ARTICLE OWASP Joomla Vulnerability Scanner v0.0.1 released

Friday 19 June 2009 - 1691 read - ( Keywords : Application Scanner , Joomla Scanner , Owasp , Vulnerability Scanner )

A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site.

The following features are currently available.

- Exact version Probing (the scanner can tell whether a target is running version 1.5.9)
- Searching known vulnerabilities of Joomla! and its components
- Reporting to Text & HTML output
- Immediate update capability via scanner or svn

Changes :

- New and Improved Fingerprinting Engine ( which can mostly detect exact version of Joomla 1.0.x and Joomla 1.5.x)
- Updated database till 1.5.9
- In database, removed substring(@@version,1,1) and employed simple blind detection approach 1=1, 1=2 to bypass IDS which prevents MySQL-sensitive words from request

Tool Submitted via Twitter by Sebastien Gioria (yep, himself. The French OWASP Local Chapter ;)


COMPLIANCE MANDATES

Application Scanner : PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2
Vulnerability Scanner : PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

POSTSCRIPTUM

Download


RELATED ARTICLES

Application Scanner, Joomla Scanner, Owasp, Vulnerability Scanner,

19 June 2009 : OWASP Joomla Vulnerability Scanner v0.0.1 released
31 January 2010 : OWASP Code Crawler updated to v2.5.1
24 January 2010 : OWASP Code Crawler v2.5 released
21 January 2010 : OWASP TOP 10 2010 French version released
6 October 2009 : Code Crawler v2.4 Beta - OWASP Code Review Tool
16 July 2009 : OWASP Security Spending Benchmarks reports available