Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section.
Vooki – Web Application Scanner can help you to find the following attacks
- Sql Injection
- Command Injection
- Header Injection
- Cross site scripting – reflected,
- Cross site scripting – stored
- Cross site scripting – dom based
- Missing security headers
- Malicious JS script execution
- Using components with known vulnerabilities
- Jquery Vulnerabilites
- Angularjs Vulnerabilites
- Bootstrap Vulnerabilities
- Sensitive Information disclosure in response headers
- Sensitive Information disclosure in error messages
- Missing Server Side Validation
- Javascript Dyanamic Code Execution
- Sensitive Data Exposure
- Start Application.
- Connect the browser proxy to Vooki port.
- Visit al the pages of your web application.
- Right click on node appearing on Vooki tool and click on the scan.
- After scan gets completed click on generate report from the menu bar.
Vooki – Rest API Scanner can help you to find the following attacks
How to use Vooki Rest Scanner- Sql Injection
- Command Injection
- Header Injection
- Cross site scripting ( possibilities )
- Missing security headers
- Sensitive Information disclosure in response headers
- Sensitive Information disclosure in error messages
- Missing Server Side input Validation
- Unwanted use of HTTP methods
- Improper HTTP Response
- Start Application.
- Create new Project.
- Add the new request in created project.
- Provide proper headers, url and data.
- Save and run the scan from the menu bar.
- After scan gets completed click on generate report from the menu bar.