V O O K I
I N F O S E C

Vooki - Web Application and REST API Vulnerability Scanner (DAST TOOL)

Scanning and auditing your web applications is now made easier with the advent of Vooki. A Free version of Vooki is also available that gives you a perfect scan report about the scanned applications. It's a desktop application that can be installed both on Mac, Windows and a user-friendly tool with which you can easily scan any web application swiftly and identify many underlying security vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner and reporting section. Vooki covers a whopping 10000+ security checks.

Vooki has two vulnerability scanners, which are:

  • Web App Vulnerability Scanner
  • REST API Vulnerability Scanner

Vooki Features

Web Application Scanner

Vooki incorporates multiple types of scan in it's web application vulnerability scanner, which minimizes the processing time and suites your need.
  • Simple scanning method.
  • Easy user interface
Vooki's crawler collects all the web pages in the application and performs in-depth scanning of all those modules and sub-modules. This gives you a crystal-clear picture of the webpages exposed on the website without manually opening them.
  • Crawl huge sites with ease.
  • Finds hidden endpoints.
Vooki proves it's supremacy over other tools by detecting 10000+ vulnerabilities, including components with known vulnerabilities and most importantly.
Scan multiple web applications simultaneously. Vooki at the optimum rate performs 10 concurrent scans at a time.
Scans can be scheduled in Vooki to run automatically either after the current scan is completed or on the required date/time, as per the user convenience.
Vooki consists of testing features like request interception, forwarding, dropping and manipulating http requests to perform crafty penetration testing of your web applications.
  • New vulnerabilities are revealed on dashboard as soon as they found.
  • Vulnerabilities are categorised as High, Medium, Low and Information.
  • Give developers the details of vulnerability to fix security issues on their own.
  • Highlight the exact lines of code that need to be fixed.
  • Raise Jira tickets to developers with one click from Vooki
Test the components of your application that require authentication, including any vulnerabilities in administration panels, user preferences, and other sections that only authorised users can access.
  • Supports every type of authentication through the browser interface.
Vooki detects the technologies used in the application and displays them on the dashboard.
  • Encoder/Decoder
  • Encryption/Decryption
  • Hashing
Vooki provides quality reports with the best user interface in two formats.
  • HTML
  • PDF
Generate the following compliance reports in HTML and PDF format.
  • OWASP 2021
  • OWASP 2017
  • OWASP API 2019
  • PCI DSS
  • CWE
Generating the scan command is always a difficult task. To make this task easier Vooki provides the user interface to generate the scan command based on your selected option.
  • Firefox (inbuilt)
  • Google Chrome
  • Microsoft Edge
  • Manual configuration (any browser)
Vooki can be installed and used in Windows, MacOS and Linux. Linux version is only available in Vooki Pro.

REST API Scanner

Vooki provides a separate user interface for API vulnerability scan.
  • Vooki provides feature to add projects and API with ease.
  • Vooki provides simple user interface to fill API details such as headers and body.
Vooki proves it's supremacy over other tools by detecting 10000+ vulnerabilities, including components with known vulnerabilities and most importantly.
With the use of environment variables, you may save and reuse values in Vooki. You can use a value that has been saved as a variable to refer to it in other project contexts and requests. You can achieve greater efficiency by using environment variables.
Vooki includes the ability to export and import all APIs. 
It becomes very difficult to copy-paste or enter values to environment values. Vooki helps with this problem by provide a feature to export and import the environment variables.
  • New vulnerabilities are revealed on dashboard as soon as they found.
  • Vulnerabilities are categorised as High, Medium, Low and Information.
  • Give developers the details of vulnerability to fix security issues on their own.
  • Highlight the exact lines of code that need to be fixed.
  • Import Postman collection.
  • Import Postman environment variable.
Vooki provides quality reports with the best user interface in two formats.
  • HTML
  • PDF
Generate the following compliance reports in HTML and PDF format.
  • OWASP 2021
  • OWASP 2017
  • OWASP API 2019
  • PCI DSS
  • CWE
Generating the scan command is always a difficult task. To make this task easier Vooki provides the user interface to generate the scan command based on your selected option.
Vooki can be installed and used in Windows, MacOS and Linux. Linux version is only available in Vooki Pro.

Trusted by over 450+ companies of all sizes.

Choose the package that matches your needs

Installation just takes less than a minute. To believe it, we delightedly offer you the free version of our Vooki for trail usage. Just enjoy and believe the magic!

