Diferencias
Muestra las diferencias entre dos versiones de la página.
| Ambos lados, revisión anterior Revisión previa Próxima revisión | Revisión previa | ||
|
comprobacion_de_vulnerabilidades_en_joomla [2012/04/03 13:06] 10.12.12.70 |
comprobacion_de_vulnerabilidades_en_joomla [2017/03/27 17:44] (actual) |
||
|---|---|---|---|
| Línea 1: | Línea 1: | ||
| ====== Comprobación de vulnerabilidades en Joomla (srv-datos) ====== | ====== Comprobación de vulnerabilidades en Joomla (srv-datos) ====== | ||
| - | Esta es una herramienta usada para identificar vulnerabilidades en Joomla. El uso del a herramienta es el siguiente: | + | Esta es una herramienta usada para identificar vulnerabilidades en Joomla. Para acceder a su web pulsa [[https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project|aquí]]. |
| - | Para actualizarlo lo podemos hacer de la siguiente manera | + | El uso del a herramienta es el siguiente: |
| Esta en /usr/local/sbin/: | Esta en /usr/local/sbin/: | ||
| - | Uso: joomscan.pl -u <string> -x proxy:port | + | Uso: |
| - | -u <string> = joomla Url | + | joomscan.pl -u <string> -x proxy:port |
| - | + | -u <string> = joomla Url | |
| - | ==Optional== | + | |
| - | -x <string:int> = proXy to tunnel | + | ==Optional== |
| - | -c <string> = cookie (name=value;) | + | -x <string:int> = proXy to tunnel |
| - | -g "<string>" = desired useraGent string within " | + | -c <string> = cookie (name=value;) |
| - | -nv = No Version fingerprinting check | + | -g "<string>" = desired useraGent string within " |
| - | -nf = No Firewall detection check | + | -nv = No Version fingerprinting check |
| - | -nvf/-nfv = No version+firewall check | + | -nf = No Firewall detection check |
| - | -pe = Poking version only | + | -nvf/-nfv = No version+firewall check |
| - | (and Exit the scanner) | + | -pe = Poking version only (and Exit the scanner) |
| - | -ot = Output to Text file (target-joexploit.txt) | + | -ot = Output to Text file (target-joexploit.txt) |
| - | -oh = Output to Html file (target-joexploit.htm) | + | -oh = Output to Html file (target-joexploit.htm) |
| - | -vu = Verbose (output every Url scan) | + | -vu = Verbose (output every Url scan) |
| - | -sp = Show completed Percentage | + | -sp = Show completed Percentage |
| Ejemplo: | Ejemplo: | ||
| - | joomscan.pl -pv -u victim.com -x localhost:8080 | ||
| - | Checar: joomscan.pl check | + | joomscan.pl -pv -u victim.com -x localhost:8080 |
| - | This option will check if the scanner update is available or not. | + | |
| + | Checar: This option will check if the scanner update is available or not. | ||
| + | |||
| + | joomscan.pl check | ||
| + | |||
| + | Actualización: This option will check and update the local database if newer version is available. | ||
| + | |||
| + | joomscan.pl update | ||
| + | |||
| + | Descargar: Download the scanner latest version as a single zip file - joomscan-latest.zip. | ||
| + | |||
| + | joomscan.pl download | ||
| - | Actualización: joomscan.pl update | + | Defensa: This option will give you a defensive note. |
| - | This option will check and update the local database if newer | + | |
| - | version is available. | + | |
| - | Descargar: joomscan.pl download | + | joomscan.pl defense |
| - | - Download the scanner latest version as a single zip file - joomscan-latest.zip. | + | |
| - | Defensa: joomscan.pl defense | + | Acerca de: This option will give you a short story about joomscan. |
| - | This option will give you a defensive note. | + | |
| + | joomscan.pl story | ||
| - | Acerca de: joomscan.pl story | + | Leer: DOCFILE - changelog,release_note,readme,credits,faq,owasp_project |
| - | This option will give you a short story about joomscan. | + | |
| - | Leer: joomscan.pl read DOCFILE | + | joomscan.pl read DOCFILE |
| - | DOCFILE - changelog,release_note,readme,credits,faq,owasp_project | + | |
| - | Ahora como lo uso | + | Ahora como lo uso: |
| $ ./joomscan.pl -u www.la_web_a_escanear.com > ./informes/la_web_a_escanear.txt | $ ./joomscan.pl -u www.la_web_a_escanear.com > ./informes/la_web_a_escanear.txt | ||