rastating / joomlavs Goto Github PK
View Code? Open in Web Editor NEWA black box, Ruby powered, Joomla vulnerability scanner
License: GNU General Public License v3.0
joomlavs's People
Contributors
Stargazers
Watchers
Forkers
securityscorecard netpainter yas3r brandontict murad1992 programming086 vukor joomlacorner foxweek ning1022 lubyruffy 0x1bitcrack3r lmcro crypto-breaker cryptedwolf panckazzz aysenurkaraslan songofhack arnewc greising tnktecnologia arnco dade88 vysecurity makakin 3wapp seastorm mgcfish shalombublil projectboot tobey123 niaziahmer infosecsecurity mibbzy simontechdev ipepe met3or exploitcollection mehrdad-shokri otodorov lexluga wolfwhoami abc22932337 an4kein seyfemichael zgwdg adidisali29 shellgh05t abraham313 d4mn4t10n edroofs dannymas theassyrian wisk679 vanquishsecurity httpsgithu natrix-fork seabreg orf53975 sasqwatch lolici123 bbhunter rsempere kimocoder terrisgo antnks modulexcite alex-poliukh 5l1v3r1 keramzyt masterscott marciopocebon area71 hartl3y94 mdalmao satsin727 technoworrior 100security ikpehlivan 2cuentasprivado iq-scm janedoe667joomlavs's Issues
Add user agent option
Dependencies on Ubuntu
I had some problems running JoomlAVS following installation instructions due to libcurl libraries, which were already installed.
Finally I solved the problem by following WPScan instructions for Ubuntu Dependencies. Long story short: libcurl4-openssl-dev was missing.
Hope it can be helpful to anyone else.
Quiet mode can fail and result in an aggressive scasn
If no extensions are found, blank arrays can be passed as a filter, which will result in an aggressive search occuring. Logic needs to be changed to explicitly check for the quiet mode flag and if nothing is in the filter skip that particular scan all together.
joomlavs Not working
when i start joomlavs using this command :
ruby joomlavs.rb
and input this error
Traceback (most recent call last):
2: from ./joomlavs.rb:20:in `<main>'
1: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require'
/usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require': cannot load such file -- slop (LoadError)
my os : Kali Linux
Fix xpath for older extension schema
Some older extensions (seems to be those that target v1.5) use a different schema to the standard from newer versions of Joomla. The names of the elements encapsulating the data seem to be the same, but the root element for the older extensions seems to be "install" rather than "extension"
Below are two examples of older manifests
com_poll:
<?xml version="1.0" encoding="utf-8"?>
<install type="component" version="1.0.0">
<name>Polls</name>
<author>Joomla! Project</author>
<creationDate>July 2004</creationDate>
<copyright>Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.</copyright>
<license>http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL</license>
<authorEmail>[email protected]</authorEmail>
<authorUrl>www.joomla.org</authorUrl>
<version>1.5.0</version>
<description>This component manages polls</description>
</install>com_mad4joomla:
<?xml version="1.0" encoding="utf-8"?>
<install type="component" version="1.5.0">
<name>mad4joomla</name>
<author>Fahrettin Kutyol</author>
<creationDate>01/16/2010</creationDate>
<copyright>Copyright(C) Fahrettin Kutyol - All rights reserved!</copyright>
<license>This component is released under the GNU/GPL License http://www.gnu.org/copyleft/gpl.html</license>
<authorEmail>[email protected]</authorEmail>
<authorUrl>http://www.mooj.org</authorUrl>
<version>1.2</version>
<description>
If you need a version wihtout Copyrightlink please get Mooj Proforms
</description>
<files>
<filename>frontend.defines.mad4joomla.php</filename>
