A WordPress vulnerability scanner
From pypy:
python -m venv .
source bin/activate
pip install vane2
vane --help
From source:
git clone https://github.com/delvelabs/vane2
cd vane2
python -m venv .
source bin/activate
pip install -r requirements.txt
python -m vane --help
Doing a standard scan:
vane scan --url http://example.com/
Using a HTTP proxy for the scan (replace http://127.0.0.1:8080 with the proxy URL):
vane scan --url http://example.com/ --proxy http://127.0.0.1:8080
Printing output in JSON format:
vane scan --url http://example.com/ --output-format json
Only check for popular plugins and themes:
vane scan --url http://example.com/ -p
Updating the database:
vane import-data
Printing help message:
vane --help
--url
URL of the target Web site of the scan. Not used for import-data.--import-path
Path to the database. By default, the current directory is used.-p
Only check for popular plugins and themes. Can be used with-v
-v
Only check for vulnerable plugins and themes. Can be used with-p
--passive
Only find plugins and themes with a passive scan.--proxy
URL of the HTTP proxy to use for the scan.--no-ssl-validation
Do not verify if the certificate of target website is valid.--ca-cert
The certification authority certificate to use to validate the SSL certificate of the target.--auto-update-frequency
The delay in days between two auto updates of the database. Default is 7.--no-update
No data update will be done. Scan will not be performed if no database is found locally.--output-format
Format for the scan output ("pretty" or "json"). Default is "pretty".
See [add the URL to openwebvulndb when it is public] for more details.
Most contributions are welcome. Simply submit a pull request on GitHub.
Instruction for contributors:
- Accept the contributor license agreement.
- Write tests for your code. Untested code will be rejected.
To report a bug or suggest a feature, open an issue.
Copyright 2017- Delve Labs inc.
This software is published under the GNU General Public License, version 2.