Joomla is one of the most popular open source content management systems and is often a target for attackers due its popularity and the wide variety of extensions that are available. This Joomla security scan will test your site for security issues, malware infections and poor reputation links so you can get to work mitigating the vulnerabilities before you get hacked.
Silver and Gold Members can perform an Active scan using the Joomscan utility. The joomscan test will send hundreds of requests to your web server.
Start Joomla Security Testing
Access to scanning is restricted.
- Understand the security configuration of a Joomla install from an external point of view.
- Discover known security vulnerabilities and configuration mistakes with the install.
- Run an in-depth security test that includes plugin and theme brute forcing with JoomScan (requires membership).
About the Joomla Security Scan
This scan will check a Joomla installation for a number of common security issues as well as perform web reputation analysis of sites that are being linked and sites that are hosted on the same IP address.
Option 1: A passive scan, in that all the information gathered is from performing regular web requests against the specified site.
Option 2: The second option is a more aggressive active scan that is able to identify known security vulnerabilities and exploitable plug-ins. This option uses the excellent OWASP Joomla! Security Scanner open source security testing tool.
Passive Checks include:
- Determine if Joomla installation is present
- Perform web reputation lookups for site (Google Safebrowsing, Norton Safeweb and MyWot services).
- Test for an “admin” user account
- Test for “directory indexing enabled on themes / modules”
- Test for robots.txt
- Test for readable .htacess
- List external sites linked from main page and web reputation of each
- List any external iframes
- List Internal Site Links
- Perform Geolocation and Web Hosting information lookups
- Find web sites sharing the IP address and performs web reputation lookups.
Additional checks in the Active Joomla Scan include:
- Detect known exploits and security vulnerabilities
- Exact version Probing
- Joomla plugin based firewall detection
Enter the URL to test including the full path, such as:
About the OWASP Joomla Project
The OWASP Joomla Vulnerability Scanner project is sponsored by YGN Ethical Hacker Group, Myanmar. It has been developed to identify vulnerabilities in the enormously popular content management system Joomla.