Vane is a vulnerability scanner that scans WordPress for all webmasters to scan for WordPress vulnerabilities and find and fix problems before they go live. It is a great WordPress security assessment tool, this tool should be an indispensable part of the penetration for the WordPress site.



Windows not supported
Ruby => 1.9

  • Run with docker
    Useful if you do not want to pollute your local environment with ruby gems.
    docker build -t vane .
    docker run –rm vane –help
  • Installing on Debian/Ubuntu
    sudo apt-get install libcurl4-gnutls-dev libxml2 libxml2-dev libxslt1-dev ruby-dev
    git clone
    cd vane
    sudo gem install bundler && bundle install –without test development
  • Installing on Fedora, Archlinux,Mac OS X



Enter a domain name scan

sudo ruby vane.rb

Uses 60 threads to enumerate users

sudo ruby vane.rb –url –wordlist /home/ddos/Desktop/10_million_password_list_top_1000.txt –threads 60

Enumerates the installed plug-ins

sudo ruby vane.rb –url –enumerate p