<filename>includes/calendar.php</filename>
<filename>includes/index.html</filename>
<filename>includes/validate.php</filename>
<filename>index.html</filename>
<filename>js/balloontip/bubble-tooltip.css</filename>
<filename>js/balloontip/bubble-tooltip.js</filename>
<filename>js/calendar/calendar-blue.css</filename>
<filename>js/calendar/calendar-blue2.css</filename>
<filename>js/calendar/calendar-brown.css</filename>
<filename>js/calendar/calendar-green.css</filename>
<filename>js/calendar/calendar-setup.js</filename>
<filename>js/calendar/calendar-setup_stripped.js</filename>
<filename>js/calendar/calendar-system.css</filename>
<filename>js/calendar/calendar-tas.css</filename>
<filename>js/calendar/calendar-win2k-1.css</filename>
<filename>js/calendar/calendar-win2k-2.css</filename>
<filename>js/calendar/calendar-win2k-cold-1.css</filename>
<filename>js/calendar/calendar-win2k-cold-2.css</filename>
<filename>js/calendar/calendar.js</filename>
<filename>js/calendar/calendar_stripped.js</filename>
<filename>js/calendar/index.html</filename>
<filename>js/calendar/lang/calendar-af.js</filename>
<filename>js/calendar/lang/calendar-al.js</filename>
<filename>js/calendar/lang/calendar-bg.js</filename>
<filename>js/calendar/lang/calendar-big5-utf8.js</filename>
<filename>js/calendar/lang/calendar-big5.js</filename>
<filename>js/calendar/lang/calendar-br.js</filename>
<filename>js/calendar/lang/calendar-ca.js</filename>
<filename>js/calendar/lang/calendar-cs-utf8.js</filename>
<filename>js/calendar/lang/calendar-cs-win.js</filename>
<filename>js/calendar/lang/calendar-da.js</filename>
<filename>js/calendar/lang/calendar-de.js</filename>
<filename>js/calendar/lang/calendar-du.js</filename>
<filename>js/calendar/lang/calendar-el.js</filename>
<filename>js/calendar/lang/calendar-en.js</filename>
<filename>js/calendar/lang/calendar-es.js</filename>
<filename>js/calendar/lang/calendar-fi.js</filename>
<filename>js/calendar/lang/calendar-fr.js</filename>
<filename>js/calendar/lang/calendar-he-utf8.js</filename>
<filename>js/calendar/lang/calendar-hr-utf8.js</filename>
<filename>js/calendar/lang/calendar-hr.js</filename>
<filename>js/calendar/lang/calendar-hu.js</filename>
<filename>js/calendar/lang/calendar-it.js</filename>
<filename>js/calendar/lang/calendar-jp.js</filename>
<filename>js/calendar/lang/calendar-ko-utf8.js</filename>
<filename>js/calendar/lang/calendar-ko.js</filename>
<filename>js/calendar/lang/calendar-lt-utf8.js</filename>
<filename>js/calendar/lang/calendar-lt.js</filename>
<filename>js/calendar/lang/calendar-lv.js</filename>
<filename>js/calendar/lang/calendar-nl.js</filename>
<filename>js/calendar/lang/calendar-no.js</filename>
<filename>js/calendar/lang/calendar-pl-utf8.js</filename>
<filename>js/calendar/lang/calendar-pl.js</filename>
<filename>js/calendar/lang/calendar-pt.js</filename>
<filename>js/calendar/lang/calendar-ro.js</filename>
<filename>js/calendar/lang/calendar-ru.js</filename>
<filename>js/calendar/lang/calendar-ru_win_.js</filename>
<filename>js/calendar/lang/calendar-si.js</filename>
<filename>js/calendar/lang/calendar-sk.js</filename>
<filename>js/calendar/lang/calendar-sp.js</filename>
<filename>js/calendar/lang/calendar-sv.js</filename>
<filename>js/calendar/lang/calendar-tr.js</filename>
<filename>js/calendar/lang/calendar-zh.js</filename>
<filename>js/calendar/lang/cn_utf8.js</filename>
<filename>js/calendar/lang/index.html</filename>
<filename>js/calendar/m4j.js</filename>
<filename>js/calendar/skins/aqua/active-bg.gif</filename>
<filename>js/calendar/skins/aqua/dark-bg.gif</filename>
<filename>js/calendar/skins/aqua/hover-bg.gif</filename>
<filename>js/calendar/skins/aqua/menuarrow.gif</filename>
