René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Add a Joomla CMS security vulnerability scanner","articleBody":"## 🚓  New Scanner implementation request\r\n\u003c!--\r\nThank you for contributing to our project 🙌\r\n\r\nBefore opening a new issue, please make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead. Also, please, have a look at our FAQs and existing questions before opening a new question.\r\n--\u003e\r\n\r\n### Is your feature request related to a problem\r\n\u003c!-- Please describe a clear and concise description of what the problem is. \r\n     Use commmon user story patterns like https://en.wikipedia.org/wiki/User_story:\r\n      - As a \u003crole\u003e I can \u003ccapability\u003e, so that \u003creceive benefit\u003e\r\n      - In order to \u003creceive benefit\u003e as a \u003crole\u003e, I can \u003cgoal/desire\u003e\r\n      - As \u003cwho\u003e \u003cwhen\u003e \u003cwhere\u003e, I \u003cwant\u003e because \u003cwhy\u003e\r\n     For example... As a secureCodeBox user i'm always frustrated when [...] --\u003e\r\nAs a secureCodeBox user I would like to use the secureCodeBox to check my external attack surface. Especially CMS systems, like Joomla, are common systems that may introduce new vulnerabilities on a regular basis. \r\n\r\n### Describe the solution you'd like\r\nSince the secureCodeBox already supports the WordPress scanner WPScan and Typo3 scanner Typo3Scan,  it would be great to also add at least one Joomla scanner. \r\nThe following are good candidates:\r\nhttps://github.com/OWASP/joomscan : OWASP JoomScan Project: Advanced Joomla Scans\r\nhttps://github.com/Tuhinshubhra/CMSeeK  : Similar detection level. Results are more easily parsable (json format)\r\n\u003c!-- A clear and concise description of what you want to happen. --\u003e\r\n\r\n### Describe alternatives you've considered\r\n\u003c!-- A clear and concise description of any alternative solutions or features you've considered. --\u003e\r\n\r\n### Additional context\r\n\u003c!-- Add any other context or screenshots about the feature request here. --\u003e\r\nhttps://www.infosecmatter.com/cms-vulnerability-scanners-for-wordpress-joomla-drupal-moodle-typo3/\r\n## Steps to implement a new scanner\r\nHint: A general guide how to implement a new SCB scanner is documented [here](https://docs.securecodebox.io/docs/contributing/integrating-a-scanner)\r\n\r\n- [x] Create a new folder with the name of the [scanner here](https://github.com/secureCodeBox/secureCodeBox/tree/master/scanners)\r\n- [x] Add a `README.gotmpl` and give a [brief overview](https://docs.securecodebox.io/docs/contributing/integrating-a-scanner/readme) of the scanner and its configuration options.\r\n- [x] Add a HelmChart and document all configuration options.\r\n- [x] Implement a new scanner specific `scan-type.yaml`\r\n- [x] Implement a new scanner specific `parse-definition.yaml`\r\n- [x] Add (optional) some `cascading-rules.yaml` like documented [here](https://docs.securecodebox.io/docs/api/crds/cascading-rule)\r\n- [x] Add (optional) a `Dockerfile` for the scanner if there is no existing one publicly available on dockerHub\r\n- [x] Use the [parser-SDK](https://github.com/secureCodeBox/secureCodeBox/tree/master/parser-sdk) to implement a new findings parser (currently based on NodeJS)\r\n- [x] Add unit tests with at minimum 80% test coverage\r\n- [x] Add some example `scan.yaml` and `finding.yaml` files in the [example folder](https://docs.securecodebox.io/docs/contributing/integrating-a-scanner/examples-dir)\r\n- [x] Implement a [new integration or E2E test](https://docs.securecodebox.io/docs/contributing/integrating-a-scanner/integration-tests) for the hook [here](https://github.com/secureCodeBox/secureCodeBox/tree/master/tests/integration)\r\n","author":{"url":"https://github.com/Ilyesbdlala","@type":"Person","name":"Ilyesbdlala"},"datePublished":"2021-09-01T13:39:09.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/621/secureCodeBox/issues/621"}