Joomla Security Scan

Test Joomla Security with this immediate Joomla security scan service. Discover vulnerabilities, web server details and configuration errors.

Joomla is one of the most popular open source content management systems and is often a target for attackers due its popularity and the wide variety of extensions that are available. This Joomla security scan will test your site for security issues, malware infections and poor reputation links so you can get to work mitigating the vulnerabilities before you get hacked.

Silver and Gold Members can perform an Active scan using the Joomscan utility. The joomscan test will send hundreds of requests to your web server.

Start Joomla Security Testing

Access to scanning is restricted.

Basic Membership is required to use this online security scanner. Immediate access is available to new members or login now if you have a valid membership.




  • Understand the security configuration of a Joomla install from an external point of view.
  • Discover known security vulnerabilities and configuration mistakes with the install.
  • Run an in-depth security test that includes plugin and theme brute forcing with JoomScan (requires membership).



About the Joomla Security Scan

This scan will check a Joomla installation for a number of common security issues as well as perform web reputation analysis of sites that are being linked and sites that are hosted on the same IP address.

Option 1: A passive scan, in that all the information gathered is from performing regular web requests against the specified site.

Option 2: The second option is a more aggressive active scan that is able to identify known security vulnerabilities and exploitable plug-ins. This option uses the excellent OWASP Joomla! Security Scanner open source security testing tool.

Passive Checks include:

  • Determine if Joomla installation is present
  • Perform web reputation lookups for site (Google Safebrowsing, Norton Safeweb and MyWot services).
  • Test for an “admin” user account
  • Test for “directory indexing enabled on themes / modules”
  • Test for robots.txt
  • Test for readable .htacess
  • List external sites linked from main page and web reputation of each
  • List linked Javascript
  • List any external iframes
  • List Internal Site Links
  • Perform Geolocation and Web Hosting information lookups
  • Find web sites sharing the IP address and performs web reputation lookups.

Additional checks in the Active Joomla Scan include:

  • Detect known exploits and security vulnerabilities
  • Exact version Probing
  • Joomla plugin based firewall detection

Enter the URL to test including the full path, such as:

http://www.myexampledomain.com/joomlapath/

About the OWASP Joomla Project

The OWASP Joomla Vulnerability Scanner project is sponsored by YGN Ethical Hacker Group, Myanmar. It has been developed to identify vulnerabilities in the enormously popular content management system Joomla.

For more information visit the sourceforge page or the OWASP project page.

Tweet This
Share This on Facebook
Post it on Google+