Monday, January 2, 2012

Joomscan! A Quick way to audit Joomla installs

Today I will briefly introduce you to a tool that has been under development for a while now thanks to OWASP. I bring to you today Joomscan! This is a Perl script which is capable of scanning your Joomla site for common misconfigurations and vulnerabilities. It doesn’t magically exploit them, but it can be a quick way to analyze a sites security and we all know Joomla has its many problems despite it being so popular and easy to use.

In order to get started you will need to first download joomscan.pl from the main OWASP project download page hosted on Source Forge: http://sourceforge.net/projects/joomscan/files/

You will need to edit lines 62 & 63 of the joomscan.pl file so the full path location is set to the actual file location otherwise you will experience errors when immediately running (following the EULA Acceptance & then following the firewall scan):

Once setup properly we can run the Perl script with the –u argument followed by our target site and let it rip (you can ignore the update request and still run just fine):
...

...

...
NOTE: It will beep upon completion so don’t be alarmed :p  

A few additional arguments which can be used:
-          We can quickly check the version running and exit by using the “-pe” argument
-          We can run the request through a proxy using the “-x proxy:port” argument
-          We can log all of the output to a file for review afterwards by adding either the “-ot” or “-oh” arguments which will output in either text or html format.
o   This flag needs to be placed first and before any others to work properly.
o   The text version emulates the terminal results while the HTML output is very clean and presentable (my preference)

COMMAND: joomscan.pl –oh –u http://www.site.com –pe

The output option does not work unless you make it the first argument so make sure your order is right. It took me a few passes to finally figure that bug out. The results of the scan will be saved in the “/report” folder with a filename of “www.target-site-joexploit” (.txt/html), simply open it up to review or present as needed. The text output is pretty much a mirror of the terminal results, while the html output option is something you can actually present to someone with little modification (good for assessments and/or upgrade budget requests). Here is a few quick screenshots:

PRETTY GRAPHS:

PRETTY DETAILED RESULTS:

There is not much more to this tool, it doesn’t test vulnerabilities so you need to follow up manually from here. I just wanted to highlight this tool for those who may be unaware. It allows you to quickly assess your Joomla! site for common misconfigurations and vulnerabilities which can lead to hackers exploiting your site.

Stay patched and until next time – Enjoy!

1 comment:

  1. Is there a way to put the results in an Excel like structure?

    ReplyDelete