Vulners Web Vulnerability Scanner plugin for Google Chrome v. 2.0

Vulners Team released today the second version of their Web Vulnerability Scanning plugin for Google Chrome browser. You can read my description of the version 1.0 at “Vulners.com vulnerability detection plugins for Burp Suite and Google Chrome“.

Vulners web vulnerability scanner v.2.0

Killing feature of Vulners web scanner v. 2.0 is that you can now see all vulnerabilities on all scanned sites in a single window. You don’t need to checks all Google Chrome tabs manually.

Moreover, if some sites make request to other servers, for example googleapis.com, these servers will be checked automatically.

The plugin was fully refactored and now it is React driven. It works faster, analysis more data sources and detects vulnerabilities more accurately.

Installation

Install extension at Google chrome webstore:

Vulners Web Scanner at chrome webstore

Then click on Vulners icon and start scanning:

Vulners start scanning

Configuration

Note that there is a new Setting menu:

Vulners Web Scanner configurations

  • Select “Show all domains” if you want to see all vulnerabilities on one screen.
  • Select “Show only vulnerabilities” if you want to see vulnerably sites in results.
  • Select “Do extra scan resources” if you want to receive and parse content of static files.

Highly recommend to enable all these settings

Vulnerability scanning

Plugin will analyse following data sources:

  • http headers
  • page body content
  • JS, CSS

When you visit some sites they will appear in vulnerability report automatically. Hidden fingerprints are for sites that are not vulnerable. If you click on software/version, you will see the lists of related CVEs and CVSS Base Scores. You can press on each CVE and see full vulnerability description and available exploits at vulners.com.

Vulners Web Scanner scan results

You can also search in vulnerability report. For example, you can find all hosts, that have “bitr” in domain name:

Vulners Web Scanner search url

Or you can find all sites with vulnerable PHP:

Vulners Web Scanner search soft name

Pretty cool, isn’t it? 🙂

One thought on “Vulners Web Vulnerability Scanner plugin for Google Chrome v. 2.0

  1. Pingback: Making simple Nmap SPA web GUI with Apache, AngularJS and Python Twisted | Alexander V. Leonov

Leave a Reply

Your email address will not be published. Required fields are marked *