Joomscan [611 joomla vulnerabilities database]
Joomscan is a tool for testing vulnerabilities on websites that use ‘Joomla’. This application allows you to view or Test the website on XSS attacks, SQL Injection, LFI, RFI, Bruteforce, etc.
Joomla Security Scanner v.1.0
PenTest for XSS, SQL-Inj, CSRF, Brute Force, RFI and LFI.
Scanner components Joomla.
./jscan.py http://joomla.org ./mycomponent_list.txt
With a timeout:
./jscan.py http://joomla.org ./mycomponent_list.txt 10
#!/usr/bin/env python import os import time import random import urllib2 as u2 import argparse as ap sub_url = "/components/" #------------------------------------------------------ # Args set def add_args(): p = ap.ArgumentParser() p.add_argument("-u", help = "Remote site URL") p.add_argument("-f", help = "Joomla components list file") p.add_argument("-t", help = "Timeout (sec)") p.add_argument("-T", help = "Randomization timeout (from 0 to N)") p.add_argument("-p", help = "HTTP Proxy server (PROXY:PORT)(example:") return p.parse_args(), p #------------------------------------------------------ #------------------------------------------------------ # Timeout def timeout(args): if args.T: time.sleep(random.randint(0, int(args.T))) elif args.t: time.sleep(int(args.t)) #------------------------------------------------------ #------------------------------------------------------ # Scan through HTTP server def scan_through_proxy(args, com_name, op): try: url = args.u + sub_url + com_name op.open(url) except: raise return True #------------------------------------------------------ #------------------------------------------------------ # Scan directly def scan(args, com_name): try: url = args.u + sub_url + com_name req = u2.Request(url) u2.urlopen(req) except: raise return True #------------------------------------------------------ a, p = add_args() if not a.u or not a.f: p.print_usage() p.exit() else: if a.u.find("http://") < 0 and a.u.find("HTTP://") < 0: a.u = "http://" + a.u if not os.access(a.f, os.F_OK): print "File {} does not exit or permission denied".format(a.f) exit() print "[Joomla components scanner by R0nin]\n" print "[+] Host:", a.u try: if not a.p: with open(a.f) as com_file: for line in com_file: line = line.strip("\r\n") try: scan(a, line) except u2.HTTPError as he: if he.code == 404: print "Component: " + line.ljust(40,' ') + "[Not found]" except u2.URLError as ue: print "Exception: " + ue.reason else: print "Component: " + line.ljust(40,' ') + "[OK]" timeout(a) else: if a.p.find("http://") < 0 and a.p.find("HTTP://") < 0: a.p = "http://" + a.p prx = u2.ProxyHandler({"http":a.p}) op = u2.build_opener(prx) u2.install_opener(op) print "[Scan via HTTP proxy {}]\n".format(a.p) with open(a.f) as com_file: for line in com_file: line = line.strip("\r\n") try: scan_through_proxy(a, line, op) except u2.HTTPError as he: if he.code == 404: print "Component: " + line.ljust(40,' ') + "[Not found]" except u2.URLError as ue: print "Exception: " + ue.reason else: print "Component: " + line.ljust(40,' ') + "[OK]" timeout(a) except KeyboardInterrupt: print "\nInterrupted by user (CTRL+C or Delete)" exit() except: print "Uknown exception: exit..." exit() else: print "\n[Sucess]\n" exit()
com_aardvertiser com_addressbook com_adsmanager com_advertising com_alameda com_alfurqan15x com_allcinevid com_alphauserpoints com_amblog com_annonces com_answers com_appointinator com_arcadegames com_archeryscores com_artforms com_articleman com_beamspetition com_beeheard com_bfquiztrial com_biblioteca com_billyportfolio com_blogfactory com_booklibrary com_btg_oglas com_caddy com_calcbuilder com_camp com_cbe com_ccboard com_ccinvoices com_ccrowdsource com_cgtestimonial com_chronocontact com_cinema com_ckforms com_clan com_clanlist com_clantools com_connect com_content com_cvmaker com_dateconverter com_dcnews com_delicious com_diary com_dioneformwizard com_discussions com_djartgallery com_drawroot com_dshop com_education_classess com_elite_experts com_eportfolio com_equipment com_esearch com_event com_extcalendar com_ezautos com_fabrik com_flashgames com_flexicontent com_flipwall com_forme com_g2bridge com_gadgetfactory com_gamesbox com_gantry com_gbufacebook com_golfcourseguide com_google com_graphics com_grid com_hello com_hmcommunity com_horoscope com_huruhelpdesk com_idoblog com_if_surfalert com_img com_iproperty com_jacomment com_jce com_jdirectory com_jdownloads com_jdrugstopics com_jeauto com_jedirectory com_jeemasms com_jefaqpro com_jeguestbook com_jejob com_jepoll com_jequoteform com_jesectionfinder com_jestory com_jesubmit com_jfuploader com_jgen com_jgrid com_jimtawl com_jmarket com_jmsfileseller com_jnewsletter com_jnewspaper com_joltcard com_jomdocs com_jomsocial com_jomtube com_joomdle com_joomdocs com_joomla-visites com_joomnik com_joomradio com_joomtouch com_jphone com_jp_jobs com_jquarks4s com_jradio com_jscalendar com_jsjobs com_jstore com_jsubscription com_jsupport com_jtickets com_jtm com_konsultasi com_lead com_listbingo com_listing com_lovefactory com_maianmedia com_manager com_market com_markt com_matamko com_mediamall com_mediqna com_memory com_mmsblog com_mscomment com_mtfireeagle com_mtree com_multimap com_multiroot com_mycar com_neorecruit com_newsfeeds com_noticeboard com_obsuggest com_ongallery com_orgchart com_oziogallery2 com_packages com_pandafminigames com_pbbooking com_people com_photobattle com_photomapgallery com_picasa2gallery com_picsell com_ponygallery com_pro_desk com_qcontacts com_qpersonel com_question com_quran com_realtyna com_record com_redshop com_remository com_restaurantguide com_restaurantmenumanager com_rokmodule com_rsappt_pro com_rsappt_pro2 com_rscomments com_s2clanroster com_searchlog com_sef com_sermonspeaker com_seyret com_simpledownload com_spa com_spartsite com_spielothek com_sponsorwall com_spsnewsletter com_staticxt com_sweetykeeper com_team com_teams com_techfolio com_timereturns com_timetrack com_travelbook com_ttvideo com_ultimateportfolio com_users com_versioning com_vikrealestate com_virtuemart com_webtv com_wgpicasa com_wmi com_wmptic com_xcloner-backupandrestore com_xgallery com_xmap com_xmovie com_ybggal com_youtube com_zimbcomment com_zimbcore com_zina com_zoomprotfolio cpm_worldrates com_jesectionfinder
[wpscan] WordPress Security Scanner
WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach.
Please use SVN to download:svn checkout http://wpscan.googlecode.com/svn/trunk/ ./wpscan
WordPress P&E
Search plugins [WordPress] and vulnerability to them.
[DPScan] Drupal Security Scanner
This small tool is public and accessible to you for use however you please. It may help other auditors or penetration testers do their job faster.