OWASP Joomla Vulnerability Scanner v0.0.1 released

A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site.

The following features are currently available.

  • Exact version Probing (the scanner can tell whether a target is running version 1.5.9)
  • Searching known vulnerabilities of Joomla! and its components
  • Reporting to Text & HTML output
  • Immediate update capability via scanner or svn

Changes :

  • New and Improved Fingerprinting Engine ( which can mostly detect exact version of Joomla 1.0.x and Joomla 1.5.x)
  • Updated database till 1.5.9
  • In database, removed substring(@@version,1,1) and employed simple blind detection approach 1=1, 1=2 to bypass IDS which prevents MySQL-sensitive words from request

Tool Submitted via Twitter bySebastien Gioria (yep, himself. The French OWASP Local Chapter ;)

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

Related Articles

Application Scanner
Joomla Scanner
Vulnerability Scanner