Joomla Version Scanner

2013-01-25T19:44:49
ID MSF:AUXILIARY/SCANNER/HTTP/JOOMLA_VERSION
Type metasploit
Reporter Rapid7
Modified 2017-07-24T13:26:21

Description

This module scans a Joomla install for information about the underlying operating system and Joomla version.

                                        
                                            ##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::HTTP::Joomla
  include Msf::Auxiliary::Scanner
  include Msf::Auxiliary::Report

  # Huge thanks to @zeroSteiner for helping me. Also thanks to @kaospunk. Finally thanks to
  # Joomscan and various MSF modules for code examples.
  def initialize
    super(
      'Name'        => 'Joomla Version Scanner',
      'Description' => %q{
          This module scans a Joomla install for information about the underlying
        operating system and Joomla version.
      },
      'Author'      => [ 'newpid0' ],
      'License'     => MSF_LICENSE
    )
  end

  def get_server_header
    # This module used to determine the operating system by the server header. But this is
    # not an accurate way to do OS detection, so we have toned it down to just returning the
    # header, and let the user decide.
    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path)
    })

    if res && res.headers['Server']
      return res.headers['Server']
    end

    nil
  end

  def run_host(ip)
    unless joomla_and_online?
      print_error("It doesn't look like Joomla is up and running at #{target_uri.to_s}")
      return
    end

    server = get_server_header
    version = joomla_version

    if server
      print_status("Server: #{server}")
    else
      print_error("Unable to determine server.")
    end

    if version
      print_good("Joomla version: #{version}")
      report_note(
        host: ip,
        port: datastore['RPORT'],
        proto: ssl ? 'https' : 'http',
        ntype: 'joomla.version',
        data: version
      )
    else
      print_error("Unable to find Joomla version.")
    end
  end
end