Prowler – Distributed Network Vulnerability Scanner

Prowler is a Network Vulnerability Scanner implemented on a Raspberry Pi Cluster, first developed during Singapore Infosec Community Hackathon – HackSmith v1.0.CapabilitiesScan a network (a particular subnet or a list of IP addresses) for all IP addresses associated with active network devicesDetermine the type of devices using fingerprintingDetermine if there are any open ports on the deviceAssociate the ports with common servicesTest devices against a dictionary of factory default and common credentialsNotify users of security vulnerabilities through an dashboard. Dashboard tourPlanned CapabilitiesGreater variety of vulnerability assessment capabilities (webapp etc.)Select wordlist based on fingerprintHardwareRaspberry Pi Cluster HAT (with 4 * Pi Zero W)Raspberry Pi 3Networking deviceSoftware StackRaspbian Stretch (Controller Pi)Raspbian Stretch Lite (Worker Pi Zero)Note: For ease of setup, use the images provided by Cluster Hat! InstructionsPython 3 (not tested on Python 2)Python packages see requirements.txtAnsible for managing the cluster as a whole (/playbooks)Key Python Packages:dispy (website) is the star of the show. It allows allows us to create a job queue that will be processed by the worker nodes.python-libnmap is the python wrapper around nmap, an open source network scanner. It allows us to scan for open ports on devices.paramiko is a python wrapper around SSH. We use it to probe SSH on devices to test for common credentials.eel is used for the web dashboard (seperate repository, here)rabbitmq (website) is used to pass the results from the cluster to the eel server that is serving the dashboard page.Ansible PlaybooksFor the playbooks to work, ansible must be installed (sudo pip3 install ansible). Configure the IP addresses of the nodes at /etc/ansible/hosts. WARNING: Your mileage may vary as these were only tested on my setupshutdown.yml and reboot.yml self-explanatoryclone_repos.yml clone prowler and dispy repositories (required!) on the worker nodessetup_node.yml installs all required packages on the worker nodes. Does not clone the repositories!Deploying ProwlerClone the git repository: git clone https://github.com/tlkh/prowler.gitInstall dependencies by running sudo pip3 install -r requirements.txt on the controller PiRun ansible-playbook playbooks/setup_node.yml to install the required packages on worker nodes.Clone the prowler and dispy repositories to the worker nodes using ansible-playbook playbooks/clone_repos.ymlRun clusterhat on on the controller Pi to ensure that all Pi Zeros are powered up.Run python3 cluster.py on the controller Pi to start ProwlerTo edit the range of IP addresses being scanned, edit the following lines in cluster.py:test_range = [] for i in range(0, 1): for j in range(100, 200): test_range.append(“172.22." + str(i) + "." + str(j))Old DemosCluster Scan Demonstration Jupyter NotebookSingle Scan Demonstration Jupyter NotebookTry out the web dashboard hereUseful SnippetsTo run ssh command on multiple devices, install pssh and pssh -h pssh-hosts -l username -A -i "command"To create the cluster (in compute.py): cluster = dispy.JobCluster(compute, nodes=’pi0_ip’, ip_addr=’pi3_ip’)Check connectivity: ansible all -m ping or ping p1.local -c 1 && ping p2.local -c 1 && ping p3.local -c 1 && ping p4.local -c 1Temperature Check: /opt/vc/bin/vcgencmd measure_temp && pssh -h workers -l pi -A -i "/opt/vc/bin/vcgencmd measure_temp" | grep temprpimonitor (how to install):Download Prowler

Link: http://feedproxy.google.com/~r/PentestTools/~3/qOTSZ3YjvmY/prowler-distributed-network.html

Salt-Scanner – Linux Vulnerability Scanner Based On Salt Open And Vulners Audit API

