Web Application Analysisjoomlavulnerabilityscannercmsowaspweb

JoomScan

OWASP JoomScan is a Joomla vulnerability scanner that detects vulnerabilities in Joomla CMS installations. It enumerates versions, checks for core vulnerabilities, and identifies exposed directories, files, and configurations.

Description

JoomScan, short for Joomla Vulnerability Scanner, is a Perl-based tool from the OWASP project designed to scan Joomla CMS installations for security issues. It helps identify potential vulnerabilities by detecting the Joomla version, checking core vulnerabilities, and probing for common misconfigurations such as directory listings, admin pages, robots.txt exposures, and backup or log files.

Use cases include reconnaissance during penetration testing of web applications running Joomla, verifying secure configurations, and generating reports on findings. The tool produces HTML and text reports saved in /usr/share/joomscan/reports/ for easy review and sharing.

It supports proxy usage, custom user-agents, and component enumeration, making it adaptable for various scanning scenarios while respecting connection timeouts and cookies.

How It Works

JoomScan connects to the target Joomla URL via HTTP, detects the Joomla version from core files, and checks against a vulnerability database for known issues. It enumerates directories for listings, scans for admin panels, parses robots.txt for hidden paths, and probes for sensitive files like config.php backups, Apache status pages, and common logs using pattern matching and direct requests.

Installation

bash

sudo apt install joomscan

Flags

--url | -u <URL>The Joomla URL/domain to scan.

--enumerate-components | -ecTry to enumerate components.

--cookie <String>Set cookie.

--user-agent | -a <User-Agent>Use the specified User-Agent.

--random-agent | -rUse a random User-Agent.

--timeout <Time-Out>Set timeout.

--proxy=PROXYUse a proxy to connect to the target URL. Proxy example: --proxy http://127.0.0.1:8080 https://127.0.0.1:443 socks://127.0.0.1:414

--aboutAbout Author

--help | -hThis help screen.

--versionOutput the current version and exit.

Examples

Scan the Joomla installation at http://localhost/ for vulnerabilities, detecting version, core vulnerabilities, directory listings, admin pages, robots.txt paths, and generating reports.

joomscan -u http://localhost/

Scan the Joomla installation at the given URL http://192.168.1.202/joomla for vulnerabilities.

joomscan -u http://192.168.1.202/joomla

Scan Joomla site and try to enumerate components.

joomscan -u http://localhost/ --enumerate-components

Scan Joomla site with a specified cookie.

joomscan -u http://localhost/ --cookie "session=abc123"

Scan Joomla site using a specified User-Agent.

joomscan -u http://localhost/ --user-agent "Mozilla/5.0"

Scan Joomla site using a random User-Agent.

joomscan -u http://localhost/ --random-agent

Scan Joomla site through an HTTP proxy.

joomscan -u http://localhost/ --proxy http://127.0.0.1:8080

Display help screen with usage and options.

joomscan -h

Updated 2026-04-16kali.org ↗