Metasploit does not yet have an inbuilt module for Joomla's specific vulnerability assessment. This gives us two options; either make a wrapper or plugin for Joomla ourselves, as we did for WordPress in the previous chapter, or use different tools that are already available online, such as JoomScan or JoomlaVS. In this section, we will look at a great tool that can be used to perform a vulnerability assessment of Joomla.
The following description is included on the official Joomla GitHub wiki page:
JoomlaVS is a Ruby application that can help automate assessing how vulnerable a Joomla installation is to exploitation. It supports basic fingerprinting and can scan for vulnerabilities in components, modules, and templates, as well as vulnerabilities that exist within Joomla itself.
JoomlaVS can be downloaded from: https://github...