A linux vulnerability scanner based on Vulners Audit API and Salt Open, with Slack notifications and JIRA integration.FeaturesSlack notification and report uploadJIRA integrationOpsGenie integrationRequirementsSalt Open 2016.11.x (salt-master, salt-minion)¹Python 2.7salt (you may need to install gcc, gcc-c++, python dev)slackclientjiraopsgenie-sdkNote: Salt Master and Minion versions should match. Salt-Scanner supports Salt version 2016.11.x. if you are using version 2017.7.x, replace “expr_form" with "tgt_type" in salt-scanner.py.Usage$ ./salt-scanner.py -h ========================================================== Vulnerability scanner based on Vulners API and Salt Open _____ _ _ _____ / ___| | | | / ___| \ `–. __ _| | |_ \ `–. ___ __ _ _ __ _ __ ___ _ __ `–. \/ _` | | __| `–. \/ __/ _` | ‘_ \| ‘_ \ / _ \ ‘__|/\__/ / (_| | | |_ /\__/ / (_| (_| | | | | | | | __/ | \____/ \__,_|_|\__| \____/ \___\__,_|_| |_|_| |_|\___|_| Salt-Scanner 0.1 / by 0x4D31 ==========================================================usage: salt-scanner.py [-h] [-t TARGET_HOSTS] [-tF {glob,list,grain}] [-oN OS_NAME] [-oV OS_VERSION]optional arguments: -h, –help show this help message and exit -t TARGET_HOSTS, –target-hosts TARGET_HOSTS -tF {glob,list,grain}, –target-form {glob,list,grain} -oN OS_NAME, –os-name OS_NAME -oV OS_VERSION, –os-version OS_VERSION$ sudo SLACK_API_TOKEN="EXAMPLETOKEN" ./salt-scanner.py -t "*" ========================================================== Vulnerability scanner based on Vulners API and Salt Open _____ _ _ _____ / ___| | | | / ___| \ `–. __ _| | |_ \ `–. ___ __ _ _ __ _ __ ___ _ __ `–. \/ _` | | __| `–. \/ __/ _` | ‘_ \| ‘_ \ / _ \ ‘__|/\__/ / (_| | | |_ /\__/ / (_| (_| | | | | | | | __/ | \____/ \__,_|_|\__| \____/ \___\__,_|_| |_|_| |_|\___|_| Salt-Scanner 0.1 / by 0x4D31 ==========================================================+ No default OS is configured. Detecting OS…+ Detected Operating Systems: – OS Name: centos, OS Version: 7+ Getting the Installed Packages…+ Started Scanning ‘10.10.10.55’… – Total Packages: 357 – 6 Vulnerable Packages Found – Severity: Low+ Started Scanning ‘10.10.10.56’… – Total Packages: 392 – 6 Vulnerable Packages Found – Severity: Critical+ Finished scanning 2 host (target hosts: ‘*’).2 Hosts are vulnerable!+ Output file created: 20170622-093138_232826a7-983f-499b-ad96-7b8f1a75c1d7.txt+ Full report uploaded to Slack+ JIRA Issue created: VM-16+ OpsGenie alert createdYou can also use Salt Grains such as ec2_tags in target_hosts:$ sudo ./salt-scanner.py –target-hosts "ec2_tags:Role:webapp" –target-form grainSlack AlertDownload Salt-Scanner

Link: http://feedproxy.google.com/~r/PentestTools/~3/Ox5vp0e8ctQ/salt-scanner-linux-vulnerability.html

