Vane: open source WordPress Vulnerability Scanning

by do son · Published · Updated

Vane is a vulnerability scanner that scans WordPress for all webmasters to scan for WordPress vulnerabilities and find and fix problems before they go live. It is a great WordPress security assessment tool, this tool should be an indispensable part of the penetration for the WordPress site.

INSTALL

Prerequisites

Windows not supported
Ruby => 1.9
RubyGems
Git

  • Run with docker
    Useful if you do not want to pollute your local environment with ruby gems.
    docker build -t vane .
    docker run –rm vane –help
  • Installing on Debian/Ubuntu
    sudo apt-get install libcurl4-gnutls-dev libxml2 libxml2-dev libxslt1-dev ruby-dev
    git clone https://github.com/delvelabs/vane.git
    cd vane
    sudo gem install bundler && bundle install –without test development
  • Installing on Fedora, Archlinux,Mac OS X

Usage:

Option:

Enter a domain name scan

sudo ruby vane.rb 192.168.1.9:8585/wordpress

Uses 60 threads to enumerate users

sudo ruby vane.rb –url 192.168.1.9:8585/wordpress –wordlist /home/ddos/Desktop/10_million_password_list_top_1000.txt –threads 60

Enumerates the installed plug-ins

sudo ruby vane.rb –url 192.168.1.9:8585/wordpress –enumerate p

 

Tags: CSRFVulnerabilityweb appWordpress scanningXSRFXSS