Tag: Penetration Test

HackerTor

Faraday v3.4 – Collaborative Penetration Test and Vulnerability Management Platform

Here’s the main new features and improvements in Faraday v3.4:Services can now be tagged. With this new feature, you can now easily identify important services, geolocate them and more.New search operators OR/NOTIn a previous release we added the AND operator, now with 3.4 you can also use OR and NOT operators in the Status Report search box.This will allow you to find vulnerabilities easily with filters like this one:(severity:critical or severity:high) or name:”MS18-172”Performance improvements for big workspacesWe have been working on optimization for our API Rest endpoints to support millions of vulnerabilities in each workspace.Here is the full change log for version 3.4In GTK, check active_workspace it’s not nullAdd fbruteforce services fpluginAttachments can be added to a vulnerability through the API.Catch gaierror error on lynis pluginAdd OR and NOT with parenthesis support on status report searchInfo API now is publicWeb UI now detects Appscan pluginImprove performance on the workspace using custom queryWorkspaces can be set as active/disable in the welcome page.Change Nmap plugin, response field in VulnWeb now goes to Data field.Update code to support latest SQLAlchemy versionFix `create_vuln` fplugin bug that incorrectly reported duplicated vulnsThe client can set a custom logo to FaradayCentered checkboxes in user list pageClient or pentester can’t activate/deactivate workspacesIn GTK, dialogs now check that user_info is not FalseAdd tags in Service object (Frontend and backend API)Limit of users only takes the active onesImprove error message when the license is not validDownload Faraday v3.4

Link: http://www.kitploit.com/2018/12/faraday-v34-collaborative-penetration.html

HackerTor

SpiderFoot – The Most Complete OSINT Collection And Reconnaissance Tool

SpiderFoot is an open source intelligence (OSINT) automation tool. Its goal is to automate the process of gathering intelligence about a given target, which may be an IP address, domain name, hostname, network subnet, ASN or person’s name.SpiderFoot can be used offensively, i.e. as part of a black-box penetration test to gather information about the target or defensively to identify what information your organisation is freely providing for attackers to use against you.What is SpiderFoot?SpiderFoot is a reconnaissance tool that automatically queries over 100 public data sources (OSINT) to gather intelligence on IP addresses, domain names, e-mail addresses, names and more. You simply specify the target you want to investigate, pick which modules to enable and then SpiderFoot will collect data to build up an understanding of all the entities and how they relate to each other.What is OSINT?OSINT (Open Source Intelligence) is data available in the public domain which might reveal interesting information about your target. This includes DNS, Whois, Web pages, passive DNS, spam blacklists, file meta data, threat intelligence lists as well as services like SHODAN, HaveIBeenPwned? and more. See the full list of data sources SpiderFoot utilises.What can I do with SpiderFoot?The data returned from a SpiderFoot scan will reveal a lot of information about your target, providing insight into possible data leaks, vulnerabilities or other sensitive information that can be leveraged during a penetration test, red team exercise or for threat intelligence. Try it out against your own network to see what you might have exposed!Read more at the project website: http://www.spiderfoot.netDownload Spiderfoot

Link: http://www.kitploit.com/2018/12/spiderfoot-most-complete-osint.html

HackerTor

Faraday v3.3 – Collaborative Penetration Test and Vulnerability Management Platform

Here’s the main new features and improvements in Faraday v3.3:Workspace archiveYou are now able to make the whole workspace read only and archive it for future use. This allows to clear the clutter from all your ongoing projects while giving you the opportunity to continue with your work later on if needed.Host tagsHosts can now be tagged. With this new feature you can now easily identify production, testing or development hosts.Zap pluginDo you like using Faraday with Burp? What about sending issues from Burp to Faraday? Now you can do the same with OWASP ZAP!In this release of Faraday we are including an addon for OWASP ZAP. Now you can send any alert or request found by ZAP into a Faraday Workspace. This is an extension to our collection of more than 70 plugins and integrations with security tools, to help you save time on your daily work.Add vendor name to hostWe added hosts vendor to host list. This feature will show you the vendor when the mac address is set.Download Faraday v3.3

Link: http://feedproxy.google.com/~r/PentestTools/~3/uMt3kqhpRgM/faraday-v33-collaborative-penetration.html

