Saturday, 27 July 2013

How To Install OWASP Joomla Vulnerability Scanner In Windows

OWASP is a largest contributor in web security tools.This scanner can scan joomla websites for all potential vulnerabilities, exploits and 0days. In this tutorial, i will show you how to install OWASP joomla vulnerability scanner in windows environment.
We can't use this scanner directly in windows environment because of some perl missing CPAN modules.So, Follow me step by step and we will make it happen.

1-  Perl interpreter is available in two famous flavors which are Strawberry Perl and Active Perl .In this tutorial i am using Active Perl.So, I would recommend you all to use it too.
Download Link: http://www.activestate.com/activeperl/downloads


2- Now download OWASP Joomla Vulnerability Scanner and extract it.
Download Link: http://sourceforge.net/projects/joomscan/files/latest/download

3- Now press "WINDOWS Button + R" , run box will appear before you.Type cmd in it and press enter.It will open a command prompt before you.Now enter in joomscan directory with cd command and try to run it using the following command.I am sure it won't work :P .Hm ..!! .Lets get it fixed.
perl joomscan.pl
4- Open start menu and type cmd, it will show command prompt in search.Right click over it and run it as administrator.
5- Now in this cmd type the following command. It will start installation of C compiler and make utility for perl.
cpan
Note: After successful installation of cpan, a console will show up in which "cpan>" will be written.
6-Now install this local:lib using following command
install local::lib
7-Now install cpanminus using following command
install App::cpanminus
8- Now run following command to exit from cpan.
exit
9-Now you can run cpanminus by using following command.If cpanm is running then you have done everything perfectly so far.
cpanm
10- Now run the following command to finalize our configuration procedure.
cpanm install -f Switch
11- Now everything is ready. Lets run our joomscan and test it by using following command. It must work like this as i have showed below.
perl joomscan.pl


 ..|''||   '|| '||'  '|'     |      .|'''.|  '||''|.
.|'    ||   '|. '|.  .'     |||     ||..  '   ||   ||
||      ||   ||  ||  |     |  ||     ''|||.   ||...|'
'|.     ||    ||| |||     .''''|.  .     '||  ||
 ''|...|'      |   |     .|.  .||. |'....|'  .||.


=================================================================
 OWASP Joomla! Vulnerability Scanner v0.0.4
 (c) Aung Khant, aungkhant]at[yehg.net
 YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab
 Update by: Web-Center, http://web-center.si (2011)
=================================================================

 Vulnerability Entries: 611
 Last update: February 2, 2012

 


Usage:  joomscan.pl -u http://target.com/

I made this tutorial quite simple and easy to follow.But if still you feel any trouble while following it then you may ask me through comments.I would really appreciate your feed-backs.
Happy Hacking :)