This is a simple auto-updating Joomla! Plugins Scanner able to find installed components and relative exploits. It uses the csv file provided by the Exploit-DB team and an extra plugins' list from Metasploit, but it is totally independent from this last one.
- Automatic scanning for Joomla! components
- Automatic retrieving of Joomla! exploits related to previously found components
- Automatic components/exploits update and download (recommended)
- It gives the user the chance to use a local file containing his favourite components to scan (read more in the section
How to use it?
) - Tor Proxy tunnel available
[FLOODING] If the target is protected by flooding requests the script won't be successful, clearly.
You simply run the script giving it the following parameters:
- --target: your Joomla! based target (ex: http://joomlatarget/joomlapath/)
- --tor_proxy: you can specify your TOR active proxy with syntax
tor_address:tor_port
- --no_update: using this option means that you don't want the tool to download updated components and exploits lists from the Web. If you select this option and you don't have the two files
comptotest.txt
andexp-db_files.csv
in your directory, you will have to manually put in your script's directory the two mentioned files, where:
comptotest.txt
= file containing Joomla! components you want to testexp-db_files.csv
= file containing Exploit-db exploits list used by the script to extract exploits related to the previously found components
I strongly recommend you to use this option only after having executed the script at least once, in order to have the two required files updated without you having to do anything . If it's been a long time since the last time you run the script and you want to be sure to be updated do not use this option, and files will be automatically updated.
- Python 2.7.x
- Python modules to install: termcolor, requests
Note: You could have not installed some of the required libraries but it will install them for you PROVIDED you run the script as root. Besides you need to install pip in order to get missing libraries quickly.
I am not responsible for any kind of illegal acts you cause. This is meant to be used for ethical purposes by penetration testers. If you plan to copy, redistribute please give credits to the original author.
Video: Be patient..it will be available in a few days
Follow me: https://twitter.com/d35m0nd142
D35m0nd142