List of domains using Joomla! with their version

Relax and enjoy The Lounge. For all Non-Joomla! topics or ones that don't fit anywhere else. Normal forum rules apply.
Post Reply
motdin
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Sun Sep 15, 2019 12:31 am

List of domains using Joomla! with their version

Post by motdin » Sun Sep 15, 2019 12:39 am

Hi,

currently I’m writing my Master’s thesis about automatic software detection and version inference by indexing and requesting static files of web software. For testing the tool which is developed/improved, currently I’m using multiple Docker containers with different versions of Joomla! to test how reliable the results are, but in my opinion this setup is highly biased because of the homogenous deployment and default settings (themes etc.). Therefore it would be very useful to get insights into usage statistics of Joomla! deployments.

In particular I’m interested in a list of domains which have Joomla! deployed and the version which they are using so I can verify whether the tool is working reliably but running the tool against the list and checking whether it correctly infers the software and version.

A sample size of about 1000 to 10000 domains would be really helpful. As a bonus it would be good, if the sample would include a wide range of different versions and approximately resemble the distribution of overall installations. Of course I would handle the list with care and keep it confidential and only use it to verify the quality of the tool.
Last edited by imanickam on Sun Sep 15, 2019 4:05 pm, edited 1 time in total.
Reason: Moved the topic from the forum General Questions/New to Joomla! 3.x to the forum The Lounge

User avatar
AMurray
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4947
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: List of domains using Joomla! with their version

Post by AMurray » Sun Sep 15, 2019 5:19 am

I don't know of any such tool that will list actual domains/sites running Joomla. That would work against site owners especially if they are trying to hide the fact their site runs joomla (in order to make it harder for hackers to identify joomla sites).

However Joomla.org collects anonymous basic stats about user sites. Refer to https://developer.joomla.org/about/stats.html. Collection of these stats by way of a plugin in Joomla, and is an opt-in by the site owner. They can choose not to have their site send the site specs to Joomla.org.

motdin wrote:Therefore it would be very useful to get insights into usage statistics of Joomla! deployments.
There's the public API available from which you can sort stats about Joomla installations: https://developer.joomla.org/about/stats/api.html and as one example :
CMS Version: https://developer.joomla.org/stats/cms_version

I don't know if that's what you're after, or in the right direction..... ???
Regards,
--------------------------------------------------------------
A Murray
Millennium Falcon - it's the ship that made the Kessel run in less than 12 parsecs! The fastest hunk of junk in the galaxy.

motdin
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Sun Sep 15, 2019 12:31 am

Re: List of domains using Joomla! with their version

Post by motdin » Sun Sep 15, 2019 9:38 am

There are in fact a few such tools available which I'm analyzing in my thesis, for example Fingerprinter, Detect-CMS or VersionInferrer which are Open Source tools despite web services like Built With, whatruns, Rescan and alike.

You are right, these tools can be used against website operators for attacks (reconnaissance, vulnerability search etc.) but this also has a lot of good aspects like showing whether the software is up to date and trustworthy for giving away sensible information (address, payment, interests, etc.). It can also be used for independent market analysis and census research (how popular is a specific web software). Therefore these tools are dual use (like a lot of other tools, e.g. nmap, Wireshark etc.).

I'm aware of the anonymous usage statistics you mentioned and they are helpful. However, as descibed in my initial post, this does not help verifying the reliability of such tools as it is difficult to establish a ground truth of websites to test against. I know this a rather difficult topic as still a lot of website operators built their security on principles like security through obscurity but I hope there is a possibility to have some insights for research purposes.


Post Reply

Return to “The Lounge”