OWASP Joomla Vulnerability Scanner v0.0.1 released
A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site.
The following features are currently available.
- Exact version Probing (the scanner can tell whether a target is running version 1.5.9)
- Searching known vulnerabilities of Joomla! and its components
- Reporting to Text & HTML output
- Immediate update capability via scanner or svn
Changes :
- New and Improved Fingerprinting Engine ( which can mostly detect exact version of Joomla 1.0.x and Joomla 1.5.x)
- Updated database till 1.5.9
- In database, removed substring(@@version,1,1) and employed simple blind detection approach 1=1, 1=2 to bypass IDS which prevents MySQL-sensitive words from request
Tool Submitted via Twitter bySebastien Gioria (yep, himself. The French OWASP Local Chapter ;)
Post scriptum
Compliance Mandates
|
Related Articles
Application Scanner |
|
Joomla Scanner |
|
Owasp |
|
Vulnerability Scanner |
|