A WordPress vulnerability scanner
From pypy:
python -m venv .
source bin/activate
pip install vane2
vane --helpFrom source:
git clone https://github.com/delvelabs/vane2
cd vane2
python -m venv .
source bin/activate
pip install -r requirements.txt
python -m vane --helpDoing a standard scan:
vane scan --url http://example.com/Using a HTTP proxy for the scan (replace http://127.0.0.1:8080 with the proxy URL):
vane scan --url http://example.com/ --proxy http://127.0.0.1:8080Printing output in JSON format:
vane scan --url http://example.com/ --output-format jsonOnly check for popular plugins and themes:
vane scan --url http://example.com/ -pUpdating the database:
vane import-dataPrinting help message:
vane --help--urlURL of the target Web site of the scan. Not used for import-data.--import-pathPath to the database. By default, the current directory is used.-pOnly check for popular plugins and themes. Can be used with-v-vOnly check for vulnerable plugins and themes. Can be used with-p--passiveOnly find plugins and themes with a passive scan.--proxyURL of the HTTP proxy to use for the scan.--no-ssl-validationDo not verify if the certificate of target website is valid.--ca-certThe certification authority certificate to use to validate the SSL certificate of the target.--auto-update-frequencyThe delay in days between two auto updates of the database. Default is 7.--no-updateNo data update will be done. Scan will not be performed if no database is found locally.--output-formatFormat for the scan output ("pretty" or "json"). Default is "pretty".
See [add the URL to openwebvulndb when it is public] for more details.
Most contributions are welcome. Simply submit a pull request on GitHub.
Instruction for contributors:
- Accept the contributor license agreement.
- Write tests for your code. Untested code will be rejected.
To report a bug or suggest a feature, open an issue.
Copyright 2017- Delve Labs inc.
This software is published under the GNU General Public License, version 2.