HackerTor

SniffAir – A Framework For Wireless Pentesting

SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic, looking for potential security flaws. Along with the prebuilt queries, SniffAir allows users to create custom queries for analyzing the wireless data stored in the backend SQL database. SniffAir is built on the concept of using these queries to extract data for wireless penetration test reports. The data can also be leveraged in setting up sophisticated wireless attacks included in SniffAir as modules.SniffAir is developed by @Tyl0us and @theDarracottInstallSniffAir was developed with Python version 2.7Tested and supported on Kali Linux, Debian and Ubuntu.To install run the setup.sh script$./setup.shUsage % * ., % % ( ,# (..# % /@@@@@&, *@@% &@, @@# /@@@@@@@@@ .@@@@@@@@@. ,/ # # (%%%* % (.(. .@@ &@@@@@@%. .@@& *&@ %@@@@. &@, @@% %@@,,,,,,, ,@@,,,,,,, .( % % %%# # % # ,@@ @@(,,,#@@@. %@% %@@(@@. &@, @@% %@@ ,@@ /* # /*, %.,, ,@@ @@* #@@ ,@@& %@@ ,@@* &@, @@% %@@ ,@@ .# //#(, (, ,@@ @@* &@% .@@@@@. %@@ .@@( &@, @@% %@@%%%%%%* ,@@%%%%%%# (# ##. ,@@ @@&%%%@@@% *@@@@ %@@ .@@/ &@, @@% %@@,,,,,, ,@@,,,,,,. %#####% ,@@ @@(,,%@@% @@% %@@ @@( &@, @@% %@@ ,@@ % (*/ # ,@@ @@* @@@ %@% %@@ @@&&@, @@% %@@ ,@@ % # .# .# ,@@ @@* @@% .@@&/,,#@@@ %@@ &@@@, @@% %@@ ,@@ /(* /(# ,@@ @@* @@# *%@@@&* *%# ,%# #%/ *%# %% #############. .%# #%. .%% (@Tyl0us & @theDarracott) >> [default]# helpCommands========workspace Manages workspaces (create, list, load, delete)live_capture Initiates a valid wireless interface to collect wireless pakcets to be parsed (requires the interface name)offline_capture Begins parsing wireless packets using a pcap file-kismet .pcapdump work best (requires the full path)offline_capture_list Begins parsing wireless packets using a list of pcap file-kismet .pcapdump work best (requires the full path)query Executes a query on the contents of the acitve workspacehelp Displays this help menuclear Clears the screenshow Shows the contents of a table, specific information across all tables or the available modulesinscope Add ESSID to scope. inscope [ESSID]SSID_Info Displays all information (i.e all BSSID, Channels and Encrpytion) related to the inscope SSIDSuse Use a SniffAir moduleinfo Displays all variable information regarding the selected moduleset Sets a variable in moduleexploit Runs the loaded modulerun Runs the loaded moduleexit Exit SniffAir >> [default]# BeginFirst create or load a new or existing workspace using the command workspace create or workspace load <workspace> command. To view all existing workspaces use the workspace list command and workspace delete <workspace> command to delete the desired workspace: >> [default]# workspace Manages workspaces Command Option: workspaces [create|list|load|delete]>> [default]# workspace create demo[+] Workspace demo createdLoad data into a desired workplace from a pcap file using the command offline_capture <the full path to the pcap file>. To load a series of pcap files use the command offline_capture_list <the full path to the file containing the list of pcap name> (this file should contain the full patches to each pcap file). Use the live_capture <interface name> command to capture live wireless traffic using a wireless interface.