loading
loading
Scanners
OWASP Joomla! Vulnerability Scanner for detecting flaws and misconfigurations in Joomla deployments.
overview
joomscan is the OWASP scanner built specifically for Joomla. Pointed at a Joomla URL, it fingerprints the installation, enumerates components, and checks for known offensive vulnerabilities along with the misconfigurations and admin-level weaknesses that adversaries use to compromise a site. Its Perl, modular design keeps a light footprint while it works.
Because it knows Joomla's structure, it finds things a generic scanner misses: vulnerable third-party components, exposed admin surfaces, directory listings, and version-specific issues. It can cycle through a file of URLs to scan many installations, rotate user agents to blend in, and route through a proxy when you need to observe or shape the traffic.
On Trickest, joomscan is a Scanners node that takes a Joomla URL and writes a file and a folder, with reports compiled in text and HTML. Chain it after a fingerprinting step that flags Joomla hosts so the scanner runs only against installations it can test.
source github.com/OWASP/joomscan
use cases
Point joomscan at a Joomla URL to fingerprint the install and check it against known vulnerabilities and misconfigurations specific to the CMS.
Enable component enumeration so the scanner lists installed third-party extensions, the common source of exploitable Joomla bugs, and flags versions with known CVEs.
Pass a file of URLs with --mass so joomscan cycles through every host and reports per-site findings across an estate of Joomla deployments.
Rotate a random user agent and route through a proxy so the scan stays low-profile and you can inspect the requests it sends.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| url | STRING | --url | The Joomla URL or domain to scan. |
| enumerate-components | BOOLEAN | --enumerate-components | Try to enumerate installed components. |
| urls-file | FILE | --mass | Cycle through URLs provided in a txt file. |
| random-agent | BOOLEAN | --random-agent | Use a random User-Agent. |
| proxy | STRING | --proxy | Use a proxy to connect to the target URL. |
| cookie | STRING | --cookie | Set a cookie to send with requests. |
| timeout | STRING | --timeout | Set the request timeout. |
Showing key inputs. joomscan exposes 8 inputs in total.
| Name | Type | Flag | Description |
|---|---|---|---|
| url | STRING | --url | The Joomla URL/domain to scan. |
| proxy | STRING | --proxy | Use a proxy to connect to the target URL. |
| cookie | STRING | --cookie | Set cookie. |
| timeout | STRING | --timeout | Set timeout. |
| urls-file | FILE | --mass | Cycle through URLs provided in txt file. |
| user-agent | STRING | --user-agent | Use the specified User-Agent. |
| random-agent | BOOLEAN | --random-agent | Use a random User-Agent. |
| enumerate-components | BOOLEAN | --enumerate-components | Try to enumerate components. |
example
# fingerprint the version and enumerate components with a random agentjoomscan --url https://example.com --enumerate-components --random-agentProcessing http://example.com ...[+] Detecting Joomla Version[++] Joomla 3.9.24[+] Core Joomla Vulnerability[++] Target Joomla core is not vulnerable[+] Checking Directory Listing[++] directory has directory listing: http://example.com/administrator/components[+] Enumerating Components ...[++] com_content, com_contact enumeratedYour Report : reports/example.com/guidance
Reach for joomscan when a target runs Joomla and you want CMS-specific checks rather than a generic scan. Fingerprint first so you only run it against real Joomla hosts. For WordPress use wpscan, and for broad CMS detection cmseek points you at the right tool.
The equivalent scanner for WordPress. Use joomscan for Joomla, wpscan for WordPress.
Detects which CMS a site runs and probes it. Use it to confirm Joomla before joomscan.
Template-driven scanner with Joomla templates among thousands. joomscan goes deeper on Joomla specifics.
faq
related
Find reflected XSS during recon by checking payload reflection.
Fast and customizable subdomain wordlist generator using patterns.
Scans software bills of materials for security vulnerabilities.
Find broken links, missing images, and other dead references within your HTML.
A command-line scanner that finds exposed services, files, and folders through the web root.
A CMS detection and exploitation suite.
A URL is fingerprinted by cmseek, then joomscan scans the confirmed Joomla host and writes a text and HTML report for triage.
Facts on this page come from the live Trickest tool library.