Skip to main content

JoomScan

What is the purpose of JoomScan?

Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments.

Here are the primary uses of JoomScan:

  • Vulnerability Assessment: JoomScan is a tool specifically developed to examine the security of Joomla websites. It does this by looking for known vulnerabilities in the Joomla core, various installed plugins and themes. This can allow security experts to identify and quickly fix security vulnerabilities that could be targeted by attackers.

  • User Enumeration: It can enumerate registered users of a Joomla site, thus helping security professionals who use this information to decide on potential targets for further attacks.

  • Configuration Checks: JoomScan finds insecure and misconfigured Joomla installations that act as possible attack vectors; this tool helps administrators discover security lapses to further take action for rectification in order to secure a website. All these bring to a website a bigger measure of security.

  • Brute Force Testing: It can realize brute force attacks against user accounts, assessing the strength of authentication mechanisms. It can thus enable security professionals to identify weak passwords and take prior measures to improve password policies.

  • Plugin and Extension Detection: JoomScan scans plugins and extensions installed on a Joomla site, returning information on its components—some of which may be subject to known vulnerabilities. The information returned when these plugins are kept on track will help the cyber security experts or researchers in making decisions on whether or not he has to implement updates or replacements for atack vector's threading.

Core Features

  • Automated
  • Version enumerator
  • Vulnerability enumerator (based on version)
  • Components enumerator (1209 most popular by default)
  • Components vulnerability enumerator (based on version)(+1030 exploit)
  • Firewall detector
  • Reporting to Text & HTML output
  • Finding common log files
  • Finding common backup files

Data sources

  • Joomla Vulnerability Database
  • Public Exploit Databases
  • Joomla Plugin and Extension Repositories
  • Security Advisory Platforms
  • Community Support

Common JoomScan Commands

1. Basic Scan

  • This command testing against common vulnerabilities and security issues in a Joomla site is what this command will do. It includes a basic overview of the potential attack vectors.
joomscan -u http://example.com

2. Enumerate Plugins

  • This command identifies and lists the plugins installed on the target Joomla site. It searches for older versions of plugins with known security vulnerabilities. Such vulnerable plugins can provide attackers with opportunities to exploit systems and potentially cause significant damage.
joomscan -u http://example.com --plugins

3. Enumerate Extensions

  • This command searches for installed extensions on the Joomla site, providing a list of all installed extensions. It helps in identifying extensions that may be outdated or vulnerable. Vulnerabilities in such extensions can create attack vectors, potentially allowing hackers to cause significant damage to systems.
joomscan -u http://example.com --extensions

4. Enumerate Users

  • This command retrieves and lists registered users on the Joomla site. It helps in identifying potential targets for further security assessment.
joomscan -u http://example.com --users

5. Check for Vulnerabilities

  • This command performs a detailed scan to detect known vulnerabilities in Joomla’s own vulnerability database on the target system, including core, plugins, and extensions. It highlights these vulnerabilities and indicates that they need to be addressed. This process helps cybersecurity experts to improve or strengthen the systems.
joomscan -u http://example.com --vulnerabilities

6. Brute Force Testing

  • This command connects to the network, processing a wordlist to check for weak passwords associated with user accounts. It evaluates the strength of authentication mechanisms. The use of weak passwords poses a significant risk to system security.
joomscan -u http://example.com --brute-force --wordlist /path/to/wordlist.txt

7. Configuration Check

  • This command examines the Joomla site for insecure configurations and misconfigurations. It helps identify settings that could be create attack vectors by attackers.
joomscan -u http://example.com --config

8. Output Results

  • This command saves the results of the scan to a specified file. It is useful for record-keeping, analysis, or reporting purposes.It also provides integration with other security tools.
joomscan -u http://example.com -o output.txt

9.Verbose Output

  • This command provides detailed information during the scan process, including extensive details about the actions performed and the findings.This command provides detailed view for experts for improving the system build.
joomscan -u http://example.com --verbose

10. Help and Usage Information

  • This command displays help information, including a list of available options and commands for using JoomScan.
joomscan -h

Alternative usage:

joomscan --help

Output Examples of JoomScan Commands

CommandExample UsageFunctionOutput Example
Basic Usagejoomscan -u https://example.comInitiates a basic scan on the specified Joomla site.Scanning https://example.com...
Display Helpjoomscan -hDisplays help information and available commands.Usage: joomscan [options]
Display Versionjoomscan --versionShows the current version of JoomScan installed.JoomScan version 2.0.0
Update JoomScanjoomscan --updateUpdates the JoomScan tool to the latest available version.JoomScan updated to the latest version.
Health Checkjoomscan --healthPerforms a diagnostic check on the JoomScan tool.JoomScan is functioning correctly.
Custom User-Agentjoomscan -u https://example.com --user-agent "CustomUserAgent"Sets a custom User-Agent string for requests.Using custom User-Agent: CustomUserAgent
Specify Multiple Targetsjoomscan -l targets.txt -u https://example.comScans multiple targets listed in a file.Scanning targets from targets.txt...
Rate Limitingjoomscan -u https://example.com --rate-limit 10Limits requests sent per second during the scan.Rate limit set to 10 requests per second.
Timeout for Requestsjoomscan -u https://example.com --timeout 5Sets a timeout duration for requests made during the scan.Timeout set to 5 seconds.
Output Results to a Filejoomscan -u https://example.com -o output.txtOutputs the scan results to a specified file.Results saved to output.txt
Output JSON Formatjoomscan -u https://example.com --output-jsonOutputs the scan results in JSON format.Results saved in JSON format.
Enable Verbose Outputjoomscan -u https://example.com --verboseProvides detailed information about the scan process.Verbose mode enabled.
Enumerate Usersjoomscan -u https://example.com --enum-usersLists registered users on the Joomla site.Enumerating users...
Check for Vulnerabilitiesjoomscan -u https://example.com --check-vulnsScans for known vulnerabilities in Joomla components.Scanning for vulnerabilities...
Enumerate Plugins and Extensionsjoomscan -u https://example.com --enum-pluginsEnumerates installed plugins and extensions.Enumerating plugins and extensions...
Brute Force Testingjoomscan -u https://example.com --brute --wordlist wordlist.txtPerforms brute force attacks to test password strength.Brute forcing with wordlist.txt...
Check Configurationjoomscan -u https://example.com --check-configChecks for insecure configurations and misconfigurations.Checking configuration...
Store HTTP Responsesjoomscan -u https://example.com --store-requestsStores HTTP requests and responses during the scan.HTTP requests and responses stored.
Firewall Detectionjoomscan -u https://example.com --detect-firewallDetects the presence of a firewall and assesses its impact on scanning.Detecting firewall presence...
Finding Common Log Filesjoomscan -u https://example.com --find-logsSearches for common log files on the target Joomla site.Searching for log files...
Finding Common Backup Filesjoomscan -u https://example.com --find-backupsSearches for common backup files on the target Joomla site.Searching for backup files...
Resume Previous Scanjoomscan --resume session.jsonResumes a previously interrupted scan using a session file.Resuming scan from session.json...