diff --git a/lib/core/enums.py b/lib/core/enums.py
index 4956d4f1b..a22e20207 100644
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@@ -124,11 +124,12 @@ class HASH:
     SHA224_GENERIC = r'(?i)\A[0-9a-f]{28}\Z'
     SHA384_GENERIC = r'(?i)\A[0-9a-f]{48}\Z'
     SHA512_GENERIC = r'(?i)\A[0-9a-f]{64}\Z'
-    CRYPT_GENERIC = r'(?i)\A(?!\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\Z)(?![0-9]+\Z)[./0-9A-Za-z]{13}\Z'
-    WORDPRESS = r'(?i)\A\$P\$[./0-9A-Za-z]{31}\Z'
-    APACHE_MD5_CRYPT = r'(?i)\A\$apr1\$.{1,8}\$[./a-z0-9]+\Z'
-    UNIX_MD5_CRYPT = r'(?i)\A\$1\$.{1,8}\$[./a-z0-9]+\Z'
-    APACHE_SHA1 = r'(?i)\A\{SHA\}[a-z0-9+/]+={0,2}\Z'
+    CRYPT_GENERIC = r'\A(?!\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\Z)(?![0-9]+\Z)[./0-9A-Za-z]{13}\Z'
+    JOOMLA = r'\A[0-9a-f]{32}:\w{32}\Z'
+    WORDPRESS = r'\A\$P\$[./0-9a-zA-Z]{31}\Z'
+    APACHE_MD5_CRYPT = r'\A\$apr1\$.{1,8}\$[./a-zA-Z0-9]+\Z'
+    UNIX_MD5_CRYPT = r'\A\$1\$.{1,8}\$[./a-zA-Z0-9]+\Z'
+    APACHE_SHA1 = r'\A\{SHA\}[a-zA-Z0-9+/]+={0,2}\Z'
 
 # Reference: http://www.zytrax.com/tech/web/mobile_ids.html
 class MOBILES:
diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index 6364a77e8..67239fa8b 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -378,6 +378,16 @@ def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
 
     return "%s%s$%s" % (magic, salt, hash_)
 
+def joomla_passwd(password, salt, **kwargs):
+    """
+    Reference: https://stackoverflow.com/a/10428239
+
+    >>> joomla_passwd(password='testpass', salt='WZGO7gQEl1UHHKeT7mN9n1VNtHj7xhC')
+    'd5875f832ce9d83c21a14075019d3d24:WZGO7gQEl1UHHKeT7mN9n1VNtHj7xhC'
+    """
+
+    return "%s:%s" % (md5("%s%s" % (password, salt)).hexdigest(), salt)
+
 def wordpress_passwd(password, salt, count, prefix, **kwargs):
     """
     Reference(s):
@@ -448,6 +458,7 @@ __functions__ = {
                     HASH.SHA384_GENERIC: sha384_generic_passwd,
                     HASH.SHA512_GENERIC: sha512_generic_passwd,
                     HASH.CRYPT_GENERIC: crypt_generic_passwd,
+                    HASH.JOOMLA: joomla_passwd,
                     HASH.WORDPRESS: wordpress_passwd,
                     HASH.APACHE_MD5_CRYPT: unix_md5_passwd,
                     HASH.UNIX_MD5_CRYPT: unix_md5_passwd,
@@ -796,7 +807,7 @@ def dictionaryAttack(attack_dict):
                 if re.match(hash_regex, hash_):
                     item = None
 
-                    if hash_regex not in (HASH.CRYPT_GENERIC, HASH.WORDPRESS, HASH.UNIX_MD5_CRYPT, HASH.APACHE_MD5_CRYPT, HASH.APACHE_SHA1):
+                    if hash_regex not in (HASH.CRYPT_GENERIC, HASH.JOOMLA, HASH.WORDPRESS, HASH.UNIX_MD5_CRYPT, HASH.APACHE_MD5_CRYPT, HASH.APACHE_SHA1):
                         hash_ = hash_.lower()
 
                     if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC, HASH.APACHE_SHA1):
@@ -811,6 +822,8 @@ def dictionaryAttack(attack_dict):
                         item = [(user, hash_), {'salt': hash_[0:2]}]
                     elif hash_regex in (HASH.UNIX_MD5_CRYPT, HASH.APACHE_MD5_CRYPT):
                         item = [(user, hash_), {'salt': hash_.split('$')[2], 'magic': '$%s$' % hash_.split('$')[1]}]
+                    elif hash_regex in (HASH.JOOMLA,):
+                        item = [(user, hash_), {'salt': hash_.split(':')[-1]}]
                     elif hash_regex in (HASH.WORDPRESS,):
                         if ITOA64.index(hash_[3]) < 32:
                             item = [(user, hash_), {'salt': hash_[4:12], 'count': 1 << ITOA64.index(hash_[3]), 'prefix': hash_[:12]}]