<filename>js/calendar/skins/aqua/normal-bg.gif</filename>
<filename>js/calendar/skins/aqua/rowhover-bg.gif</filename>
<filename>js/calendar/skins/aqua/status-bg.gif</filename>
<filename>js/calendar/skins/aqua/theme.css</filename>
<filename>js/calendar/skins/aqua/title-bg.gif</filename>
<filename>js/calendar/skins/aqua/today-bg.gif</filename>
<filename>js/calendar/skins/index.html</filename>
<filename>js/index.html</filename>
<filename>language/frontend.english.php</filename>
<filename>language/frontend.german.php</filename>
<filename>language/frontend.germanf.php</filename>
<filename>language/frontend.germani.php</filename>
<filename>language/index.html</filename>
<filename>mad4joomla.html.php</filename>
<filename>mad4joomla.php</filename>
<filename>sec/abc.png</filename>
<filename>sec/abc_b.png</filename>
<filename>sec/css.php</filename>
<filename>sec/hover.png</filename>
<filename>sec/im.php</filename>
<filename>sec/im2.php</filename>
<filename>sec/im3.php</filename>
<filename>sec/im4.php</filename>
<filename>sec/im3.ttf</filename>
<filename>sec/im4.ttf</filename>
<filename>sec/index.html</filename>
<filename>stylesheet.css</filename>
<filename>language/frontend.simplified_chinese.php</filename>
<filename>language/frontend.traditional_chinese.php</filename>
<filename>language/frontend.french.php</filename>
<filename>language/frontend.dutch.php</filename>
<filename>tmp/index.html</filename>
<filename>language/frontend.portugues.php</filename>
<filename>language/frontend.slovak.php</filename>
<filename>language/frontend.slovaki.php</filename>
<filename>language/frontend.slovakf.php</filename>
<filename>language/frontend.hungarian.php</filename>
<filename>language/frontend.russian.php</filename>
<filename>language/frontend.danish.php</filename>
<filename>language/frontend.spanish.php</filename>
<filename>language/frontend.italian.php</filename>
<filename>language/frontend.catalan.php</filename>
<filename>language/frontend.croatian.php</filename>
<filename>language/frontend.czech.php</filename>
<filename>language/frontend.finnish.php</filename>
<filename>language/frontend.greek.php</filename>
<filename>language/frontend.indonesia.php</filename>
<filename>language/frontend.japanese.php</filename>
<filename>language/frontend.macedonian.php</filename>
<filename>language/frontend.norwegian.php</filename>
<filename>language/frontend.polish.php</filename>
<filename>language/frontend.romanian.php</filename>
<filename>language/frontend.turkish.php</filename>
<filename>language/frontend.swedish.php</filename>
</files>
<images>
<filename>images/arrow.png</filename>
<filename>images/bubble_bottom.gif</filename>
<filename>images/bubble_bottom2.gif</filename>
<filename>images/bubble_middle.gif</filename>
<filename>images/bubble_top.gif</filename>
<filename>images/help0.png</filename>
<filename>images/help1.png</filename>
<filename>images/help2.png</filename>
<filename>images/help3.png</filename>
<filename>images/help4.png</filename>
<filename>images/help5.png</filename>
<filename>images/help6.png</filename>
<filename>images/reload.png</filename>
<filename>images/index.html</filename>
</images>
<install>
<queries>
<query>
DROP TABLE IF EXISTS `#__m4j_captcha`;
</query>
<query>
CREATE TABLE IF NOT EXISTS `#__m4j_captcha` (
`date` timestamp NOT NULL ,
`user` varchar(64) NOT NULL,
`captcha` varchar(64) NOT NULL,
`dead` tinyint(4) DEFAULT '0',
PRIMARY KEY (`user`)
) ENGINE=MyISAM ;
</query>
<query>
DROP TABLE IF EXISTS `#__m4j_category`;
</query>
<query>
CREATE TABLE IF NOT EXISTS `#__m4j_category` (
`cid` int(11) NOT NULL auto_increment,
`name` varchar(64) default NULL,
`active` tinyint(4) default '1',
`email` varchar(64) default NULL,