>> [demo]# offline_capture /root/sniffair/demo.pcapdump[+] Importing /root/sniffair/demo.pcapdump\[+] Completed[+] Cleaning Up Duplicates[+] ESSIDs ObservedShow CommandThe show command displays the contents of a table, specific information across all tables or the available modules, using the following syntax: >> [demo]# show table AP+——+———–+——————-+——————————-+——–+——-+——-+———-+——–+| ID | ESSID | BSSID | VENDOR | CHAN | PWR | ENC | CIPHER | AUTH ||——+———–+——————-+——————————-+——–+——-+——-+———-+——–|| 1 | HoneyPot | c4:6e:1f:##:##:## | TP-LINK TECHNOLOGIES CO. LTD. | 4 | -17 | WPA2 | TKIP | MGT || 2 | Demo | 80:2a:a8:##:##:## | Ubiquiti Networks Inc. | 11 | -19 | WPA2 | CCMP | PSK || 3 | Demo5ghz | 82:2a:a8:##:##:## | Unknown | 36 | -27 | WPA2 | CCMP | PSK || 4 | HoneyPot1 | c4:6e:1f:##:##:## | TP-LINK TECHNOLOGIES CO. LTD. | 36 | -29 | WPA2 | TKIP | PSK || 5 | BELL456 | 44:e9:dd:##:##:## | Sagemcom Broadband SAS | 6 | -73 | WPA2 | CCMP | PSK |+——+———–+——————-+——————————-+——–+——-+——-+———-+——–+ >> [demo]# show SSIDS———HoneyPotDemoHoneyPot1BELL456HiddenDemo5ghz———The query command can be used to display a unique set of data based on the parememters specificed. The query command uses sql syntax.Inscopethe inscope <SSID> command can be used to add a SSID to the inscope tables, loading all related data to the inscope_AP, inscope_proberequests and inscope_proberesponses tables. To view a summary of all inscope SSIDS run the SSID_Info command.ModulesModules can be used to analyze the data contained in the workspaces or perform offensive wireless attacks using the use <module name> command. For some modules additional variables may need to be set. They can be set using the set command set <variable name> <variable value>: >> [demo]# show modulesAvailable Modules=================[+] Auto EAP – Automated Brute-Force Login Attack Against EAP Networks[+] Auto PSK – Automated Brute-Force Passphrase Attack Against PSK Networks[+] AP Hunter – Discover Access Point Within a Certain Range Using a Specific Type of Encrpytion[+] Captive Portal – Web Based Login Portal to Capture User Entered Credentials (Runs as an OPEN Network)[+] Certificate Generator – Generates a Certificate Used by Evil Twin Attacks[+] Exporter – Exports Data Stored in a Workspace to a CSV File[+] Evil Twin – Creates a Fake Access Point, Clients Connect to Divulging MSCHAP Hashes or Cleartext Passwords[+] Handshaker – Parses Database or .pcapdump Files Extracting the Pre-Shared Handshake for Password Guessing (Hashcat or JTR Format)[+] Mac Changer – Changes The Mac Address of an Interface[+] Probe Packet – Sends Out Deauth Packets Targeting SSID(s)[+] Proof Packet – Parses Database or .pcapdump Files Extracting all Packets Related to the Inscope SSDIS[+] Hidden SSID – Discovers the Names of HIDDEN SSIDS[+] Suspicious AP – Looks for Access Points that: Is On Different Channel, use a Different Vendor or Encrpytion Type Then the Rest of The Network[+] Wigle Search SSID – Queries wigle for SSID (i.e. Bob’s wifi)[+] Wigle Search MAC – Queries wigle for all observations of a single mac address >> [demo]# >> [demo]# use Captive Portal >> [demo][Captive Portal]# infoGlobally Set Varibles===================== Module: Captive Portal Interface: SSID: Channel: Template: Cisco (More to be added soon) >> [demo][Captive Portal]# set Interface wlan0 >> [demo][Captive Portal]# set SSID demo >> [demo][Captive Portal]# set Channel 1 >> [demo][Captive Portal]# infoGlobally Set Varibles===================== Module: Captive Portal Interface: wlan0 SSID: demo Channel: 1 Template: Cisco (More to be added soon) >> [demo][Captive Portal]# Once all varibles are set, then execute the exploit or run command to run the desired attack.ExportTo export all information stored in a workspace’s tables using the Exporter module and setting the desired path.AcknowledgmentsSniffiar contains work from the following repoisoties:hostapd-wpejmalinen/hostaplootbootyDownload SniffAir