Acunetix v12 – More Comprehensive, More Accurate and now 2X Faster

In-depth analysis of JavaScript-rich sites and Single Page ApplicationsAcunetix, the pioneer in automated web application security software, has announced the release of version 12. This new version provides support for JavaScript ES7 to better analyse sites which rely heavily on JavaScript such as SPAs. This coupled with a new AcuSensor for Java web applications, sets Acunetix ahead of the curve in its ability to comprehensively and accurately scan all types of websites. With v12 also comes a brand new scanning engine, re-engineered and re-written from the ground up, making Acunetix the fastest scanning engine in the industry.“Acunetix was always in the forefront when it came to accuracy and speed, however now with the re-engineered scanning engine and sensors that support the latest JavaScript and Java technologies, we are seeing websites scanned up to 2x faster without any compromise on accuracy.” announced Nicholas Sciberras, CTO. Support for latest JavaScript Acunetix DeepScan and the Acunetix Login Sequence Recorder have been updated to support  ECMAScript version 6 (ES6) and ECMAScript version 7 (ES7). This allows Acunetix to better analyse JavaScript-rich sites which make use of the latest JavaScript features. The modularity of the new Acunetix architecture also makes it much easier now for the technology to stay ahead of the industry curve.AcuSensor for JavaAcunetix version 12 includes a new AcuSensor for Java web applications. This improves the coverage of the web site and the detection of web vulnerabilities, decreases false positives and provides more information on the vulnerabilities identified. While already supporting PHP and ASP .NET, the introduction of Java support in AcuSensor means that Acunetix coverage for interactive gray box scanning of web applications is now possibly the widest in the industry.Speed and efficiency with Multi-EngineCombining the fastest scanning engine with the ability to scan multiple sites at a time, in a multi-engine environment, allows users to scan thousands of sites in the least time possible. The Acunetix Multi-engine setup is suitable for Enterprise customers who need to scan more than 10 websites or web applications at the same time. This can be achieved by installing one Main Installation and multiple Scanning Engines, all managed from a central console.Pause / Resume FeatureAcunetix Version 12 allows the user to pause a Scan and Resume the scan at a later stage. Acunetix will proceed with the scan from where it had left off. There is no need to save any scan state files or similiar – the information about the paused scan is automatically retained in Acunetix.A trial version can be downloaded hereAbout AcunetixUser-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry leading crawler fully supports HTML5 and JavaScript and AJAX-heavy websites, allowing auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on premise solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritise and control vulnerability threats – ordered by business criticality. Acunetix, the companyFounded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader, and a pioneer in automated web application security technology. Acunetix products and technologies are depended on globally by individual pen-testers and consultants all the way to large organizations. It is the tool of choice for many customers in the Government, Military, Educational, Telecommunications, Banking, Finance, and E-Commerce sectors, including many Fortune 500 companies, such as the Pentagon, Nike, Disney, Adobe and many more. For more information, visit www.acunetix.com.

Link: http://feedproxy.google.com/~r/PentestTools/~3/1J3ZpBqn9fY/acunetix-v12-more-comprehensive-more.html

Zoom – Automatic & Lightning Fast WordPress Vulnerability Scanner

Zoom is a lightning fast wordpress vulnerability scanner equipped with subdomain & infinite username enumeration.. It doesn’t support plugin & theme enumeration at the moment.What’s infinite enumeration? Try enumerating usernames of cybrary.com with Zoom & wpscan (or your fav tool).Twitter: @weareultimate Website: teamultimate.inUsagesManual Modepython zoom.py -u In the manual mode, you will need to specify a wordpress website to scan for vulnerabilities and to enumerate subdomains.Automatic Modepython zoom.py -u <website> –autoIn the automatic mode, Zoom will find subdomains and check the ones using wordpress for vulnerabilities.Automatic Mode DemoManual Mode DemoDownload Zoom

Link: http://feedproxy.google.com/~r/PentestTools/~3/9k6EJHM3rPs/zoom-automatic-lightning-fast-wordpress.html

