Auditing Website Joomla with joomla

Discussion in 'Web & Server Security' started by lslobodian, Dec 13, 2017.

  1. lslobodian

    lslobodian New Member

    Greetings brothers of Illegalcrew, I was reviewing some messages from some users asking me to create a POST on "Vulnerability Analysis in CMS JOOMLA", good let's start.

    Joomlavs is a Ruby application that can help automate the assessment of vulnerabilities. You can look for vulnerabilities in the components, modules and templates, as well as the vulnerabilities that exist within Joomla itself.

    Download the repository:

    Code:
    git clone https://github.com/rastating/joomlavs.git
    We installed Bundler.

    Code:
    sudo gem install bundler && bundle install
    We installed some units, including Nokogiri

    Code:
    sudo apt-get install build-essential patch
    sudo apt-get install ruby-dev zlib1g-dev liblzma-dev libcurl4-openssl-dev

    [​IMG]

    We will audit the server in a "Standard" way

    Code:
    root@kali:~/joomlavs# ./joomlavs.rb --scan-all --url http://www.paginaweb.com/

    [​IMG]
    [​IMG]

    They find the vulnerable modules, they go to Exploit DB and in the end a good Pentest.
    It's 03:04 in the morning and I'm not going to test exploit by exploit xD!

    available databases [12]:
    • ADMISSION
    • cacti
    • claro_unsa
    • claroline
    • DB_CERCAP
    • information_schema
    • mysql
    • ocsweb
    • six
    • SICONIN
    • test
    • unsa_AA0001

    In my opinion this tool is very useful.

    Greetings.
     

Share This Page