OWASP Joomla! Security Scanner is a great security tool to check your Joomla! website for known vulnerabilities and other security issues and be one step ahead of hackers. This tool uses Perl so you need to have it installed on your machine. Most of Linux distributions have it preinstalled.
- Download Joomscan from sourceforge.net (recommended for latest version) or here.
- Extract files and upload to your Linux box.
- Navigate to joomscan-latest
- run ./joomscan.pl update to update local vulnerabilities database
- run ./joomscan.pl -u www.yoursite.com -ot
This will run vulnerabilities scan and save report in joomscan-latest/report folder
- For other options and commands run ./joomscan.pl
When running joomscan.pl for the first time you may get following or similar error:
Can't locate WWW/Mechanize.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at ./joomscan.pl line 2679.
BEGIN failed--compilation aborted at ./joomscan.pl line 2679
In that case run: apt-get install libtest-www-mechanize-perl