Link: http://feedproxy.google.com/~r/PentestTools/~3/MbOna5CFG4s/sniffair-framework-for-wireless.html

HackerTor

Faraday v3.2 – Collaborative Penetration Test and Vulnerability Management Platform

Here is a list of all the goodies in Faraday v3.2:Workspace names- with numbers!With this new version, workspaces’ names are now allowed to start with numbers (before they could only start with letters).Search unconfirmed vulnsIn this version was added the filter to be able to show unconfirmed vulns as well:Multi column searchWas added support to the operator “AND” on the search field in the Status Report, this is one of the first logical operators that we support in Faraday. Is working to add the “OR” operator soon.Here is the full change log for version 3.2:Added logical operator AND to Status Report searchRestkit dependency removed.                      Improvement on manage.py change-passwordAdd feature to show only unconfirmed vulns.      Add ssl information to manage.py status-check    Update wpscan plugin to support latest version.                                                                  Allow workspace names to start with numbers.  Download Faraday v3.2

Link: http://feedproxy.google.com/~r/PentestTools/~3/SLnSlGtMSrg/faraday-v32-collaborative-penetration.html

HackerTor

NodeXP – Detection and Exploitation Tool for Node.js Services

NodeXP is an intergrated tool, written in Python 2.7, capable of detecting possible vulnerabilities on Node.js services as well as exploiting them in an automated way, based on S(erver)S(ide)J(avascript)I(njection) attack!Getting Started – Installation & UsageDownload NodeXP by cloning the Git repository:git clone https://github.com/esmog/nodexpTo get a list of all options run:python2.7 nodexp -hExamples for POST and GET cases accordingly:python2.7 nodexp.py –url=”http://nodegoat.herokuapp.com/contributions" –pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"python2.7 nodexp.py –url="http://nodegoat.herokuapp.com/contributions" –pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" –tech=blindpython2.7 nodexp.py –url="http://192.168.64.30/?name=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"python2.7 nodexp.py –url="http://192.168.64.30/?name=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" –tech=blindDisclaimerThe tool’s purpose is strictly academic and was developed in order to conduct my master’s thesis. It could also be helpful during the process of a penetration test on Node.js services. Any other malicious or illegal usage of the tool is strongly not recommended and is clearly not a part of the purpose of this research.PrerequisitesPython 2.7Metasploit FrameworkmsfvenomKali Linux (or any other Linux distro with Metasploit Framework installed)NodeXP TestbedsDownload and run the Node.js files for both GET and POST cases from hereVisit Nodegoat or install Nodegoat to your local machine!Built WithPython 2.7VersioningNodeXP – Version 1.0.0AuthorsDimitris Antonaropoulos – esmogDownload NodeXP

Link: http://feedproxy.google.com/~r/PentestTools/~3/OIgb6RZFu0o/nodexp-detection-and-exploitation-tool.html

HackerTor

JoomScan 0.0.7 – OWASP Joomla Vulnerability Scanner Project

OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system. Furthermore, OWASP JoomScan provides a user-friendly interface and compiles the final reports in both text and HTML formats for ease of use and minimization of reporting overheads.OWASP JoomScan is included in Kali Linux distributions.WHY OWASP JOOMSCAN?Automated …Version enumeratorVulnerability enumerator (based on version)Components enumerator (1209 most popular by default)Components vulnerability enumerator (based on version)(+1030 exploit)Firewall detectorReporting to Text & HTML outputFinding common log filesFinding common backup filesINSTALLgit clone https://github.com/rezasp/joomscan.gitcd joomscanperl joomscan.plJOOMSCAN ARGUMENTSUsage: joomscan.pl [options]–url | -u | The Joomla URL/domain to scan.–enumerate-components | -ec | Try to enumerate components.–cookie <String> | Set cookie.–user-agent | -a <user-agent> | Use the specified User-Agent.–random-agent | -r | Use a random User-Agent.–timeout <time-out> | set timeout.–about | About Author–update | Update to the latest version.–help | -h | This help screen.–version | Output the current version and exit.OWASP JOOMSCAN USAGE EXAMPLESDo default checks…perl joomscan.pl –url www.example.comorperl joomscan.pl -u www.example.comEnumerate installed components…perl joomscan.pl –url www.example.com –enumerate-componentsorperl joomscan.pl -u www.example.com –ecSet cookieperl joomscan.pl –url www.example.com –cookie “test=demo;"Set user-agentperl joomscan.pl –url www.example.com –user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"orperl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"Set random user-agentperl joomscan.pl -u www.example.com –random-agentorperl joomscan.pl –url www.example.com -rUpdate Joomscan…perl joomscan.pl –updatePROJECT LEADERSMohammad Reza Espargham [ reza[dot]espargham[at]owasp[dot]org ]Ali Razmjoo [ ali[dot]razmjoo[at]owasp[dot]org ]OWASP JoomScan introduction (Youtube)OWASP JoomScan 0.0.7Download Joomscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/rbhkhn10GkU/joomscan-007-owasp-joomla-vulnerability.html

