rastating / joomlavs Goto Github PK
View Code? Open in Web Editor NEWA black box, Ruby powered, Joomla vulnerability scanner
License: GNU General Public License v3.0
A black box, Ruby powered, Joomla vulnerability scanner
License: GNU General Public License v3.0
I had some problems running JoomlAVS following installation instructions due to libcurl libraries, which were already installed.
Finally I solved the problem by following WPScan instructions for Ubuntu Dependencies. Long story short: libcurl4-openssl-dev was missing.
Hope it can be helpful to anyone else.
If no extensions are found, blank arrays can be passed as a filter, which will result in an aggressive search occuring. Logic needs to be changed to explicitly check for the quiet mode flag and if nothing is in the filter skip that particular scan all together.
when i start joomlavs using this command :
ruby joomlavs.rb
and input this error
Traceback (most recent call last):
2: from ./joomlavs.rb:20:in `<main>'
1: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require'
/usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require': cannot load such file -- slop (LoadError)
my os : Kali Linux
Some older extensions (seems to be those that target v1.5) use a different schema to the standard from newer versions of Joomla. The names of the elements encapsulating the data seem to be the same, but the root element for the older extensions seems to be "install" rather than "extension"
Below are two examples of older manifests
com_poll:
<?xml version="1.0" encoding="utf-8"?>
<install type="component" version="1.0.0">
<name>Polls</name>
<author>Joomla! Project</author>
<creationDate>July 2004</creationDate>
<copyright>Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.</copyright>
<license>http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL</license>
<authorEmail>[email protected]</authorEmail>
<authorUrl>www.joomla.org</authorUrl>
<version>1.5.0</version>
<description>This component manages polls</description>
</install>
com_mad4joomla:
<?xml version="1.0" encoding="utf-8"?>
<install type="component" version="1.5.0">
<name>mad4joomla</name>
<author>Fahrettin Kutyol</author>
<creationDate>01/16/2010</creationDate>
<copyright>Copyright(C) Fahrettin Kutyol - All rights reserved!</copyright>
<license>This component is released under the GNU/GPL License http://www.gnu.org/copyleft/gpl.html</license>
<authorEmail>[email protected]</authorEmail>
<authorUrl>http://www.mooj.org</authorUrl>
<version>1.2</version>
<description>
If you need a version wihtout Copyrightlink please get Mooj Proforms
</description>
<files>
<filename>frontend.defines.mad4joomla.php</filename>
<filename>includes/calendar.php</filename>
<filename>includes/index.html</filename>
<filename>includes/validate.php</filename>
<filename>index.html</filename>
<filename>js/balloontip/bubble-tooltip.css</filename>
<filename>js/balloontip/bubble-tooltip.js</filename>
<filename>js/calendar/calendar-blue.css</filename>
<filename>js/calendar/calendar-blue2.css</filename>
<filename>js/calendar/calendar-brown.css</filename>
<filename>js/calendar/calendar-green.css</filename>
<filename>js/calendar/calendar-setup.js</filename>
<filename>js/calendar/calendar-setup_stripped.js</filename>
<filename>js/calendar/calendar-system.css</filename>
<filename>js/calendar/calendar-tas.css</filename>
<filename>js/calendar/calendar-win2k-1.css</filename>
<filename>js/calendar/calendar-win2k-2.css</filename>
<filename>js/calendar/calendar-win2k-cold-1.css</filename>
<filename>js/calendar/calendar-win2k-cold-2.css</filename>
<filename>js/calendar/calendar.js</filename>
<filename>js/calendar/calendar_stripped.js</filename>
<filename>js/calendar/index.html</filename>
<filename>js/calendar/lang/calendar-af.js</filename>
<filename>js/calendar/lang/calendar-al.js</filename>
<filename>js/calendar/lang/calendar-bg.js</filename>
<filename>js/calendar/lang/calendar-big5-utf8.js</filename>
