Overview
The Joomla Scanner identifies vulnerabilities in Joomla installations, including core, components, modules, and templates. It uses JoomlaVS technology to detect security issues specific to the Joomla CMS. The Joomla Scanner is a vulnerability scanner: it tests Joomla sites for security weaknesses. It does not add data to your Attack Surface. Scan results are presented as raw output showing discovered vulnerabilities and their details.Supported targets
| Target type | Examples |
|---|---|
| URL | https://example.com, https://example.com/joomla/ |
Provide the complete path to the Joomla installation. If Joomla is installed in a subdirectory (e.g.,
/joomla/), include it in the URL.Tests performed
The Joomla Scanner runs all tests in a single scan. There are no scan mode options.| Test | Description |
|---|---|
| Joomla Version Detection | Fingerprints the Joomla installation to identify the exact version |
| Joomla Core Vulnerabilities | Checks detected version against vulnerability database |
| Component Enumeration | Discovers installed components by testing known component names |
| Component Vulnerabilities | Checks detected components against vulnerability database |
| Module Enumeration | Discovers installed modules by testing known module names |
| Module Vulnerabilities | Checks detected modules against vulnerability database |
| Template Enumeration | Discovers installed templates by testing known template names |
| Template Vulnerabilities | Checks detected templates against vulnerability database |
Test details
Joomla version detection
The scanner fingerprints the Joomla installation by analyzing:- HTML meta tags and generator information
- JavaScript and CSS file paths
- XML manifest files
- Known version-specific files
Joomla core vulnerabilities
Cross-references the detected Joomla version against a vulnerability database to identify known CVEs. Results include vulnerability titles and reference URLs.Component enumeration
Joomla components are extensions that handle the main content on pages. The scanner:- Tests for known component names by accessing their URLs
- Identifies component versions from manifest files
- Reports discovered components with their locations
Component vulnerabilities
Checks detected components against a vulnerability database. For each vulnerable component, the scanner reports:- Vulnerability title
- Reference URLs for more information
Module enumeration
Joomla modules are lightweight extensions that display content in template positions. The scanner:- Tests for known module names
- Identifies module versions
- Reports discovered modules
Module vulnerabilities
Checks detected modules against a vulnerability database and reports any known vulnerabilities.Template enumeration
Joomla templates control the visual appearance of the site. The scanner:- Tests for known template names
- Identifies template versions
- Reports discovered templates
Template vulnerabilities
Checks detected templates against a vulnerability database and reports any known vulnerabilities.If the scanner finds more than 50 results for components, modules, or templates, the output is hidden due to a high likelihood of false positives. This typically indicates a WAF or other protection is interfering with the scan.
How it works
The Joomla Scanner uses JoomlaVS and follows this approach:- Version detection: Fingerprints the Joomla installation to determine the version
- Core vulnerability check: Matches version against vulnerability database
- Component enumeration: Actively tests for installed components by name
- Component vulnerability check: Matches components against vulnerability database
- Module enumeration: Actively tests for installed modules by name
- Module vulnerability check: Matches modules against vulnerability database
- Template enumeration: Actively tests for installed templates by name
- Template vulnerability check: Matches templates against vulnerability database
The scanner produces raw text output rather than structured findings. Results are displayed in a console-style format with vulnerability details and reference links.
Follow-up actions
After identifying vulnerabilities:- Update Joomla core: Apply security patches immediately
- Update extensions: Keep all components, modules, and templates updated
- Remove unused extensions: Delete extensions that are not actively used
- Review discovered vulnerabilities: Check the reference URLs for exploitation details and fixes
- Restrict admin access: Consider IP-based restrictions on the /administrator path
- Scan the web application: Run Website Scanner for full web application testing
- Schedule regular scans: Set up Scheduled scans for continuous monitoring