As with most of the tools in Kali Linux, JoomScan is a command-line utility, so we need to open a Terminal to run it:
- First, run joomscan -h to see how is it used and its options, as shown in the following screenshot:
- Now we know that we need to use the -u option, followed by the URL we want to scan, we can also modify other parameters in the requests, such as cookies and user agents. We will run the simplest command: joomscan -u http://192.168.56.11/joomla/.
- JoomScan will start scanning and displaying the results. As we can see in the following screenshot, those results include the version of Joomla that is affected, the type of vulnerability, the CVE number, and something that can prove to be very useful for a penetration tester, the Exploit-DB reference, if there is a public exploit available:
- When the scan is finished, JoomScan will show the path where the scan report is stored. This path is relative to JoomScan's installation path; in our case, the report is saved in /usr/share/joomscan/reports/192.168.56.11/:
- We can open the given directory and open the report, which is in HTML format, as can be seen in the next picture:
