Vooki is a free vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application for vulnerabilities.
Includes the Web Application Scanner, the Rest API Scanner and the reference section.
Vooki can help you find the following attacks:
- Sql Injection
- command injection
- Header Injection
- Cross site scripting - reflected,
- Cross site scripting - stored
- Cross site scripting - dom based
- Missing security headers
- Malicious JS script execution
- Using components with known vulnerabilities
- Jquery Vulnerabilites
- Angularjs Vulnerabilites
- Bootstrap Vulnerabilities
- Sensitive Information disclosure in response headers
- Sensitive Information disclosure in error messages
- Missing Server Side Validation
- Javascript Dynamic Code Execution
- Sensitive Data Exposure
How to use Vooki Web Application Scanner
https://www.youtube.com/watch?v=I8WU64cnjL0&feature=emb_title
- Start the application.
- Connect the browser proxy to the Vooki port.
- Visit all pages of your web application.
- Right-click the node that appears in the Vooki Tool and click Scan.
- After the scan is complete, click on generate report from line menu.
API Scanner
Vooki - Rest API Scanner can help you find the following attacks:
- Sql Injection
- command injection
- Header Injection
- Cross site scripting (possibilities)
- Missing security headers
- Sensitive Information disclosure in response headers
- Sensitive Information disclosure in error messages
- Missing Server Side input Validation
- Unwanted use of HTTP methods
- Improper HTTP Response
How to use Vooki Rest Scanner
https://www.youtube.com/watch?v=9I0P95nG0HM&feature=emb_title
- Start the application.
- Creating a new project.
- Add the new request to the created project.
- Provide appropriate headers, urls and data.
- Save and scan from the menu bar.
- When the scan is complete, click Create Report from the menu bar.