<filename>js/calendar/lang/calendar-big5.js</filename>
<filename>js/calendar/lang/calendar-br.js</filename>
<filename>js/calendar/lang/calendar-ca.js</filename>
<filename>js/calendar/lang/calendar-cs-utf8.js</filename>
<filename>js/calendar/lang/calendar-cs-win.js</filename>
<filename>js/calendar/lang/calendar-da.js</filename>
<filename>js/calendar/lang/calendar-de.js</filename>
<filename>js/calendar/lang/calendar-du.js</filename>
<filename>js/calendar/lang/calendar-el.js</filename>
<filename>js/calendar/lang/calendar-en.js</filename>
<filename>js/calendar/lang/calendar-es.js</filename>
<filename>js/calendar/lang/calendar-fi.js</filename>
<filename>js/calendar/lang/calendar-fr.js</filename>
<filename>js/calendar/lang/calendar-he-utf8.js</filename>
<filename>js/calendar/lang/calendar-hr-utf8.js</filename>
<filename>js/calendar/lang/calendar-hr.js</filename>
<filename>js/calendar/lang/calendar-hu.js</filename>
<filename>js/calendar/lang/calendar-it.js</filename>
<filename>js/calendar/lang/calendar-jp.js</filename>
<filename>js/calendar/lang/calendar-ko-utf8.js</filename>
<filename>js/calendar/lang/calendar-ko.js</filename>
<filename>js/calendar/lang/calendar-lt-utf8.js</filename>
<filename>js/calendar/lang/calendar-lt.js</filename>
<filename>js/calendar/lang/calendar-lv.js</filename>
<filename>js/calendar/lang/calendar-nl.js</filename>
<filename>js/calendar/lang/calendar-no.js</filename>
<filename>js/calendar/lang/calendar-pl-utf8.js</filename>
<filename>js/calendar/lang/calendar-pl.js</filename>
<filename>js/calendar/lang/calendar-pt.js</filename>
<filename>js/calendar/lang/calendar-ro.js</filename>
<filename>js/calendar/lang/calendar-ru.js</filename>
<filename>js/calendar/lang/calendar-ru_win_.js</filename>
<filename>js/calendar/lang/calendar-si.js</filename>
<filename>js/calendar/lang/calendar-sk.js</filename>
<filename>js/calendar/lang/calendar-sp.js</filename>
<filename>js/calendar/lang/calendar-sv.js</filename>
<filename>js/calendar/lang/calendar-tr.js</filename>
<filename>js/calendar/lang/calendar-zh.js</filename>
<filename>js/calendar/lang/cn_utf8.js</filename>
<filename>js/calendar/lang/index.html</filename>
<filename>js/calendar/m4j.js</filename>
<filename>js/calendar/skins/aqua/active-bg.gif</filename>
<filename>js/calendar/skins/aqua/dark-bg.gif</filename>
<filename>js/calendar/skins/aqua/hover-bg.gif</filename>
<filename>js/calendar/skins/aqua/menuarrow.gif</filename>
<filename>js/calendar/skins/aqua/normal-bg.gif</filename>
<filename>js/calendar/skins/aqua/rowhover-bg.gif</filename>
<filename>js/calendar/skins/aqua/status-bg.gif</filename>
<filename>js/calendar/skins/aqua/theme.css</filename>
<filename>js/calendar/skins/aqua/title-bg.gif</filename>
<filename>js/calendar/skins/aqua/today-bg.gif</filename>
<filename>js/calendar/skins/index.html</filename>
<filename>js/index.html</filename>
<filename>language/frontend.english.php</filename>
<filename>language/frontend.german.php</filename>
<filename>language/frontend.germanf.php</filename>
<filename>language/frontend.germani.php</filename>
<filename>language/index.html</filename>
<filename>mad4joomla.html.php</filename>
<filename>mad4joomla.php</filename>
<filename>sec/abc.png</filename>
<filename>sec/abc_b.png</filename>
<filename>sec/css.php</filename>
<filename>sec/hover.png</filename>
<filename>sec/im.php</filename>
<filename>sec/im2.php</filename>
<filename>sec/im3.php</filename>
<filename>sec/im4.php</filename>
<filename>sec/im3.ttf</filename>
<filename>sec/im4.ttf</filename>
<filename>sec/index.html</filename>
<filename>stylesheet.css</filename>
<filename>language/frontend.simplified_chinese.php</filename>
<filename>language/frontend.traditional_chinese.php</filename>
<filename>language/frontend.french.php</filename>
<filename>language/frontend.dutch.php</filename>
<filename>tmp/index.html</filename>
<filename>language/frontend.portugues.php</filename>
<filename>language/frontend.slovak.php</filename>
<filename>language/frontend.slovaki.php</filename>