Pyfiscan – Web-Application Vulnerability And Version Scanner

Pyfiscan is free web-application vulnerability and version scanner and can be used to locate out-dated versions of common web-applications in Linux-servers. Example use case is hosting-providers keeping eye on their users installations to keep up with security-updates. Fingerprints are easy to create and modify as user can write those in YAML-syntax. Pyfiscan also contains tool to create email alerts using templates.RequirementsPython 2.7Python modules PyYAML docoptGNU/Linux web serverTesting is done mainly with GNU/Linux Debian stable. Windows is not currently supported.Detects following softwareATutorb2evolutionBigTree CMSBugzillaCentreonClarolineClipperCMSCMSimpleCMSMSCollabtiveConcrete5CoppermineCotontiCroogoCubeCartDolibarrDotclearDrupale107EspoCRMEtherpadFluxBBFoswikiGalleryGollumHelpDEZkHumHubImpressCMSImpressPagesJamroomJoomlaKanboardKCFinderLiteCartMagnoliaMaharaMantisBTMediaWikiMicroweberMiniBBMODX RevolutionMoinMoinMyBBNibbleblogOpen Source Social NetworkOpenCartosDateownCloudOxwallPBBoardphpBB3PhpGedViewphpMyAdminPiwigoPiwikPmWikiPostfix AdminRedaxoRoundcubeSaurusCMSSerendipityShaarliSMFSpina CMSSPIPSquirrelMailTestLinkTikiWikiTracWikkaWikiWordPressX-CartZenphotoZikulaDetects following end-of-life software:Bugzilla 4.2 is end-of-life since 2015-11-30Drupal 6 is end-of-life since 2016-02-24Gallery 1Joomla 1.5 is end-of-life since 2012-04-30Joomla 1.6 is end-of-life since 2011-08-19. 1.6.x should be upgraded to 1.6.6 before moving to 1.7.xJoomla 1.7 is end-of-life since 2012-02-24Joomla 2.5MediaWiki 1.18MediaWiki 1.19 is end-of-life since 2015-04-25MediaWiki 1.20MediaWiki 1.21 is end-of-life since 2014-06-25MediaWiki 1.22MediaWiki 1.23 is end-of-life since 2017-05-31MediaWiki 1.24MediaWiki 1.25MediaWiki 1.26 is end-of-life since 2016-11-20MediaWiki 1.28 is end-of-life since 2017-11-01ownCloud 4ownCloud 5ownCloud 6ownCloud 7ownCloud 8.0ownCloud 8.1ownCloud 8.2SaurusCMSInstallationapt-get install python python-pip libpython2.7-dev libyaml-dev git libyaml-devgit clone https://github.com/fgeek/pyfiscan.git && cd pyfiscanpip2 install -r requirements.lstor you can use BlackArch Linux.NotesWordPressAnnouncing a secure SWFUpload forkJoomlaUpgrade should be done using “Extension manager -> Upgrade" in version 1.6.6 and laterRelease and support cycleSetup Security checklistUpgrading and migrating JoomlaJoomla 2.x creates random SQL table prefixJoomla 3.x informs and shows user a button to remove installation-directoryCreates ./configuration.php in installationCreates robots.txt, which contains word "Joomla"SMFEnd of life of SMF 1.0Installer requests users with button to delete install.phpTikiWikiEnd of life of TikiWiki 7.x8.4 is last release of TikiWiki 8.xEnd of life of TikiWiki 8.xMediaWikiEnd of Life of 1.18.xGalleryNot installed when config.php is missing.http://codex.galleryproject.org/Gallery2:SecurityUpgrade using: http://example.org/gallery3/index.php/upgrade php index.php upgradephpBB (version unknown)Open installation is not a vulnerability since web-interface requests user to authenticate by inserting random data to file.CoppermineNot installed when include/config.inc.php is missing.Owncloudstatus.php outputs: {"installed":"true","version":"5.0.6","versionstring":"5.0.5","edition":""}PiwigoNot installed if local/config/database.inc.php is missing.ClarolineNot installed when platform/conf/claro_main.conf.php is missing.Installation pages request user to remove claroline/install/ directory.Download Pyfiscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/gTn3cxTqU6A/pyfiscan-web-application-vulnerability.html