HackerTor

VBScan 0.1.8 – Black Box vBulletin Vulnerability Scanner

OWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them . Why OWASP VBScan ? If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.Project Leader : Mohammad Reza Espargham Github : https://github.com/rezasp/vbscan/ SourceForge : https://sourceforge.net/projects/vbscan/ OWASP Page : https://www.owasp.org/index.php/OWASP_VBScan_Project usage : ./vbscan.pl ./vbscan.pl http://target.com/vbulletinOWASP VBScan 0.1.7 introduction What’s New in Version 0.1.8 [Self Challenge]Updated vulnerabilities database “Email Before Registration Plugin" SQL exploit added"Tapatalk vbulletin plugin" exploit added "Routestring RCE" exploit added Vbulletin possible password logger detector addedAllow start from any pathOpenRedirection founder module addedVbulletin version comparing module addedA few enhancements Download VBScan

Link: http://feedproxy.google.com/~r/PentestTools/~3/6Oz8dDXNjHM/vbscan-018-black-box-vbulletin.html

HackerTor

Firework – Leveraging Microsoft Workspaces in a Penetration Test

Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process. The tool also wraps some code from Responder to leverage its ability to capture NetNTLM hashes from a system that provisions a Workplace feed via it.This tool may be used as part of a penetration test or red team exercise to create a .wcx payload (and associated feed) that if clicked on could be used to:Phish for credentials – NetNTLM hashes will be sent if a user enters their credentials (or on older versions of Windows automatically).Add items to the Start-Menu – After set-up shortcuts are added to the Start-Menu which launch the served RDP file(s). These entries could potentially be used as part of a wider social engineering campaign.Download resources – Resources such as the .rdp files and icon files are downloaded and updated by Windows on a daily basis (if authentication of the feed is disabled or is satisfied).Read the SpiderLabs blog for a more detailed summary and walk through.InstallationTested with Python 2.7.x. (Python3 not currently supported, although the main Firework class could be used in Python 3)$ pip install -r requirements.txtThe tool serves content over HTTPS and requires a certificate and private key to use in-built web server with NetNTLM capture. Default files: cert.crt and key.pemUsage.-:::::’::::::::::.. .,::::::.:: . .::: … :::::::.. ::: . ;;;”” ;;;;;;;“;;;; ;;;;””’;;, ;; ;;;’.;;;;;;;. ;;;;“;;;; ;;; .;;,.[[[,,== [[[ [[[,/[[[‘ [[cccc ‘[[, [[, [[‘,[[ \[[,[[[,/[[[‘ [[[[[/’ `$$$”“ $$$ $$$$$$c $$"""" Y$c$$$c$P $$$, $$$$$$$$$c _$$$$, 888 888 888b "88bo,888oo,__ "88"888 "888,_ _,88P888b "88bo,"888"88o, "MM, MMM MMMM "W" """"YUMMM "M "M" "YMMMMMP" MMMM "W" MMM "MMP"usage: firework.py [-h] -c COMPANY -u URL -a APP -e EXT -i ICON [-l LISTEN] [-r RDP] [-d DOMAIN] [-n USERNAME] [-p PASSWORDHASH] [-t CERT] [-k KEY]WCX workplace tooloptional arguments: -h, –help show this help message and exit -c COMPANY, –company COMPANY Company name -u URL, –url URL Feed URL -a APP, –app APP App Name -e EXT, –ext EXT App Extension -i ICON, –icon ICON App Icon -l LISTEN, –listen LISTEN TLS Web Server Port -r RDP, –rdp RDP RDP Server -d DOMAIN, –domain DOMAIN RDP Domain -n USERNAME, –username USERNAME RDP Username -p PASSWORD, –password PASSWORD RDP Password -t CERT, –cert CERT SSL cert -k KEY, –key KEY SSL keyExamplesBasic example:Organisation Name: EvilCorpURL to feed XML (or URL to Firework’s in-built server): https://example.org/ – This is where Windows downloads the feed from.Application Name: FireworkFile Extension: .fwkIcon File: firework.icopython ./firework.py -c EvilCorp -u https://example.org/ -a Firework -e .fwk -i ./firework.ico In built web server will start on port 443 if cert.crt and key.pem are present in current directory. This will force an NTLM challenge with responder. If these files are not present the tool will write all files to local directory for your own hosting.If you wish to start the in-built web server on alternate port use the -l flag as below:python ./firework.py -c EvilCorp -u https://example.org/ -a Firework -e .fwk -i ./firework.ico -l 8443You can also add some customisations to the .rdp file that gets served.Remote Desktop Server: dc.corp.localDomain: corp.localUsername: adminPassword Crypt: Encrypted password that gets included in RDP fileNote: Passwords stored in .rdp files are likely ignored in a default config.python ./firework.py -c EvilCorp -u https://example.org/ -a Firework -e .fwk -i ./firework.ico -r dc.corp.local -d corp.local -n admin -p PayloadHaving run the tool ‘payload.wcx’ will be written to current directory. This file is what when clicked on starts the provisioning process.AuthorsDavid Middlehurst – Twitter- @dtmsecurityDownload Firework