<filename>language/frontend.slovakf.php</filename>
<filename>language/frontend.hungarian.php</filename>
<filename>language/frontend.russian.php</filename>
<filename>language/frontend.danish.php</filename>
<filename>language/frontend.spanish.php</filename>
<filename>language/frontend.italian.php</filename>
<filename>language/frontend.catalan.php</filename>
<filename>language/frontend.croatian.php</filename>
<filename>language/frontend.czech.php</filename>
<filename>language/frontend.finnish.php</filename>
<filename>language/frontend.greek.php</filename>
<filename>language/frontend.indonesia.php</filename>
<filename>language/frontend.japanese.php</filename>
<filename>language/frontend.macedonian.php</filename>
<filename>language/frontend.norwegian.php</filename>
<filename>language/frontend.polish.php</filename>
<filename>language/frontend.romanian.php</filename>
<filename>language/frontend.turkish.php</filename>
<filename>language/frontend.swedish.php</filename>
</files>
<images>
<filename>images/arrow.png</filename>
<filename>images/bubble_bottom.gif</filename>
<filename>images/bubble_bottom2.gif</filename>
<filename>images/bubble_middle.gif</filename>
<filename>images/bubble_top.gif</filename>
<filename>images/help0.png</filename>
<filename>images/help1.png</filename>
<filename>images/help2.png</filename>
<filename>images/help3.png</filename>
<filename>images/help4.png</filename>
<filename>images/help5.png</filename>
<filename>images/help6.png</filename>
<filename>images/reload.png</filename>
<filename>images/index.html</filename>
</images>
<install>
<queries>
<query>
DROP TABLE IF EXISTS `#__m4j_captcha`;
</query>
<query>
CREATE TABLE IF NOT EXISTS `#__m4j_captcha` (
`date` timestamp NOT NULL ,
`user` varchar(64) NOT NULL,
`captcha` varchar(64) NOT NULL,
`dead` tinyint(4) DEFAULT '0',
PRIMARY KEY (`user`)
) ENGINE=MyISAM ;
</query>
<query>
DROP TABLE IF EXISTS `#__m4j_category`;
</query>
<query>
CREATE TABLE IF NOT EXISTS `#__m4j_category` (
`cid` int(11) NOT NULL auto_increment,
`name` varchar(64) default NULL,
`active` tinyint(4) default '1',
`email` varchar(64) default NULL,
`introtext` text ,
`sort_order` int(11) default NULL,
PRIMARY KEY (`cid`)
) ENGINE=MyISAM AUTO_INCREMENT=0 ;
</query>
<query>
DROP TABLE IF EXISTS `#__m4j_formelements`;
</query>
<query>
CREATE TABLE IF NOT EXISTS `#__m4j_formelements` (
`eid` int(11) NOT NULL auto_increment,
`fid` int(11) NOT NULL,
`required` tinyint(4) default NULL,
`active` tinyint(4) default '1',
`question` text NOT NULL,
`form` int(11) NOT NULL,
`parameters` text ,
`options` text ,
`help` text ,
`html` text ,
`sort_order` int(11) NOT NULL,
PRIMARY KEY (`eid`)
) ENGINE=MyISAM AUTO_INCREMENT=0 ;
</query>
<query>
DROP TABLE IF EXISTS `#__m4j_forms`;
</query>
<query>
CREATE TABLE IF NOT EXISTS `#__m4j_forms` (
`fid` int(11) NOT NULL auto_increment,
`name` varchar(64) NOT NULL,
`description` text ,
`question_width` tinytext ,
`answer_width` tinytext ,
`use_help` tinyint(4) default '1',
`public` tinyint(4) default '1',
PRIMARY KEY (`fid`)
) ENGINE=MyISAM AUTO_INCREMENT=0 ;
</query>
<query>
DROP TABLE IF EXISTS `#__m4j_jobs`;
</query>
<query>
CREATE TABLE IF NOT EXISTS `#__m4j_jobs` (
`jid` int(11) NOT NULL auto_increment,
`title` varchar(64) NOT NULL,
`hidden` text ,
`introtext` text ,
`maintext` text ,
`active` tinyint(4) default NULL,
`fid` int(11) default NULL,
`cid` int(11) default '-1',
`email` varchar(64) default NULL,
`captcha` tinyint(4) default '1',
`sort_order` int(11) default NULL,
`public` tinyint(4) default '1',
PRIMARY KEY (`jid`)
) ENGINE=MyISAM AUTO_INCREMENT=0 ;
</query>
</queries>
</install>
<uninstall>
<queries>
<query>DELETE FROM `#__m4j_captcha`</query>
<query>DROP TABLE `#__m4j_captcha`</query>
<query>DELETE FROM `#__m4j_category`</query>
<query>DROP TABLE `#__m4j_category`</query>
<query>DELETE FROM `#__m4j_formelements`</query>
<query>DROP TABLE `#__m4j_formelements`</query>
<query>DELETE FROM `#__m4j_forms`</query>
<query>DROP TABLE `#__m4j_forms`</query>
