Joomla Security Scan

Test Joomla Security with this immediate Joomla security scan service. Discover vulnerabilities, web server details and configuration errors.

Joomla is one of the most popular open source content management systems and is a common target for attackers due its popularity and the wide variety of extensions that are available. These Joomla security scans will test your site for security issues, configuration errors and poor reputation links so you can get to work mitigating the vulnerabilities before you get hacked.

About our Joomla Security Scan Options

JoomScan Sample

These scans will test a Joomla installation for a number of common security issues, vulnerable modules as well as perform web reputation analysis of sites that are being linked and sites that are hosted on the same IP address.

Option 1: A simple check of the basics with this passive scan. All the information gathered is from performing regular web requests against the specified site.

Option 2: The second option is a more aggressive active scan that is able to identify known security vulnerabilities and exploitable plug-ins. This option uses the OWASP Joomla! Security Scanner open source security testing tool.

Option 1: Passive Checks include:

  • Determine if Joomla installation is present
  • Perform web reputation lookups for site (Google Safebrowsing).
  • Test for an "admin" user account
  • Test for "directory indexing enabled on modules and components directories"
  • List external sites linked from main page and web reputation of each
  • List linked javascript
  • List any external iframes
  • Perform geolocation and web hosting information lookup

Option 2: JoomScan - the Active Joomla Scanner includes:

  • Detect known exploits and security vulnerabilities
  • Exact version probing
  • Joomla plugin based firewall detection
  • Membership also allows access to the custom OpenVAS Joomla Scan to test Joomla & Web Server vulnerabilities.

To scan enter the sites root URL to test including the full path, such as:

Option 2: Launch JoomScan Scanner
Login to access the Advanced Security Vulnerability Scanners
Membership is required to use this online security scanner. Immediate access is available to new members or login now if you have a valid membership.

Member Login Scan Membership

  • Understand the security configuration of a Joomla install from an external point of view.
  • Discover known security vulnerabilities and configuration mistakes with the install.
  • Run an in-depth security test that includes plugin and theme brute forcing with JoomScan (requires Membership).
  • Membership also gives you access to custom OpenVAS scans that include a focused Joomla test that discovers known vulnerabilities.

About the OWASP Joomla Project

The OWASP Joomla Vulnerability Scanner project is sponsored by YGN Ethical Hacker Group, Myanmar. It has been developed to identify vulnerabilities in the enormously popular content management system Joomla. After being released in 2009 there were a number of version updates that followed with the most recent being 2012. Since 2012 there have been no new releases. This means the database is quite out of date and the tool will not detect newer vulnerabilities.

For more information visit the sourceforge page or the OWASP project page.