Our Joomla Security Scanner tool has been extended with the Joomscan security testing tool. Joomscan is a tool that tests a Joomla installation for known vulnerable plugins and core security configuration mistakes. Detection of these vulnerabilities will allow a web site owner to get the plugins update or fixed before they get attacked.
Joomla is a popular content management system; that is very extensible. This popularity and wide range of extensions makes it a popular target for hackers.
The Joomscan tool has the following features:
- Exact version Detection - the scanner can pinpoint versions with a greater accuracy than just the meta generator tag.
- Joomla! based web application firewall plugin detection
- Probes for known vulnerable Joomla Core security issues as well as extensions / plugins
Back in 2009 HackerTarget.com had the Joomscan scanner as a free scanning tool, however due to abuse we decided to dis-continue the tool. With a recent update we have decided to make this version an extension of our current non-intrusive tool. Use of the active Joomscan component will require a valid HackerTarget.com membership. This will ensure any abuse of the tool is limited; and will provide a better experience for all our users.
Joomscan is a perl based tool that anyone can download and install. Why not give it a go yourself. Head over to the project page and start your own testing.