Check your Joomla Security with OWASP Joomla Vulnerability Scanner

Wednesday, 25th June 2014

check-joomla-security-owasp-vulnerability-scanner-tool

If you working in field of Computer Security you should have definitely heard of OWASP (Open Web Application Security Project).
OWASP is very much like MetaSploit – Penetration Testing Framework except it is focusing mostly on web security.
As of time of wrtitting this post OWASP Project is probably the largest contributor in Web Security tools. If you're somehow in the field of Web and Middleware (Security team) or writting Web Application software (with security in mind) OWASP is definitely a project you should study well and the provided tools can help you develop your web services server infrastructure or application design with top security in mind.

One of the famous OWASP tools is Joomla Security Scanner – a toll that can scan and find all potential and present vulnerability in a Joomla (Pure Joomla or Joomla Based  website). OWASP Joomla Security Scanner script is written in Perl, making it possible to run on any OS Platform that can run Perl and CPAN modules. Thus Joomla Security Scanner is running on Windows, Linux and Mac OS X.

  • To use OWASP Joomla Security scanner on Linux (depending on Linux distribution install perl via deb or rpm package manager – most Linux distributions have it already pre-installed).
     
  • For Joomla Security scanner on Windows you will have to install one of Perl Windows ports either Active Perl or Strawberry Perl.

Once perl interpreter is up installed, e.g. test it with:
 

# perl --version

This is perl, v5.10.1 (*) built for x86_64-linux-gnu-thread-multi
(with 61 registered patches, see perl -V for more detail)

Copyright 1987-2009, Larry Wall

Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.

Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl".  If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.

 

C:Usersggeorgi>perl --version

This is perl 5, version 16, subversion 3 (v5.16.3) built for MSWin32-x64-multi-t
hread
(with 1 registered patch, see perl -V for more detail)

Copyright 1987-2012, Larry Wall

Binary build 1604 [298023] provided by ActiveState http://www.ActiveState.com
Built Apr 14 2014 15:29:45

Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.

Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl".  If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.

 

Download Latest Joolma Vulnerability Scanner (here), in case if tool disappears in future a mirrored version for download of Joomla Vulnerability Scanner is (here)
UnZIP the scanner in new created directory start it run Windows command line (I use ConEmu) – Press Windows button + R (and type ConEmu) – or if you don't have conemu cmd.exe, go to whenever the archive was dearchived:

cd UsersgeorgiDownloadsJoomla-scanner

Install all required CPAN perl modules for Joomla Scanner

cpan

This will launch perl cpan installation console, you will see a prompt:

cpan>

The console is a front end which uses Perl's Cpan modules site to download libraries, CPAN is doing quite a good job as it also downloads dependencies if installed perl module has such.

Inside CPAN console type:

install local::lib

Answer any further prompts by simply pressing Enter a lot of times.
Next install App::cpanminus:

install App::cpanminus

Then Exit CPAN, type:

exit

This should have installed cpanminus to test it run in Linux shell / win command prompt:

cpanm

 

Usage: cpanm [options] Module [...]
Try `cpanm --help` or `man cpanm` for more options.

 


As a last step install Switch from cpanminus:

cpanm -f install Switch


Run Joomla Scanner

/images/joomla-vulnerability-scanner-scanning-host-in-action-check-for-joomla-vulnerabilities-tool1
 

perl joomscan.pl

/images/joomla-vulnerability-scanner-scanning-host-in-action-check-for-joomla-vulnerabilities-tool1

 

 

Share this on:

Download PDFDownload PDF

Tags: , , , , , , , , , , , , , , , ,

Leave a Reply

CommentLuv badge