Joomla Security Scan

Test Joomla Security with this easy to use Joomla security scan service. Discover vulnerabilities, web server details and configuration errors.

Joomla is one of the most popular open source content management systems and is a common target for attackers due its popularity and the wide variety of extensions that are available. These Joomla security scans will test your site for security issues, configuration errors and poor reputation links so you can get to work mitigating the vulnerabilities before you get hacked.

About our Joomla Security Scan Options

JoomlaVS Sample

These scans will test a Joomla installation for a number of common security issues, vulnerable modules as well as perform web reputation analysis of sites that are being linked and sites that are hosted on the same IP address.

Option 1: A simple check of the basics with this passive scan. All the information gathered is from performing regular web requests against the specified site.

Option 2: The second option is a more aggressive active scan that is able to identify known security vulnerabilities and exploitable plug-ins. This option uses the new JoomlaVS. This open source security testing was recently released and is a worthy successor to the previously used tool the OWASP Joomla! Security Scanner.

Option 1: Passive Web Application Checking:

  • Determine if Joomla installation is present
  • Perform web reputation lookups for site (Google Safebrowsing).
  • Test for "directory indexing enabled on modules and components directories"
  • List external sites linked from main page and web reputation of each
  • List linked javascript
  • List any external iframes
  • Perform geolocation and web hosting information lookup

Option 2: JoomlaVS - Active Joomla Installation Scanning:

The active JoomlaVS option is more aggressive and requires a current membership.

  • Detect known exploits and security vulnerabilities in:
    • Joomla Core
    • Components
    • Modules
    • Themes
    • Extensions
  • Exact Joomla core version probing
  • Directory Indexing and other server mis-configurations

To test your Joomla installation simply enter the sites root URL including the full path, such as:

Option 2: Launch JoomlaVS Scanner
Login to access the Advanced Security Vulnerability Scanners
Membership is required to use this online security scanner. Immediate access is available to new members or login now if you have a valid membership.

Member Login Scan Membership

  • Understand the security configuration of a Joomla install from an external point of view.
  • Discover known security vulnerabilities and configuration mistakes with the install.
  • Run an in-depth security test that includes plugin and theme brute forcing with JoomlaVS (requires Membership).
  • Membership also gives you access to the custom OpenVAS scans that include a focused Joomla test that discovers known vulnerabilities.

About JoomlaVS

JoomlaVS is developed in the open source ruby programming language. If you have the inclination I encourage you to spin up a Linux host and download the latest version from github and run it yourself. Like any security tool, by having your own installation of JoomlaVS you will be able to gain a better understanding in how to keep your Joomla based web site as secure as possible.

In the past we hosted the OWASP Joomla Vulnerability Scanner which was developed back in 2009 and was last updated in 2012. It has been developed to identify vulnerabilities in the enormously popular content management system Joomla. Since 2012 there have been no new releases. This means the database is quite out of date and the tool will not detect newer vulnerabilities.

For more information visit the sourceforge page or the OWASP project page.