Seven Layers delivers comprehensive, dependable, and cost-effective solutions tailored to our clients’ needs and budgets. We offer cutting edge defensive security strategies to provide you with the ability to protect key systems and information – and can pair those with traditional information technology services to keep your business up and running, so you can focus on the business that is important to you.

    We provide penetration testing services and vulnerability assessments for peace of mind, risk management, and regulatory compliance. And because your employees are often your first line of defense - or weakness – we offer employee education in computer security and corporate security policies.

    Our support services cover your full suite of end user desktops, in-house servers, cloud-based servers, and cloud services. This includes seamless support for employees in all locations, whether they are in corporate offices, or are remote users. We will manage and develop content management systems, customized software and web applications, as well as working with off the shelf applications.


     

    I stumbled upon this tool while following a link to a website that performs passive scans on various content management systems.  Instead of keeping their scanning technique a mystery, they list a bunch of open source tools that they leverage in parallel.  In addition to Joomscan which is something I already use, they mentioned JoomlaVS. 

    The description states:  "JoomlaVS is a Ruby application that can help automate assessing how vulnerable a Joomla installation is to exploitation. It supports basic finger printing and can scan for vulnerabilities in components, modules and templates as well as vulnerabilities that exist within Joomla itself."

    I decided to give it a whirl.  When we fire it up with no arguments, we get the help screen:


    I went to Vulnhub and grabbed a machine that I knew had Joomla running.  We hit it with Nmap:


    Our Nmap scan shows us that it's running Joomla.  When we browse the site:


    We fire up JoomlaVS and with the -a option, we're scanning it for all vulnerable extensions:


    In the second half of the output, we start to see some items in red which indicate some possible avenues for exploitation:


    As a comparison, I ran Joomscan across it and it also found the same exact items.  I don't know that I'd say one is better than the other but I might run these in parallel to see if one proves to be better than the other over time.


    Cybersecurity solutions for small businesses.

    info@sevenlayers.com
    877.468.0911

    © 2021 Seven Layer Networks, Inc. | All rights reserved.