`introtext` text ,
`sort_order` int(11) default NULL,
PRIMARY KEY (`cid`)
) ENGINE=MyISAM AUTO_INCREMENT=0 ;
</query>
<query>
DROP TABLE IF EXISTS `#__m4j_formelements`;
</query>
<query>
CREATE TABLE IF NOT EXISTS `#__m4j_formelements` (
`eid` int(11) NOT NULL auto_increment,
`fid` int(11) NOT NULL,
`required` tinyint(4) default NULL,
`active` tinyint(4) default '1',
`question` text NOT NULL,
`form` int(11) NOT NULL,
`parameters` text ,
`options` text ,
`help` text ,
`html` text ,
`sort_order` int(11) NOT NULL,
PRIMARY KEY (`eid`)
) ENGINE=MyISAM AUTO_INCREMENT=0 ;
</query>
<query>
DROP TABLE IF EXISTS `#__m4j_forms`;
</query>
<query>
CREATE TABLE IF NOT EXISTS `#__m4j_forms` (
`fid` int(11) NOT NULL auto_increment,
`name` varchar(64) NOT NULL,
`description` text ,
`question_width` tinytext ,
`answer_width` tinytext ,
`use_help` tinyint(4) default '1',
`public` tinyint(4) default '1',
PRIMARY KEY (`fid`)
) ENGINE=MyISAM AUTO_INCREMENT=0 ;
</query>
<query>
DROP TABLE IF EXISTS `#__m4j_jobs`;
</query>
<query>
CREATE TABLE IF NOT EXISTS `#__m4j_jobs` (
`jid` int(11) NOT NULL auto_increment,
`title` varchar(64) NOT NULL,
`hidden` text ,
`introtext` text ,
`maintext` text ,
`active` tinyint(4) default NULL,
`fid` int(11) default NULL,
`cid` int(11) default '-1',
`email` varchar(64) default NULL,
`captcha` tinyint(4) default '1',
`sort_order` int(11) default NULL,
`public` tinyint(4) default '1',
PRIMARY KEY (`jid`)
) ENGINE=MyISAM AUTO_INCREMENT=0 ;
</query>
</queries>
</install>
<uninstall>
<queries>
<query>DELETE FROM `#__m4j_captcha`</query>
<query>DROP TABLE `#__m4j_captcha`</query>
<query>DELETE FROM `#__m4j_category`</query>
<query>DROP TABLE `#__m4j_category`</query>
<query>DELETE FROM `#__m4j_formelements`</query>
<query>DROP TABLE `#__m4j_formelements`</query>
<query>DELETE FROM `#__m4j_forms`</query>
<query>DROP TABLE `#__m4j_forms`</query>
<query>DELETE FROM `#__m4j_jobs` </query>
<query>DROP TABLE `#__m4j_jobs` </query>
</queries>
</uninstall>
<administration>
<menu>Mad4Joomla</menu>
<files>
<filename>admin.mad4joomla.html.php</filename>
<filename>admin.mad4joomla.php</filename>
<filename>admin.stylesheet.css</filename>
<filename>config.mad4joomla.php</filename>
<filename>defines.mad4joomla.php</filename>
<filename>includes/category.php</filename>
<filename>includes/category_new.php</filename>
<filename>includes/config.php</filename>
<filename>includes/element.php</filename>
<filename>includes/formfactory.php</filename>
<filename>includes/forms.php</filename>
<filename>includes/form_elements.php</filename>
<filename>includes/form_new.php</filename>
<filename>includes/functions.php</filename>
<filename>includes/help.php</filename>
<filename>includes/index.html</filename>
<filename>includes/jobs.php</filename>
<filename>includes/jobs_new.php</filename>
<filename>includes/link.php</filename>
<filename>includes/remember_cid.php</filename>
<filename>includes/reset_config.php</filename>
<filename>index.html</filename>
<filename>js/index.html</filename>
<filename>js/mad4joomla.js</filename>
<filename>js/thickbox/index.html</filename>
<filename>js/thickbox/jquery.js</filename>
<filename>js/thickbox/loadingAnimation.gif</filename>
<filename>js/thickbox/thickbox-normal.js</filename>
<filename>js/thickbox/thickbox.css</filename>
<filename>js/thickbox/thickbox.js</filename>
<filename>language/english/index.html</filename>
<filename>language/english/info.php</filename>
<filename>language/english.php</filename>
<filename>language/german/index.html</filename>
<filename>language/german/info.php</filename>
<filename>language/german.php</filename>
<filename>language/germanf/index.html</filename>
