Vane 2.0

A WordPress vulnerability scanner

Installation

From pypy:

python -m venv .
source bin/activate
pip install vane2

vane --help

From source:

git clone https://github.com/delvelabs/vane2
cd vane2
python -m venv .
source bin/activate
pip install -r requirements.txt

python -m vane --help

Doing a standard scan:

vane scan --url http://example.com/

Using a HTTP proxy for the scan (replace http://127.0.0.1:8080 with the proxy URL):

vane scan --url http://example.com/ --proxy http://127.0.0.1:8080

Printing output in JSON format:

vane scan --url http://example.com/ --output-format json

Only check for popular plugins and themes:

vane scan --url http://example.com/ -p

Updating the database:

vane import-data

Printing help message:

vane --help

--url URL of the target Web site of the scan. Not used for import-data.
--import-path Path to the database. By default, the current directory is used.
-p Only check for popular plugins and themes. Can be used with -v
-v Only check for vulnerable plugins and themes. Can be used with -p
--passive Only find plugins and themes with a passive scan.
--proxy URL of the HTTP proxy to use for the scan.
--no-ssl-validation Do not verify if the certificate of target website is valid.
--ca-cert The certification authority certificate to use to validate the SSL certificate of the target.
--auto-update-frequency The delay in days between two auto updates of the database. Default is 7.
--no-update No data update will be done. Scan will not be performed if no database is found locally.
--output-format Format for the scan output ("pretty" or "json"). Default is "pretty".

See [add the URL to openwebvulndb when it is public] for more details.

Most contributions are welcome. Simply submit a pull request on GitHub.

Instruction for contributors:

To report a bug or suggest a feature, open an issue.

This software is published under the GNU General Public License, version 2.