Vooki - web scan

Kang Asu

Vooki - web scan

Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section.


Vooki – Web Application Scanner can help you to find the following attacks
  • Sql Injection
  • Command Injection
  • Header Injection
  • Cross site scripting – reflected,
  • Cross site scripting – stored
  • Cross site scripting – dom based
  • Missing security headers
  • Malicious JS script execution
  • Using components with known vulnerabilities
  • Jquery Vulnerabilites
  • Angularjs Vulnerabilites
  • Bootstrap Vulnerabilities
  • Sensitive Information disclosure in response headers
  • Sensitive Information disclosure in error messages
  • Missing Server Side Validation
  • Javascript Dyanamic Code Execution
  • Sensitive Data Exposure

How to use Vooki Web Application Scanner

  • Start Application.
  • Connect the browser proxy to Vooki port.
  • Visit al the pages of your web application.
  • Right click on node appearing on Vooki tool and click on the scan.
  • After scan gets completed click on generate report from the menu bar.

Rest API Scanner

Vooki – Rest API Scanner can help you to find the following attacks
  • Sql Injection
  • Command Injection
  • Header Injection
  • Cross site scripting ( possibilities  )
  • Missing security headers
  • Sensitive Information disclosure in response headers
  • Sensitive Information disclosure in error messages
  • Missing Server Side input Validation
  • Unwanted use of HTTP methods
  • Improper HTTP Response

How to use Vooki Rest Scanner


  • Start Application.
  • Create new Project.
  • Add the new request in created project.
  • Provide proper headers, url and data.
  • Save and run the scan from the menu bar.
  • After scan gets completed click on generate report from the menu bar.


Regards
Kang Asu