Dear all,
A long time ago I asked for a vulnerability scanner for Joomla. I
admin a Joomla site and I'll to keep an eye on security.
Someone provided me this OWASP project:
which apparently has been abandoned. I recall an email from the
author saying he didn't have time to continue support this. I also tried
the tool and gave me a bunch of false positives. I asked the author and
sent the info to review it, but I never got an answer.
Anyway, what Joomla admins do to check security on their sites?
Thanks,
Miguel
Miguel,
The Web Exploitation Framework will concentrate on picking up where other
Joomla Scanners left off after we complete the next major release (roadmap).
Until that point....... BlindElephant and Joomscan are the only two tools
I've had any success with.
Thanks,
Ken
2011/9/27 Miguel González Castaños miguel_3_gonzalez@yahoo.es
Dear all,
A long time ago I asked for a vulnerability scanner for Joomla. I admin a
Joomla site and I'll to keep an eye on security.
Someone provided me this OWASP project:
https://www.owasp.org/index.php/Category:OWASP_Joomla_
Vulnerability_Scanner_Project#**tab=Project_Informationhttps://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project#tab=Project_Information
which apparently has been abandoned. I recall an email from the author
saying he didn't have time to continue support this. I also tried the tool
and gave me a bunch of false positives. I asked the author and sent the info
to review it, but I never got an answer.
Anyway, what Joomla admins do to check security on their sites?
Thanks,
Miguel
_____________**
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/**websecurity.rsshttp://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/**83336/4B20E4374DBAhttp://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.**org websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_
lists.webappsec.orghttp://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
On 27/09/2011 18:16, ken Johnson wrote:
Miguel,
The Web Exploitation Framework will concentrate on picking up where
other Joomla Scanners left off after we complete the next major
release (roadmap). Until that point....... BlindElephant and Joomscan
are the only two tools I've had any success with.
But Joomscan is the OWASP scanner that I mention that seems to be
abandoned and BlindElephant seems to do just fingerprinting while I'm
looking for vulnerabilities in my Joomla installation
Thanks anyway
On Tue, Sep 27, 2011 at 11:38:09AM +0200, Miguel González Castaños wrote:
Dear all,
A long time ago I asked for a vulnerability scanner for Joomla. I
admin a Joomla site and I'll to keep an eye on security.
Someone provided me this OWASP project:
which apparently has been abandoned. I recall an email from the
author saying he didn't have time to continue support this. I also
tried the tool and gave me a bunch of false positives. I asked the
author and sent the info to review it, but I never got an answer.
Anyway, what Joomla admins do to check security on their sites?
Thanks,
Miguel
I have on-going project to create tool for local scanning. It can already detect out-dated Joomlas. Please note that this tool is still beta. I am more than happy to hear if you have development ideas.
http://code.google.com/p/pyfiscan/
Best regards,
Henri Salo
Op 1-10-2011 13:18, Henri Salo schreef:
On Tue, Sep 27, 2011 at 11:38:09AM +0200, Miguel González Castaños wrote:
Dear all,
A long time ago I asked for a vulnerability scanner for Joomla. I
admin a Joomla site and I'll to keep an eye on security.
Someone provided me this OWASP project:
which apparently has been abandoned. I recall an email from the
author saying he didn't have time to continue support this. I also
tried the tool and gave me a bunch of false positives. I asked the
author and sent the info to review it, but I never got an answer.
Anyway, what Joomla admins do to check security on their sites?
Thanks,
Miguel
I have on-going project to create tool for local scanning. It can already detect out-dated Joomlas. Please note that this tool is still beta. I am more than happy to hear if you have development ideas.
http://code.google.com/p/pyfiscan/
Best regards,
Henri Salo
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
I found a joomla extension list with possible vurlns.
http://docs.joomla.org/Vulnerable_Extensions_List#New_format_Feed_Starts_Here
they stated that it's updated to 01-2011
-Neusbeer