<query>DELETE FROM `#__m4j_jobs` </query>
<query>DROP TABLE `#__m4j_jobs` </query>
</queries>
</uninstall>
<administration>
<menu>Mad4Joomla</menu>
<files>
<filename>admin.mad4joomla.html.php</filename>
<filename>admin.mad4joomla.php</filename>
<filename>admin.stylesheet.css</filename>
<filename>config.mad4joomla.php</filename>
<filename>defines.mad4joomla.php</filename>
<filename>includes/category.php</filename>
<filename>includes/category_new.php</filename>
<filename>includes/config.php</filename>
<filename>includes/element.php</filename>
<filename>includes/formfactory.php</filename>
<filename>includes/forms.php</filename>
<filename>includes/form_elements.php</filename>
<filename>includes/form_new.php</filename>
<filename>includes/functions.php</filename>
<filename>includes/help.php</filename>
<filename>includes/index.html</filename>
<filename>includes/jobs.php</filename>
<filename>includes/jobs_new.php</filename>
<filename>includes/link.php</filename>
<filename>includes/remember_cid.php</filename>
<filename>includes/reset_config.php</filename>
<filename>index.html</filename>
<filename>js/index.html</filename>
<filename>js/mad4joomla.js</filename>
<filename>js/thickbox/index.html</filename>
<filename>js/thickbox/jquery.js</filename>
<filename>js/thickbox/loadingAnimation.gif</filename>
<filename>js/thickbox/thickbox-normal.js</filename>
<filename>js/thickbox/thickbox.css</filename>
<filename>js/thickbox/thickbox.js</filename>
<filename>language/english/index.html</filename>
<filename>language/english/info.php</filename>
<filename>language/english.php</filename>
<filename>language/german/index.html</filename>
<filename>language/german/info.php</filename>
<filename>language/german.php</filename>
<filename>language/germanf/index.html</filename>
<filename>language/germanf/info.php</filename>
<filename>language/germanf.php</filename>
<filename>language/germani/index.html</filename>
<filename>language/germani/info.php</filename>
<filename>language/germani.php</filename>
<filename>language/index.html</filename>
<filename>language/traditional_chinese/info.php</filename>
<filename>language/traditional_chinese/index.html</filename>
<filename>language/traditional_chinese.php</filename>
<filename>language/simplified_chinese/info.php</filename>
<filename>language/simplified_chinese/index.html</filename>
<filename>language/simplified_chinese.php</filename>
<filename>language/french/info.php</filename>
<filename>language/french/index.html</filename>
<filename>language/french.php</filename>
<filename>language/dutch/info.php</filename>
<filename>language/dutch/index.html</filename>
<filename>language/dutch.php</filename>
<filename>includes/evolution.php</filename>
<filename>language/slovak.php</filename>
<filename>language/slovaki.php</filename>
<filename>language/slovakf.php</filename>
<filename>language/turkish.php</filename>
<filename>language/turkish/info.php</filename>
<filename>language/czech.php</filename>
<filename>language/czech/info.php</filename>
<filename>language/indonesia.php</filename>
<filename>language/indonesia/info.php</filename>
<filename>language/italian.php</filename>
<filename>language/japanese.php</filename>
<filename>language/japanese/info.php</filename>
<filename>language/macedonian.php</filename>
<filename>language/romanian.php</filename>
<filename>language/romanian/info.php</filename>
<filename>language/russian.php</filename>
<filename>language/spanish.php</filename>
</files>
<images>
<filename>images/active.png</filename>
<filename>images/add.png</filename>
<filename>images/admin_small.png</filename>
<filename>images/back.png</filename>
<filename>images/cancel.png</filename>
<filename>images/category.png</filename>
<filename>images/config.png</filename>
<filename>images/copy.png</filename>
<filename>images/copyleft.png</filename>
<filename>images/down.png</filename>
<filename>images/element_button.png</filename>
<filename>images/forms.png</filename>
<filename>images/help.png</filename>
