OWASP Joomla Vulnerability Scanner Usage

Revision as of 18:03, 20 August 2009 by D0ubl3 h3lix (talk | contribs)

Jump to: navigation, search
Usage:  joomscan.pl -u <string> -x proxy:port
        -u <string>      = joomla Url
        -x <string:int>  = proXy to tunnel
        -c <string>      = cookie (name=value;)
        -g "<string>"   = desired useraGent string within "
        -nv              = No Version fingerprinting check
        -nf              = No Firewall detection check
        -nvf/-nfv        = No version+firewall check
        -pe              = Poking version only
                           (and Exit the scanner)
        -ot              = Output to Text file (target-joexploit.txt)
        -oh              = Output to Html file (target-joexploit.htm)
        -vu              = Verbose (output every Url scan)
        -sp              = Show completed Percentage
         joomscan.pl -pv -u victim.com -x localhost:8080          
Check:   joomscan.pl check
         This option will check if the scanner update is available or not.
Update:  joomscan.pl update
         This option will check and update the local database if newer
         version is available.
Download: joomscan.pl download
          - Download the scanner latest version as a single zip file - joomscan-latest.zip.
Defense: joomscan.pl defense
         This option will give you a defensive note.
About:   joomscan.pl story
         This option will give you a short story about joomscan.
Read:   joomscan.pl read DOCFILE
          DOCFILE - changelog,release_note,readme,credits,faq,owasp_project