<filename>language/germanf/info.php</filename>
<filename>language/germanf.php</filename>
<filename>language/germani/index.html</filename>
<filename>language/germani/info.php</filename>
<filename>language/germani.php</filename>
<filename>language/index.html</filename>
<filename>language/traditional_chinese/info.php</filename>
<filename>language/traditional_chinese/index.html</filename>
<filename>language/traditional_chinese.php</filename>
<filename>language/simplified_chinese/info.php</filename>
<filename>language/simplified_chinese/index.html</filename>
<filename>language/simplified_chinese.php</filename>
<filename>language/french/info.php</filename>
<filename>language/french/index.html</filename>
<filename>language/french.php</filename>
<filename>language/dutch/info.php</filename>
<filename>language/dutch/index.html</filename>
<filename>language/dutch.php</filename>
<filename>includes/evolution.php</filename>
<filename>language/slovak.php</filename>
<filename>language/slovaki.php</filename>
<filename>language/slovakf.php</filename>
<filename>language/turkish.php</filename>
<filename>language/turkish/info.php</filename>
<filename>language/czech.php</filename>
<filename>language/czech/info.php</filename>
<filename>language/indonesia.php</filename>
<filename>language/indonesia/info.php</filename>
<filename>language/italian.php</filename>
<filename>language/japanese.php</filename>
<filename>language/japanese/info.php</filename>
<filename>language/macedonian.php</filename>
<filename>language/romanian.php</filename>
<filename>language/romanian/info.php</filename>
<filename>language/russian.php</filename>
<filename>language/spanish.php</filename>
</files>
<images>
<filename>images/active.png</filename>
<filename>images/add.png</filename>
<filename>images/admin_small.png</filename>
<filename>images/back.png</filename>
<filename>images/cancel.png</filename>
<filename>images/category.png</filename>
<filename>images/config.png</filename>
<filename>images/copy.png</filename>
<filename>images/copyleft.png</filename>
<filename>images/down.png</filename>
<filename>images/element_button.png</filename>
<filename>images/forms.png</filename>
<filename>images/help.png</filename>
<filename>images/index.html</filename>
<filename>images/jobs.png</filename>
<filename>images/left_shadow.png</filename>
<filename>images/link.png</filename>
<filename>images/link2cat.png</filename>
<filename>images/mad4media-3d.png</filename>
<filename>images/mad4media.png</filename>
<filename>images/new.png</filename>
<filename>images/new_category.png</filename>
<filename>images/new_job.png</filename>
<filename>images/next.png</filename>
<filename>images/not_active.png</filename>
<filename>images/not_required.png</filename>
<filename>images/pen-small.png</filename>
<filename>images/preview.png</filename>
<filename>images/proceed.png</filename>
<filename>images/red_decor.png</filename>
<filename>images/remove.png</filename>
<filename>images/required.png</filename>
<filename>images/right_shadow.png</filename>
<filename>images/round_left.png</filename>
<filename>images/round_right.png</filename>
<filename>images/spacer.png</filename>
<filename>images/tableheaderrback.png</filename>
<filename>images/tbarhover.png</filename>
<filename>images/toolbarback.png</filename>
<filename>images/toolbarback_hover.png</filename>
<filename>images/up.png</filename>
<filename>images/proforms-add-banner-de.png</filename>
<filename>images/proforms-add-banner-en.png</filename>
</images>
</administration>
<installfile>install.mad4joomla.php</installfile>
<uninstallfile>uninstall.mad4joomla.php</uninstallfile>
</install>ruby error upon running the joomlavs.rb
Do you know how to fix this error?
