If you working in field of Computer Security you should have definitely heard of OWASP (Open Web Application Security Project).
OWASP is very much like MetaSploit – Penetration Testing Framework except it is focusing mostly on web security.
As of time of wrtitting this post OWASP Project is probably the largest contributor in Web Security tools. If you're somehow in the field of Web and Middleware (Security team) or writting Web Application software (with security in mind) OWASP is definitely a project you should study well and the provided tools can help you develop your web services server infrastructure or application design with top security in mind.
One of the famous OWASP tools is Joomla Security Scanner – a toll that can scan and find all potential and present vulnerability in a Joomla (Pure Joomla or Joomla Based website). OWASP Joomla Security Scanner script is written in Perl, making it possible to run on any OS Platform that can run Perl and CPAN modules. Thus Joomla Security Scanner is running on Windows, Linux and Mac OS X.
- To use OWASP Joomla Security scanner on Linux (depending on Linux distribution install perl via deb or rpm package manager – most Linux distributions have it already pre-installed).
- For Joomla Security scanner on Windows you will have to install one of Perl Windows ports either Active Perl or Strawberry Perl.
Once perl interpreter is up installed, e.g. test it with:
# perl --version
This is perl, v5.10.1 (*) built for x86_64-linux-gnu-thread-multi
(with 61 registered patches, see perl -V for more detail)Copyright 1987-2009, Larry Wall
Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl". If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.
C:Usersggeorgi>perl --version
This is perl 5, version 16, subversion 3 (v5.16.3) built for MSWin32-x64-multi-t
hread
(with 1 registered patch, see perl -V for more detail)Copyright 1987-2012, Larry Wall
Binary build 1604 [298023] provided by ActiveState http://www.ActiveState.com
Built Apr 14 2014 15:29:45Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl". If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.
Download Latest Joolma Vulnerability Scanner (here), in case if tool disappears in future a mirrored version for download of Joomla Vulnerability Scanner is (here)
UnZIP the scanner in new created directory start it run Windows command line (I use ConEmu) – Press Windows button + R (and type ConEmu) – or if you don't have conemu cmd.exe, go to whenever the archive was dearchived:
cd UsersgeorgiDownloadsJoomla-scanner
Install all required CPAN perl modules for Joomla Scanner
cpan
This will launch perl cpan installation console, you will see a prompt:
cpan>
The console is a front end which uses Perl's Cpan modules site to download libraries, CPAN is doing quite a good job as it also downloads dependencies if installed perl module has such.
Inside CPAN console type:
install local::lib
Answer any further prompts by simply pressing Enter a lot of times.
Next install App::cpanminus:
install App::cpanminus
Then Exit CPAN, type:
exit
This should have installed cpanminus to test it run in Linux shell / win command prompt:
cpanm
Usage: cpanm [options] Module [...]
Try `cpanm --help` or `man cpanm` for more options.
As a last step install Switch from cpanminus:
cpanm -f install Switch
Run Joomla Scanner
perl joomscan.pl
More helpful Articles
Tags: blogspot, command prompt, cpan, Download Latest Joolma Vulnerability Scanner, downloads, good job, inspect joomla security, Joomla Security Scanner, joomla ssecurity scanner, joomla vulnerability scanner, Linux, OWASP, owasp joomla vulnerability scanner, Perl Windows, securiring joomla, type, Web Application