Joomla Vulnerability scanner

Joomla:Componenets/Exploits Auto-Updating Scanner

Written by Mubassir patel

Python 2.7.x GPLv3 License Twitter

Joomla! Components/Exploits Auto-Updating Scanner

alt tag

What is Joomla! Components/Exploits Auto-Updating Scanner?

This is a simple  auto-updating Joomla! Plugins Scanner able to find installed components and relative exploits. It uses the csv file provided by the Exploit-DB team and an extra plugins’ list from Metasploit, but it is totally independent from this last one.


  • Automatic scanning for Joomla! components
  • Automatic retrieving of Joomla! exploits related to previously found components
  • Automatic components/exploits update and download (recommended)
  • It gives the user the chance to use a local file containing his favourite components to scan (read more in the section How to use it?)
  • Tor Proxy tunnel available

[FLOODING] If the target is protected by flooding requests the script won’t be successful, clearly.

How to use it?

You simply run the script giving it the following parameters:



  • –tor_proxy: you can specify your TOR active proxy with syntax tor_address:tor_port
  • –no_update: using this option means that you don’t want the tool to download updated components and exploits lists from the Web. If you select this option and you don’t have the two files comptotest.txt and exp-db_files.csv in your directory, you will have to manually put in your script’s directory the two mentioned files, where:
    • comptotest.txt = file containing Joomla! components you want to test
    • exp-db_files.csv = file containing Exploit-db exploits list used by the script to extract exploits related to the previously found components

I strongly recommend you to use this option only after having executed the script at least once, in order to have the two required files updated without you having to do anything . If it’s been a long time since the last time you run the script and you want to be sure to be updated do not use this option, and files will be automatically updated.


  • Python 2.7.x
  • Python modules to install: termcolor, requests

Note: You could have not installed some of the required libraries but it will install them for you PROVIDED you run the script as root. Besides you need to install pip in order to get missing libraries quickly.


I am not responsible for any kind of illegal acts you cause. This is meant to be used for ethical purposes by penetration testers. If you plan to copy, redistribute please give credits to the original author.

Video: Be will be available in a few days
Follow me:


About the author

Mubassir patel

Mubassir is a founder and developer of this site. He is a computer science engineer. He has a very deep interest in ethical hacking, penetration testing, website development and including all technology topic.

Leave a Comment