Vooki is a free vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application for vulnerabilities.
Includes Web Application Scanner, Rest API Scanner and Reporting Module.
Vooki can help you find the following attacks:
- Sql Injection
- command injection
- Header Injection
- Cross site scripting - reflected,
- Cross site scripting - stored
- Cross site scripting - dom based
- Missing security headers
- Malicious JS script execution
- Using components with known vulnerabilities
- Jquery Vulnerabilites
- Angularjs Vulnerabilites
- Bootstrap Vulnerabilities
- Sensitive Information disclosure in response headers
- Sensitive Information disclosure in error messages
- Missing Server Side Validation
- Javascript Dynamic Code Execution
- Sensitive Data Exposure
How to use Vooki Web Application Scanner
https://www.youtube.com/watch?v=I8WU64cnjL0&feature=emb_title
- Start the application.
- Connect your browser proxy to door Wookie.
- Visit all pages of your web application.
- Right-click the node that appears in the Vooki Tool and click Scan.
- When the scan is complete, click Create Report from the menu bar.
API Scanner
Vooki - Rest API Scanner can help you find the following attacks:
- Sql Injection
- command injection
- Header Injection
- Cross site scripting (possibilities)
- Missing security headers
- Sensitive Information disclosure in response headers
- Sensitive Information disclosure in error messages
- Missing Server Side input Validation
- Unwanted use of HTTP methods
- Improper HTTP Response
How to use Vooki Rest Scanner
https://www.youtube.com/watch?v=9I0P95nG0HM&feature=emb_title
- Start the application.
- Creating a new project.
- Add the new request to the created project.
- Provide appropriate headers, urls and data.
- Save and scan from the menu bar.
- When the scan is complete, click Create Report from the menu bar.