Joomla

# scan
joomscan -u  http://site.com
joomscan -u  http://site.com --enumerate-components
droopescan scan joomla -u http://site.com
python2.7 joomlascan.py -u http://site.com

# Brute force
sudo python3 joomla-brute.py -u http://site.com -w /usr/share/metasploit-framework/data/wordlists/http_default_pass.txt -usr admin

# Juumla
#https://github.com/knightm4re/juumla
python3 main.py -u https://example.com

python3 cmseek.py -u domain.com
vulnx -u https://example.com/ --cms --dns -d -w -e
python3 cmsmap.py https://www.example.com -F

# nmap http-Joomla-brute

# Check common files
README.txt
htaccess.txt
web.config.txt
configuration.php
LICENSE.txt
administrator
administrator/index.php # Default admin login
index.php?option=<nameofplugin>
administrator/manifests/files/joomla.xml
plugins/system/cache/cache.xml
PreviousWordpressNextDrupal

Last updated