u <URL>                |  The Joomla URL/domain to scan.
 +
    --enumerate-components | -ec    |  Try to enumerate components.
 +
    --cookie <String>              |  Set cookie.
 +
    --user-agent | -a <User-Agent>  |  Use the specified User-Agent.
 +
    --random-agent | -r            |  Use a random User-Agent.
 +
    --timeout <Time-Out>           |  Set timeout.
 +
    --about                        |  About Author
 +
    --update                        |  Update to the latest version.
 +
    --help | -h                    |  This help screen.
 +
    --version                      |  Output the current version and exit.
 +
 
 +
 
 +
Do default checks:
 +
         perl joomscan.pl -u www.example.com 
 +
        or
 +
        perl joomscan.pl --url www.example.com
 
          
 
          
        ==Optional==
 
        -x <string:int>  = proXy to tunnel
 
        -c <string>      = cookie (name=value;)
 
        -g "<string>"  = desired useraGent string within "
 
        -nv              = No Version fingerprinting check
 
        -nf              = No Firewall detection check
 
        -nvf/-nfv        = No version+firewall check
 
        -pe              = Poking version only
 
                            (and Exit the scanner)
 
        -ot              = Output to Text file (target-joexploit.txt)
 
        -oh              = Output to Html file (target-joexploit.htm)
 
        -vu              = Verbose (output every Url scan)
 
        -sp              = Show completed Percentage
 
  
  Example:
+
  Enumerate installed components:
          joomscan.pl -pv -u victim.com -x localhost:8080         
+
      perl joomscan.pl --url www.example.com --enumerate-components
 +
      or
 +
      perl joomscan.pl -u www.example.com --ec
 +
 
 +
Set cookie:
 +
          perl joomscan.pl --url www.example.com --cookie "test=demo;"
  
  Check:   joomscan.pl check
+
  Set user-agent:
          This option will check if the scanner update is available or not.
+
    perl joomscan.pl --url www.example.com --user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"
 +
    or
 +
    perl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"
  
Update:  joomscan.pl update
 
          This option will check and update the local database if newer
 
          version is available.
 
  
  Download: joomscan.pl download
+
  Set random user-agent:
          - Download the scanner latest version as a single zip file - joomscan-latest.zip.
+
    perl joomscan.pl -u www.example.com --random-agent
 +
    or
 +
    perl joomscan.pl --url www.example.com -r
  
Defense: joomscan.pl defense
 
          This option will give you a defensive note.
 
  
  About:   joomscan.pl story
+
  Update Joomscan:
           This option will give you a short story about joomscan.
+
           perl joomscan.pl --update
  
Read:  joomscan.pl read DOCFILE
 
          DOCFILE - changelog,release_note,readme,credits,faq,owasp_project
 
  
 
[[Category:OWASP_Joomla_Vulnerability_Scanner_Project]]
 
[[Category:OWASP_Joomla_Vulnerability_Scanner_Project]]

Latest revision as of 23:47, 8 March 2018

  Usage:	joomscan.pl [options]
    --url | -u <URL>                |   The Joomla URL/domain to scan.
    --enumerate-components | -ec    |   Try to enumerate components.
    --cookie <String>               |   Set cookie.
    --user-agent | -a <User-Agent>  |   Use the specified User-Agent.
    --random-agent | -r             |   Use a random User-Agent.
    --timeout <Time-Out>            |   Set timeout.
    --about                         |   About Author
    --update                        |   Update to the latest version.
    --help | -h                     |   This help screen.
    --version                       |   Output the current version and exit.


Do default checks:
        perl joomscan.pl -u www.example.com  
        or
        perl joomscan.pl --url www.example.com
        
Enumerate installed components:
      perl joomscan.pl --url www.example.com --enumerate-components
      or
      perl joomscan.pl -u www.example.com --ec
Set cookie:
         perl joomscan.pl --url www.example.com --cookie "test=demo;"
Set user-agent:
    perl joomscan.pl --url www.example.com --user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"
    or
    perl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"


Set random user-agent:
    perl joomscan.pl -u www.example.com --random-agent
    or
    perl joomscan.pl --url www.example.com -r


Update Joomscan:
         perl joomscan.pl --update