joomscan包装说明
的Joomla!可能是最广泛使用的CMS在那里,由于其灵活性,用户friendlinesss,可扩展到仅举几例。所以,看它的脆弱性,加上这些漏洞的KB到Joomla扫描仪需要持续进行的活动。这将帮助Web开发人员和网站管理员,以帮助确定他们的部署的Joomla可能存在的安全弱点!网站。 以下功能目前可供选择:
- 确切版本探测(扫描仪可以告诉一个目标是否正在运行1.5.12版本)
- 常见的Joomla!基于Web应用防火墙检测
- 搜索的Joomla已知的漏洞!及其部件
- 报告以文本和HTML输出
- 通过扫描仪或svn立即更新能力 资料来源:https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project
- 作者:昂Khant,OWASP.org
许可:GPLv3的
0x01 包含在joomscan包工具
joomscan - OWASP的Joomla漏洞扫描项目
:~# joomscan ..|''|| '|| '||' '|' | .|'''.| '||''|. .|' || '|. '|. .' ||| ||.. ' || || || || || || | | || ''|||. ||...|' '|. || ||| ||| .''''|. . '|| || ''|...|' | | .|. .||. |'....|' .||. ================================================================= OWASP Joomla! Vulnerability Scanner v0.0.4 (c) Aung Khant, aungkhant]at[yehg.net YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab Update by: Web-Center, http://web-center.si (2011) ================================================================= Vulnerability Entries: 611 Last update: February 2, 2012 Usage: ./joomscan.pl -u <string> -x proxy:port -u <string> = joomla Url ==Optional== -x <string:int> = proXy to tunnel -c <string> = Cookie (name=value;) -g "<string>" = desired useraGent string(within ") -nv = No Version fingerprinting check -nf = No Firewall detection check -nvf/-nfv = No version+firewall check -pe = Poke version only and Exit -ot = Output to Text file (target-joexploit.txt) -oh = Output to Html file (target-joexploit.htm) -vu = Verbose (output every Url scan) -sp = Show completed Percentage ~Press ENTER key to continue Example: ./joomscan.pl -u victim.com -x localhost:8080 Check: ./joomscan.pl check - Check if the scanner update is available or not. Update: ./joomscan.pl update - Check and update the local database if newer version is available. Download: ./joomscan.pl download - Download the scanner latest version as a single zip file - joomscan-latest.zip. Defense: ./joomscan.pl defense - Give a defensive note. About: ./joomscan.pl story - A short story about joomscan. Read: ./joomscan.pl read DOCFILE DOCFILE - changelog,release_note,readme,credits,faq,owasp_project0x02 joomscan用法示例
扫描的Joomla安装在给定的 URL(-u http://192.168.1.202/joomla) 的漏洞: ```bash
:~# joomscan -u http://192.168.1.202/joomla ..|''|| '|| '||' '|' | .|'''.| '||''|.
.|' || '|. '|. .' ||| ||.. ' || || || || || || | | || ''|||. ||...|' '|. || ||| ||| .''''|. . '|| ||
''|...|' | | .|. .||. |'....|' .||.
=================================================================
OWASP Joomla! Vulnerability Scanner v0.0.4
(c) Aung Khant, aungkhant]at[yehg.net
YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab
Update by: Web-Center, http://web-center.si (2011)
Vulnerability Entries: 673 Last update: October 22, 2012 Use "update" option to update the database Use "check" option to check the scanner update Use "download" option to download the scanner latest version package Use svn co to update the scanner and the database svn co https://joomscan.svn.sourceforge.net/svnroot/joomscan joomscan Target: http://192.168.1.202/joomla Server: Apache/2.2.22 (Debian) X-Powered-By: PHP/5.4.4-14+deb7u9
Checking if the target has deployed an Anti-Scanner measure
[!] Scanning Passed ..... OK
Detecting Joomla! based Firewall ...
[!] No known firewall detected!
Fingerprinting in progress ...
Use of uninitialized value in pattern match (m//) at ./joomscan.pl line 1009. ~Unable to detect the version. Is it sure a Joomla?
Fingerprinting done.
Vulnerabilities Discovered
1
Info -> Generic: htaccess.txt has not been renamed. Versions Affected: Any Check: /htaccess.txt Exploit: Generic defenses implemented in .htaccess are not available, so exploiting is more likely to succeed. Vulnerable? Yes ```
原文来自:https://www.hackfun.org/kali-tools/joomscan_zh.html。转载请注明原出处,商用请联系原作者授权。