Traceback (most recent call last):
2: from joomlavs.rb:20:in <main>' 1: from /usr/lib/ruby/2.7.0/rubygems/core_ext/kernel_require.rb:92:in require'
/usr/lib/ruby/2.7.0/rubygems/core_ext/kernel_require.rb:92:in `require': cannot load such file -- slop (LoadError)
cannot load such file
ruby joomlavs.rb
Traceback (most recent call last):
6: from joomlavs.rb:22:in `<main>'
5: from joomlavs.rb:22:in `require_relative'
4: from /home/zawadi/joomlavs/lib/joomlavs/helper.rb:22:in `<top (required)>'
3: from /home/zawadi/joomlavs/lib/joomlavs/helper.rb:22:in `require_relative'
2: from /home/zawadi/joomlavs/lib/joomlavs/output.rb:16:in `<top (required)>'
1: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require'
/usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require': cannot load such file -- colorize (LoadError)
joomla website via https
joomlavs didn't detect version and vulnerability via https, only via http was working.
Thanks,
Jan
Add proxy support
Add fingerprinting
- Check Joomla version
- Check Interesting headers
- Check if user registrations are enabled
- Check if directory listings are enabled for interesting directories
Not an issue, simple your opinion on how to improve Joomla! security in the year 2018
Hi @rastating
I'm writing to ask if you know that now VEL has a JSON formatted feed available and this should be fine for the creation of a plugin that compare installed extensions/plugins with those reported by VES.
I've open this thread on Joomla! forum: https://forum.joomla.org/viewtopic.php?f=714&t=959786
I'm not a developer I'm a Joomla! user and I think that a similar plugin would increase Joomla! security.
Do you know any Joomla developer interesting on this trip?
PS
Many many thanks for your very useful Joomla! joomlavs!
Ciao!
Davide
Italy
Add enumeration options
Error in "gem install bundler && bundle install"
Hi @rastating
I use a Kali Linux 2016.1 updated to day.
I try to install joomlavs and i have this error:
root@kali:~/joomlavs# Sudo gem install bundler && bundle install
Successfully installed bundler-1.11.2
Parsing documentation for bundler-1.11.2
Done installing documentation for bundler after 2 seconds
1 gem installed
Don't run Bundler as root. Bundler can ask for sudo if it is needed, and
installing your bundle as root will break this application for all non-root
users on this machine.
Fetching gem metadata from https://rubygems.org/.........
Fetching version metadata from https://rubygems.org/..
Resolving dependencies...
Using colorize 0.7.7
Using diff-lcs 1.2.5
Using ffi 1.9.10
Using mini_portile2 2.0.0
Using rspec-support 3.4.1
Using slop 4.3.0
Using bundler 1.11.2
Using ethon 0.9.0
Installing nokogiri 1.6.7.2 with native extensions
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.
/usr/bin/ruby2.2 -r ./siteconf20160428-1675-1hr0br7.rb extconf.rb
checking if the C compiler accepts ... yes
Building nokogiri using packaged libraries.
Using mini_portile version 2.0.0
checking for gzdopen() in -lz... no
zlib is missing; necessary for building libxml2
*** extconf.rb failed ***
Could not create Makefile due to some reason, probably lack of necessary
libraries and/or headers. Check the mkmf.log file for more details. You may
need configuration options.
Provided configuration options:
--with-opt-dir
--without-opt-dir
--with-opt-include
--without-opt-include=${opt-dir}/include
--with-opt-lib
--without-opt-lib=${opt-dir}/lib
--with-make-prog
--without-make-prog
--srcdir=.
