====== Comprobación de vulnerabilidades en Joomla (srv-datos) ======

Esta es una herramienta usada para identificar vulnerabilidades en Joomla. Para acceder a su web pulsa [[https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project|aquí]].

El uso del a herramienta es el siguiente:

Esta en /usr/local/sbin/:

Uso:  
  joomscan.pl -u <string> -x proxy:port
  -u <string>      = joomla Url

  ==Optional==
  -x <string:int>  = proXy to tunnel
  -c <string>      = cookie (name=value;)
  -g "<string>"   = desired useraGent string within "
  -nv              = No Version fingerprinting check
  -nf              = No Firewall detection check
  -nvf/-nfv        = No version+firewall check
  -pe              = Poking version only (and Exit the scanner)
  -ot              = Output to Text file (target-joexploit.txt)
  -oh              = Output to Html file (target-joexploit.htm)
  -vu              = Verbose (output every Url scan)
  -sp              = Show completed Percentage

Ejemplo:

  joomscan.pl -pv -u victim.com -x localhost:8080          

Checar: This option will check if the scanner update is available or not.

  joomscan.pl check
  
Actualización:  This option will check and update the local database if newer version is available.

  joomscan.pl update

Descargar: Download the scanner latest version as a single zip file - joomscan-latest.zip.

  joomscan.pl download

Defensa: This option will give you a defensive note.

  joomscan.pl defense

Acerca de: This option will give you a short story about joomscan.
  
  joomscan.pl story

Leer: DOCFILE - changelog,release_note,readme,credits,faq,owasp_project

  joomscan.pl read DOCFILE

Ahora como lo uso:

  $ ./joomscan.pl -u www.la_web_a_escanear.com > ./informes/la_web_a_escanear.txt