WPSeku v0.4 – WordPress Security Scanner

WPSeku is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.Installation$ git clone https://github.com/m4ll0k/WPSeku.git wpseku$ cd wpseku$ pip3 install -r requirements.txt$ python3 wpseku.pyUsageGeneric Scanpython3 wpseku.py –url https://www.xxxxxxx.com –verboseOutput—————————————- _ _ _ ___ ___ ___| |_ _ _ | | | | . |_ -| -_| ‘_| | ||_____| _|___|___|_,_|___| |_| v0.4.0WPSeku – WordPress Security Scannerby Momo Outaadi (m4ll0k)—————————————-[ + ] Target: https://www.xxxxxxx.com[ + ] Starting: 02:38:51[ + ] Server: Apache[ + ] Uncommon header “X-Pingback" found, with contents: https://www.xxxxxxx.com/xmlrpc.php[ i ] Checking Full Path Disclosure…[ + ] Full Path Disclosure: /home/ehc/public_html/wp-includes/rss-functions.php[ i ] Checking wp-config backup file…[ + ] wp-config.php available at: https://www.xxxxxxx.com/wp-config.php[ i ] Checking common files…[ + ] robots.txt file was found at: https://www.xxxxxxx.com/robots.txt[ + ] xmlrpc.php file was found at: https://www.xxxxxxx.com/xmlrpc.php[ + ] readme.html file was found at: https://www.xxxxxxx.com/readme.html[ i ] Checking directory listing…[ + ] Dir "/wp-admin/css" listing enable at: https://www.xxxxxxx.com/wp-admin/css/[ + ] Dir "/wp-admin/images" listing enable at: https://www.xxxxxxx.com/wp-admin/images/[ + ] Dir "/wp-admin/includes" listing enable at: https://www.xxxxxxx.com/wp-admin/includes/[ + ] Dir "/wp-admin/js" listing enable at: https://www.xxxxxxx.com/wp-admin/js/……Bruteforce Loginpython3 wpseku.py –url https://www.xxxxxxx.com –brute –user test –wordlist wl.txt –verboseOutput—————————————- _ _ _ ___ ___ ___| |_ _ _ | | | | . |_ -| -_| ‘_| | ||_____| _|___|___|_,_|___| |_| v0.4.0WPSeku – WordPress Security Scannerby Momo Outaadi (m4ll0k)—————————————-[ + ] Target: https://www.xxxxxxx.com[ + ] Starting: 02:46:32[ + ] Bruteforcing Login via XML-RPC…[ i ] Setting user: test[ + ] Valid Credentials: —————————–| Username | Passowrd |—————————–| test | kamperasqen13 |—————————–Scan plugin,theme and wordpress codepython3 wpseku.py –scan