<filename>images/index.html</filename>
<filename>images/jobs.png</filename>
<filename>images/left_shadow.png</filename>
<filename>images/link.png</filename>
<filename>images/link2cat.png</filename>
<filename>images/mad4media-3d.png</filename>
<filename>images/mad4media.png</filename>
<filename>images/new.png</filename>
<filename>images/new_category.png</filename>
<filename>images/new_job.png</filename>
<filename>images/next.png</filename>
<filename>images/not_active.png</filename>
<filename>images/not_required.png</filename>
<filename>images/pen-small.png</filename>
<filename>images/preview.png</filename>
<filename>images/proceed.png</filename>
<filename>images/red_decor.png</filename>
<filename>images/remove.png</filename>
<filename>images/required.png</filename>
<filename>images/right_shadow.png</filename>
<filename>images/round_left.png</filename>
<filename>images/round_right.png</filename>
<filename>images/spacer.png</filename>
<filename>images/tableheaderrback.png</filename>
<filename>images/tbarhover.png</filename>
<filename>images/toolbarback.png</filename>
<filename>images/toolbarback_hover.png</filename>
<filename>images/up.png</filename>
<filename>images/proforms-add-banner-de.png</filename>
<filename>images/proforms-add-banner-en.png</filename>
</images>
</administration>
<installfile>install.mad4joomla.php</installfile>
<uninstallfile>uninstall.mad4joomla.php</uninstallfile>
</install>
Do you know how to fix this error?
Traceback (most recent call last):
2: from joomlavs.rb:20:in <main>' 1: from /usr/lib/ruby/2.7.0/rubygems/core_ext/kernel_require.rb:92:in
require'
/usr/lib/ruby/2.7.0/rubygems/core_ext/kernel_require.rb:92:in `require': cannot load such file -- slop (LoadError)
ruby joomlavs.rb
Traceback (most recent call last):
6: from joomlavs.rb:22:in `<main>'
5: from joomlavs.rb:22:in `require_relative'
4: from /home/zawadi/joomlavs/lib/joomlavs/helper.rb:22:in `<top (required)>'
3: from /home/zawadi/joomlavs/lib/joomlavs/helper.rb:22:in `require_relative'
2: from /home/zawadi/joomlavs/lib/joomlavs/output.rb:16:in `<top (required)>'
1: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require'
/usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require': cannot load such file -- colorize (LoadError)
joomlavs didn't detect version and vulnerability via https, only via http was working.
Thanks,
Jan
Hi @rastating
I'm writing to ask if you know that now VEL has a JSON formatted feed available and this should be fine for the creation of a plugin that compare installed extensions/plugins with those reported by VES.
I've open this thread on Joomla! forum: https://forum.joomla.org/viewtopic.php?f=714&t=959786
I'm not a developer I'm a Joomla! user and I think that a similar plugin would increase Joomla! security.
Do you know any Joomla developer interesting on this trip?
PS
Many many thanks for your very useful Joomla! joomlavs!
Ciao!
Davide
Italy
Hi @rastating
I use a Kali Linux 2016.1 updated to day.
I try to install joomlavs and i have this error:
root@kali:~/joomlavs# Sudo gem install bundler && bundle install
Successfully installed bundler-1.11.2
Parsing documentation for bundler-1.11.2
Done installing documentation for bundler after 2 seconds
1 gem installed
Don't run Bundler as root. Bundler can ask for sudo if it is needed, and
installing your bundle as root will break this application for all non-root
users on this machine.
Fetching gem metadata from https://rubygems.org/.........
Fetching version metadata from https://rubygems.org/..
Resolving dependencies...
Using colorize 0.7.7
Using diff-lcs 1.2.5
Using ffi 1.9.10
Using mini_portile2 2.0.0
Using rspec-support 3.4.1
Using slop 4.3.0
Using bundler 1.11.2
Using ethon 0.9.0
Installing nokogiri 1.6.7.2 with native extensions
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.
/usr/bin/ruby2.2 -r ./siteconf20160428-1675-1hr0br7.rb extconf.rb
checking if the C compiler accepts ... yes
Building nokogiri using packaged libraries.