--curdir
--ruby=/usr/bin/$(RUBY_BASE_NAME)2.2
--help
--clean
--use-system-libraries
--enable-static
--disable-static
--with-zlib-dir
--without-zlib-dir
--with-zlib-include
--without-zlib-include=${zlib-dir}/include
--with-zlib-lib
--without-zlib-lib=${zlib-dir}/lib
--enable-cross-build
--disable-cross-build
extconf failed, exit code 1
Gem files will remain installed in /var/lib/gems/2.2.0/gems/nokogiri-1.6.7.2 for inspection.
Results logged to /var/lib/gems/2.2.0/extensions/x86_64-linux/2.2.0/nokogiri-1.6.7.2/gem_make.out
Using rspec-core 3.4.4
Using rspec-expectations 3.4.0
Using rspec-mocks 3.4.1
Using typhoeus 1.0.2
An error occurred while installing nokogiri (1.6.7.2), and Bundler cannot
continue.
Make sure that `gem install nokogiri -v '1.6.7.2'` succeeds before bundling.
root@kali:~/joomlavs#
Screenshot:
Any idea of the problem?
Thanks!
Add generator meta tag scanning to version fingerprinting
Some Joomla installations will contain the generator meta tag, as in the examples below, which a full version number can be extracted from:
Joomla 2.5.x:
<meta name="generator" content="Joomla! - Open Source Content Management - Version 2.5.28" />Joomla 1.5:
<meta name="generator" content="Joomla! 1.5 - Open Source Content Management" />what can i do to scan multi-sites ?
the script only scan one site at one time and it is really useful i really thank you.
but i want it to scan multi-sites so can you help me please?
Update
I'm wondering if there's plan to update the fingerprint list of known joomla issue. I'm not a ruby developer, is there something that i can help ?
Add basic Typhoeus configuration options
Add options for:
- Following redirections
- Basic authentication
- Max concurrency / threads
Database Update ?
Hello,
Do you update the database manually ?
Thanks.
Error on symbolic link
When symbolic link is used for this tool we get following error:
/opt/joomlavs/lib/joomlavs/joomlavs.rb:33:in read': No such file or directory @ rb_sysopen - data/joomla.json (Errno::ENOENT)
from /opt/joomlavs/lib/joomlavs/joomlavs.rb:33:in joomla_vulnerabilities' from /opt/joomlavs/lib/joomlavs/joomlavs.rb:47:in display_joomla_vulns'
from /usr/bin/joomlavs:83:in start' from /usr/bin/joomlavs:94:in
The problem is it uses absolute path's.
i am not much of a ruby programmer but should be easy fix
Add passive scanning
Version fingerprinting
Why don't you try to get the Joomla version of the file /administrator/manifests/files/joomla.xml before getting it from the README.txt? If the file is accessible, it will give you more accurate information about the version.
For example:
https://www.joomla.org/administrator/manifests/files/joomla.xml gives you 3.6.4 while https://www.joomla.org/README.txt gives you 3.6
Add no colour option
How to update the database list ?
Hello,
Can we update the database like wpscan ?? (wpscan.rb --update)
Thanks.
Add New Vulnerabilities
The known vulnerabilities have not been updated since 9th July 2017. Since then, a number of new vulnerabilities have been publicly listed on Exploit-DB; as can be seen on https://www.exploit-db.com/search/?action=search&q=joomla
If you wish to take up this issue, ensure that all vulnerabilities, starting from EDB-ID 42347 onward (i.e. This Exploit), are added to the data files.
Within the data directory, there are 4 files, each of which will house vulnerabilities of a specific type:
components.json- Component vulnerabilitiesjoomla.json- Core Joomla vulnerabilitiesmodules.json- Module vulnerabilitiestemplates.json- Template vulnerabilities
The structure of the JSON is quite self explanatory, and should be easy to figure out from the format, so I leave that to anyone wanting to pick this up.
Good luck, have fun :)
Feature Request: Output to JSON?
Hi,
Would it be possible to put in a feature request to have joomlavs be able to output findings to json? This would be very useful to make automating checks quicker and easier. And thanks for all your hard work on this project!!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.