–verboseNote: Testing Akismet Directory Plugin https://plugins.svn.wordpress.org/akismetOutput—————————————- _ _ _ ___ ___ ___| |_ _ _ | | | | . |_ -| -_| ‘_| | ||_____| _|___|___|_,_|___| |_| v0.4.0WPSeku – WordPress Security Scannerby Momo Outaadi (m4ll0k)—————————————-[ + ] Checking PHP code…[ + ] Scanning directory…[ i ] Scanning trunk/class.akismet.php file———————————————————————————————————-| Line | Possibile Vuln. | String |———————————————————————————————————-| 597 | Cross-Site Scripting | [b"$_GET[‘action’]", b"$_GET[‘action’]"] || 601 | Cross-Site Scripting | [b"$_GET[‘for’]", b"$_GET[‘for’]"] || 140 | Cross-Site Scripting | [b"$_POST[‘akismet_comment_nonce’]", b"$_POST[‘akismet_comment_nonce’]"] || 144 | Cross-Site Scripting | [b"$_POST[‘_ajax_nonce-replyto-comment’]"] || 586 | Cross-Site Scripting | [b"$_POST[‘status’]", b"$_POST[‘status’]"] || 588 | Cross-Site Scripting | [b"$_POST[‘spam’]", b"$_POST[‘spam’]"] || 590 | Cross-Site Scripting | [b"$_POST[‘unspam’]", b"$_POST[‘unspam’]"] || 592 | Cross-Site Scripting | [b"$_POST[‘comment_status’]", b"$_POST[‘comment_status’]"] || 599 | Cross-Site Scripting | [b"$_POST[‘action’]", b"$_POST[‘action’]"] || 214 | Cross-Site Scripting | [b"$_SERVER[‘HTTP_REFERER’]", b"$_SERVER[‘HTTP_REFERER’]"] || 403 | Cross-Site Scripting | [b"$_SERVER[‘REQUEST_TIME_FLOAT’]", b"$_SERVER[‘REQUEST_TIME_FLOAT’]"] || 861 | Cross-Site Scripting | [b"$_SERVER[‘REMOTE_ADDR’]", b"$_SERVER[‘REMOTE_ADDR’]"] || 930 | Cross-Site Scripting | [b"$_SERVER[‘HTTP_USER_AGENT’]", b"$_SERVER[‘HTTP_USER_AGENT’]"] || 934 | Cross-Site Scripting | [b"$_SERVER[‘HTTP_REFERER’]", b"$_SERVER[‘HTTP_REFERER’]"] || 1349 | Cross-Site Scripting | [b"$_SERVER[‘REMOTE_ADDR’]"] |———————————————————————————————————-[ i ] Scanning trunk/wrapper.php file[ + ] Not found vulnerabilities[ i ] Scanning trunk/akismet.php file———————————————–| Line | Possibile Vuln. | String |———————————————–| 55 | Authorization Hole | [b’is_admin()’] |———————————————–[ i ] Scanning trunk/class.akismet-cli.php file[ + ] Not found vulnerabilities[ i ] Scanning trunk/class.akismet-widget.php file[ + ] Not found vulnerabilities[ i ] Scanning trunk/index.php file[ + ] Not found vulnerabilities[ i ] Scanning trunk/class.akismet-admin.php file——————————————————————————————————————–| Line | Possibile Vuln. | String |——————————————————————————————————————–| 39 | Cross-Site Scripting | [b"$_GET[‘page’]", b"$_GET[‘page’]"] || 134 | Cross-Site Scripting | [b"$_GET[‘akismet_recheck’]", b"$_GET[‘akismet_recheck’]"] || 152 | Cross-Site Scripting | [b"$_GET[‘view’]", b"$_GET[‘view’]"] || 190 | Cross-Site Scripting | [b"$_GET[‘view’]", b"$_GET[‘view’]"] || 388 | Cross-Site Scripting | [b"$_GET[‘recheckqueue’]"] || 841 | Cross-Site Scripting | [b"$_GET[‘view’]", b"$_GET[‘view’]"] || 843 | Cross-Site Scripting | [b"$_GET[‘view’]", b"$_GET[‘view’]"] || 850 | Cross-Site Scripting | [b"$_GET[‘action’]"] || 851 | Cross-Site Scripting | [b"$_GET[‘action’]"] || 852 | Cross-Site Scripting | [b"$_GET[‘_wpnonce’]", b"$_GET[‘_wpnonce’]"] || 868 | Cross-Site Scripting | [b"$_GET[‘token’]", b"$_GET[‘token’]"] || 869 | Cross-Site Scripting | [b"$_GET[‘token’]"] || 873 | Cross-Site Scripting | [b"$_GET[‘action’]"] || 874 | Cross-Site Scripting | [b"$_GET[‘action’]"] || 1005 | Cross-Site Scripting | [b"$_GET[‘akismet_recheck_complete’]"] || 1006 | Cross-Site Scripting | [b"$_GET[‘recheck_count’]"] || 1007 | Cross-Site Scripting | [b"$_GET[‘spam_count’]"] || 31 | Cross-Site Scripting | [b"$_POST[‘action’]", b"$_POST[‘action’]"] || 256 | Cross-Site Scripting | [b"$_POST[‘_wpnonce’]"] || 260 | Cross-Site Scripting | [b’$_POST[$option]’, b’$_POST[$option]’] || 267 | Cross-Site Scripting | [b"$_POST[‘key’]"] || 392 | Cross-Site Scripting | [b"$_POST[‘offset’]", b"$_POST[‘offset’]", b"$_POST[‘limit’]", b"$_POST[‘limit’]"] || 447 | Cross-Site Scripting | [b"$_POST[‘id’]"] || 448 | Cross-Site Scripting | [b"$_POST[‘id’]"] || 460 | Cross-Site Scripting | [b"$_POST[‘id’]", b"$_POST[‘url’]"] || 461 | Cross-Site Scripting | [b"$_POST[‘id’]"] || 464 | Cross-Site Scripting | [b"$_POST[‘url’]"] || 388 | Cross-Site Scripting | [b"$_REQUEST[‘action’]", b"$_REQUEST[‘action’]"] || 400 | Cross-Site Scripting | [b"$_SERVER[‘HTTP_REFERER’]", b"$_SERVER[‘HTTP_REFERER’]"] |——————————————————————————————————————–[ i ] Scanning trunk/class.akismet-rest-api.php file[ + ] Not found vulnerabilitiesCredits and ContributorsOriginal idea and script from WPScan Team (https://wpscan.org/)WPScan Vulnerability Database (https://wpvulndb.com/api)Download WPSeku