Using mini_portile version 2.0.0
checking for gzdopen() in -lz... no
zlib is missing; necessary for building libxml2
*** extconf.rb failed ***
Could not create Makefile due to some reason, probably lack of necessary
libraries and/or headers. Check the mkmf.log file for more details. You may
need configuration options.
Provided configuration options:
--with-opt-dir
--without-opt-dir
--with-opt-include
--without-opt-include=${opt-dir}/include
--with-opt-lib
--without-opt-lib=${opt-dir}/lib
--with-make-prog
--without-make-prog
--srcdir=.
--curdir
--ruby=/usr/bin/$(RUBY_BASE_NAME)2.2
--help
--clean
--use-system-libraries
--enable-static
--disable-static
--with-zlib-dir
--without-zlib-dir
--with-zlib-include
--without-zlib-include=${zlib-dir}/include
--with-zlib-lib
--without-zlib-lib=${zlib-dir}/lib
--enable-cross-build
--disable-cross-build
extconf failed, exit code 1
Gem files will remain installed in /var/lib/gems/2.2.0/gems/nokogiri-1.6.7.2 for inspection.
Results logged to /var/lib/gems/2.2.0/extensions/x86_64-linux/2.2.0/nokogiri-1.6.7.2/gem_make.out
Using rspec-core 3.4.4
Using rspec-expectations 3.4.0
Using rspec-mocks 3.4.1
Using typhoeus 1.0.2
An error occurred while installing nokogiri (1.6.7.2), and Bundler cannot
continue.
Make sure that `gem install nokogiri -v '1.6.7.2'` succeeds before bundling.
root@kali:~/joomlavs#
Screenshot:
Any idea of the problem?
Thanks!
Some Joomla installations will contain the generator meta tag, as in the examples below, which a full version number can be extracted from:
Joomla 2.5.x:
<meta name="generator" content="Joomla! - Open Source Content Management - Version 2.5.28" />
Joomla 1.5:
<meta name="generator" content="Joomla! 1.5 - Open Source Content Management" />
the script only scan one site at one time and it is really useful i really thank you.
but i want it to scan multi-sites so can you help me please?
I'm wondering if there's plan to update the fingerprint list of known joomla issue. I'm not a ruby developer, is there something that i can help ?
Add options for:
Hello,
Do you update the database manually ?
Thanks.
When symbolic link is used for this tool we get following error:
/opt/joomlavs/lib/joomlavs/joomlavs.rb:33:in
read': No such file or directory @ rb_sysopen - data/joomla.json (Errno::ENOENT)
from /opt/joomlavs/lib/joomlavs/joomlavs.rb:33:in joomla_vulnerabilities' from /opt/joomlavs/lib/joomlavs/joomlavs.rb:47:in
display_joomla_vulns'
from /usr/bin/joomlavs:83:in start' from /usr/bin/joomlavs:94:in
The problem is it uses absolute path's.
i am not much of a ruby programmer but should be easy fix
Why don't you try to get the Joomla version of the file /administrator/manifests/files/joomla.xml before getting it from the README.txt? If the file is accessible, it will give you more accurate information about the version.
For example:
https://www.joomla.org/administrator/manifests/files/joomla.xml gives you 3.6.4 while https://www.joomla.org/README.txt gives you 3.6
Hello,
Can we update the database like wpscan ?? (wpscan.rb --update)
Thanks.
The known vulnerabilities have not been updated since 9th July 2017. Since then, a number of new vulnerabilities have been publicly listed on Exploit-DB; as can be seen on https://www.exploit-db.com/search/?action=search&q=joomla
If you wish to take up this issue, ensure that all vulnerabilities, starting from EDB-ID 42347 onward (i.e. This Exploit), are added to the data files.
Within the data
directory, there are 4 files, each of which will house vulnerabilities of a specific type:
components.json
- Component vulnerabilitiesjoomla.json
- Core Joomla vulnerabilitiesmodules.json
- Module vulnerabilitiestemplates.json
- Template vulnerabilitiesThe structure of the JSON is quite self explanatory, and should be easy to figure out from the format, so I leave that to anyone wanting to pick this up.
Good luck, have fun :)
Hi,
Would it be possible to put in a feature request to have joomlavs be able to output findings to json? This would be very useful to make automating checks quicker and easier. And thanks for all your hard work on this project!!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.