Test Joomla Security with this immediate Joomla security scan service. Discover vulnerabilities, web server details and configuration errors.
Joomla is one of the most popular open source content management systems and is a common target for attackers due its popularity and the wide variety of extensions that are available. These Joomla security scans will test your site for security issues, configuration errors and poor reputation links so you can get to work mitigating the vulnerabilities before you get hacked.
About our Joomla Security Scan Options
These scans will test a Joomla installation for a number of common security issues, vulnerable modules as well as perform web reputation analysis of sites that are being linked and sites that are hosted on the same IP address.
Option 1: A simple check of the basics with this passive scan. All the information gathered is from performing regular web requests against the specified site.
Option 2: The second option is a more aggressive active scan that is able to identify known security vulnerabilities and exploitable plug-ins. This option uses the new JoomlaVS. This open source security testing was recently released and is a worthy successor to the previously used tool the OWASP Joomla! Security Scanner.
Option 1: Passive Checks include:
- Determine if Joomla installation is present
- Perform web reputation lookups for site (Google Safebrowsing).
- Test for an "admin" user account
- Test for "directory indexing enabled on modules and components directories"
- List external sites linked from main page and web reputation of each
- List any external iframes
- Perform geolocation and web hosting information lookup
Option 2: JoomlaVS - the Active Joomla Scanner includes:
- Detect known exploits and security vulnerabilities
- Exact version probing
- Directory Indexing and other server mis-configurations
To scan enter the sites root URL to test including the full path, such as:
- Understand the security configuration of a Joomla install from an external point of view.
- Discover known security vulnerabilities and configuration mistakes with the install.
- Run an in-depth security test that includes plugin and theme brute forcing with JoomlaVS (requires Membership).
- Membership also gives you access to the custom OpenVAS scans that include a focused Joomla test that discovers known vulnerabilities.
JoomlaVS is developed in the open source ruby programming language. If you have the inclination I encourage you to spin up a Linux host and download the latest version from github and run it yourself. Like any security tool, by having your own installation of JoomlaVS you will be able to gain a better understanding in how to keep your Joomla based web site as secure as possible.
In the past we hosted the OWASP Joomla Vulnerability Scanner which was developed back in 2009 and was last updated in 2012. It has been developed to identify vulnerabilities in the enormously popular content management system Joomla. Since 2012 there have been no new releases. This means the database is quite out of date and the tool will not detect newer vulnerabilities.
For more information visit the sourceforge page or the OWASP project page.