Link: http://feedproxy.google.com/~r/PentestTools/~3/Rw3WvFwygMM/wpseku-v04-wordpress-security-scanner.html

JoomScan 0.0.5 – OWASP Joomla Vulnerability Scanner Project

OWASP JoomScan (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis them.WHY OWASP JOOMSCAN ?If you want to do a penetration test on a Joomla CMS, OWASP JoomScan is Your best shot ever! This Project is being faster than ever and updated with the latest Joomla vulnerabilities.INSTALLgit clone https://github.com/rezasp/joomscan.gitcd joomscanperl joomscan.plJOOMSCAN ARGUMENTSUsage: joomscan.pl [options]–url | -u | The Joomla URL/domain to scan.–enumerate-components | -ec | Try to enumerate components.–cookie <String> | Set cookie.–user-agent | -a <user-agent> | Use the specified User-Agent.–random-agent | -r | Use a random User-Agent.–timeout <time-out> | set timeout.–about | About Author–update | Update to the latest version.–help | -h | This help screen.–version | Output the current version and exit.OWASP JOOMSCAN EXAMPLESDo default checks…perl joomscan.pl –url www.example.comorperl joomscan.pl -u www.example.comEnumerate installed components…perl joomscan.pl –url www.example.com –enumerate-componentsorperl joomscan.pl -u www.example.com –ecSet cookieperl joomscan.pl –url www.example.com –cookie “test=demo;"Set user-agentperl joomscan.pl –url www.example.com –user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"orperl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"Set random user-agentperl joomscan.pl -u www.example.com –random-agentorperl joomscan.pl –url www.example.com -rUpdate Joomscan…perl joomscan.pl –updatePROJECT LEADERSMohammad Reza Espargham [ reza[dot]espargham[at]owasp[dot]org ]Ali Razmjoo [ ali[dot]razmjoo[at]owasp[dot]org ]OWASP JoomScan 0.0.5 [KLOT]Update components databaseBug fixed (updating module)Allow start from any pathUpdate backup finder databaseUpdate report moduleUpdate validate target method HTTPS improvementsFix issue #11 – Incorrect URL output for HTTPS siteFix issue #12 – Components scan output issuesFix issue #13 – Check a server is live or not!Fix issue #9 – Disable redirectable requests for components finder moduleA few enhancementsOWASP JoomScan 0.0.1 introduction (Youtube)Download Joomscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/3APBxF3X-7U/joomscan-005-owasp-joomla-vulnerability.html