Vulners Web Vulnerability Scanner plugin for Google Chrome v. 2.0. Vulners Team released today the second version of their Web Vulnerability Scanning plugin for Google Chrome browser. You can read my description of the version 1.0 at “Vulners.com vulnerability detection plugins for Burp Suite and Google Chrome“.

Killing feature of Vulners web scanner v. 2.0 is that you can now see all vulnerabilities on all scanned sites in a single window. You don’t need to checks all Google Chrome tabs manually.

Moreover, if some sites make request to other servers, for example googleapis.com, these servers will be checked automatically.

The plugin was fully refactored and now it is React driven. It works faster, analysis more data sources and detects vulnerabilities more accurately.

Installation

Install extension at Google chrome webstore:

Then click on Vulners icon and start scanning:

Configuration

Note that there is a new Setting menu:

• Select “Show all domains” if you want to see all vulnerabilities on one screen.
• Select “Show only vulnerabilities” if you want to see vulnerably sites in results.
• Select “Do extra scan resources” if you want to receive and parse content of static files.

Highly recommend to enable all these settings

Vulnerability scanning

Plugin will analyse following data sources:

• http headers
• page body content
• JS, CSS

When you visit some sites they will appear in vulnerability report automatically. Hidden fingerprints are for sites that are not vulnerable. If you click on software/version, you will see the lists of related CVEs and CVSS Base Scores. You can press on each CVE and see full vulnerability description and available exploits at vulners.com.

You can also search in vulnerability report. For example, you can find all hosts, that have “bitr” in domain name:

Or you can find all sites with vulnerable PHP:

Pretty cool, isn’t it? 🙂