Link: http://feedproxy.google.com/~r/PentestTools/~3/7mpZNIt1YeI/firework-leveraging-microsoft.html

HackerTor

JoomScan 0.0.6 – OWASP Joomla Vulnerability Scanner Project

OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system. Furthermore, OWASP JoomScan provides a user-friendly interface and compiles the final reports in both text and HTML formats for ease of use and minimization of reporting overheads.OWASP JoomScan is included in Kali Linux distributions.WHY OWASP JOOMSCAN ?Automated …Version enumeratorVulnerability enumerator (based on version)Components enumerator (1209 most popular by default)Components vulnerability enumerator (based on version)(+1030 exploit)Firewall detectorReporting to Text & HTML outputFinding common log filesFinding common backup filesINSTALLgit clone https://github.com/rezasp/joomscan.gitcd joomscanperl joomscan.plJOOMSCAN ARGUMENTSUsage: joomscan.pl [options]–url | -u | The Joomla URL/domain to scan.–enumerate-components | -ec | Try to enumerate components.–cookie <String> | Set cookie.–user-agent | -a <user-agent> | Use the specified User-Agent.–random-agent | -r | Use a random User-Agent.–timeout <time-out> | set timeout.–about | About Author–update | Update to the latest version.–help | -h | This help screen.–version | Output the current version and exit.OWASP JOOMSCAN USAGE EXAMPLESDo default checks…perl joomscan.pl –url www.example.comorperl joomscan.pl -u www.example.com Enumerate installed components…perl joomscan.pl –url www.example.com –enumerate-componentsorperl joomscan.pl -u www.example.com –ecSet cookieperl joomscan.pl –url www.example.com –cookie “test=demo;" Set user-agentperl joomscan.pl –url www.example.com –user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"orperl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"Set random user-agentperl joomscan.pl -u www.example.com –random-agentorperl joomscan.pl –url www.example.com -rUpdate Joomscan…perl joomscan.pl –updatePROJECT LEADERSMohammad Reza Espargham [ reza[dot]espargham[at]owasp[dot]org ]Ali Razmjoo [ ali[dot]razmjoo[at]owasp[dot]org ]OWASP JoomScan introduction (Youtube)OWASP JoomScan 0.0.6 [#BHUSA]Updated vulnerability databasesAdded new module: Firewall Detector (supports detection of [CloudFlare, Incapsula, Shieldfy, Mod_Security])Added exploit for com_joomanagerUpdated list of common log pathsA few enhancementsDownload Joomscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/LkQh4-Er0AQ/joomscan-006-owasp-joomla-vulnerability.html