For one-time purchases, we support credit cards (we accept Visa, Mastercard, American Express, Discover, Diners Club, and JCB payments from customers worldwide), Paypal, Alipay, Wechat Pay, Link, Afterpay/Clearpay, and bank debits (e.g., ACH, SEPA).
Free
$0
Free Forever
No card required
  • Limited features
  • Unlimited scan
Download Now
PRO (10 domains)
$49
1 License/1 Month
Billed One Time
  • 10 domains
  • Unlimited scan
Buy Now Request Trial
PRO (25 domains)
$79
1 License/1 Month
Billed One Time
  • 25 domains
  • Unlimited scan
Buy Now Request Trial
PRO (50 domains)
$99
1 License/1 Month
Billed One Time
  • 50 domains
  • Unlimited scan
Buy Now Request Trial
PRO (75 domains)
$129
1 License/1 Month
Billed One Time
  • 75 domains
  • Unlimited scan
Buy Now Request Trial
PRO (~ domains)
$199
1 License/1 Month
Billed One Time
  • Unlimited domains
  • Unlimited scan
Buy Now Request Trial
For one-time purchases, we support credit cards (we accept Visa, Mastercard, American Express, Discover, Diners Club, and JCB payments from customers worldwide), Paypal, Alipay, Wechat Pay, Link, Afterpay/Clearpay, and bank debits (e.g., ACH, SEPA).
Free
$0
Free Forever
No card required
  • Limited features
  • Unlimited scan
Download Now
PRO (10 domains)
$499
1 License/1 Year
Billed One Time
  • 10 domains
  • Unlimited scans
Buy Now Request Trial
PRO (25 domains)
$899
1 License/1 Year
Billed One Time
  • 25 domains
  • Unlimited scan
Buy Now Request Trial
PRO (50 domains)
$1099
1 License/1 Year
Billed One Time
  • 50 domains
  • Unlimited scan
Buy Now Request Trial
PRO (75 domains)
$1499
1 License/1 Year
Billed One Time
  • 75 domains
  • Unlimited scan
Buy Now Request Trial
PRO (~ domains)
$1999
1 License/1 Year
Billed One Time
  • Unlimited domains
  • Unlimited scan
Buy Now Request Trial
For subscription payments we only support credit cards at this time.
Free
$0
Free Forever
No card required
  • Limited features
  • Unlimited scan
Download Now
PRO (10 domains)
$49
1 License/1 Month
Billed monthly
  • 10 domains
  • Unlimited scan
Buy Now Request Trial
PRO (25 domains)
$79
1 License/1 Month
Billed monthly
  • 25 domains
  • Unlimited scan
Buy Now Request Trial
PRO (50 domains)
$99
1 License/1 Month
Billed monthly
  • 50 domains
  • Unlimited scan
Buy Now Request Trial
PRO (75 domains)
$129
1 License/1 Month
Billed monthly
  • 75 domains
  • Unlimited scan
Buy Now Request Trial
PRO (~ domains)
$199
1 License/1 Month
Billed monthly
  • Unlimited domains
  • Unlimited scan
Buy Now Request Trial
For subscription payments we only support credit cards at this time.
Free
$0
Free Forever
No card required
  • Limited features
  • Unlimited scan
Download Now
PRO (10 domains)
$499
1 License/1 Year
Billed annually
  • 10 domains
  • Unlimited scans
Buy Now Request Trial
PRO (25 domains)
$899
1 License/1 Year
Billed annually
  • 25 domains
  • Unlimited scan
Buy Now Request Trial
PRO (50 domains)
$1099
1 License/1 Year
Billed annually
  • 50 domains
  • Unlimited scan
Buy Now Request Trial
PRO (75 domains)
$1499
1 License/1 Year
Billed annually
  • 75 domains
  • Unlimited scan
Buy Now Request Trial
PRO (~ domains)
$1999
1 License/1 Year
Billed annually
  • Unlimited domains
  • Unlimited scan
Buy Now Request Trial

Difference between Pro and Free Version of Vooki

PRO
  • Unlimited web application scan
  • Unlimited REST API can be added
  • Concurrent scans
  • Scheduled scans
  • Scan in Queue
  • Command Line scan
  • Scan authentication (Fetch from proxy, enter cookie manually, simple form and complex form)
  • 10000+ security checks
  • Multiple scan types
  • Penetration testing tools ( interceptor, composer, compare )
  • Crawler
  • Detailed report about the vulnerabilities including remediation and classification
  • HTML reporting (standard format, OWASP 2021, OWASP 2017, OWASP API 2019, PCI-DSS, CWE)
  • Import/Export of web scanned data
  • PDF reporting (standard format, OWASP 2021, OWASP 2017, OWASP API 2019, PCI-DSS, CWE)
  • Import/Export of REST API projects
  • Import/Export Postman collections
  • Help center
  • Commercial use
  • Predefined SLA
  • Jira integration
  • CL/CD pipeline support
  • Linux version
Free
  • Unlimited web application scan (1 scan at a time)
  • 20 REST API only can be added
  • Concurrent scans
  • Scheduled scans
  • Scan in Queue
  • Command Line scan
  • Scan authentication (Fetch from proxy, enter cookie manually)
  • 10000+ security checks
  • Multiple scan types
  • Penetration testing tools ( interceptor, composer, compare )
  • Crawler
  • Detailed report about the vulnerabilities including remediation
  • HTML reporting (standard format, OWASP 2021, OWASP 2017, OWASP API 2019, PCI-DSS, CWE)
  • Import/Export of web scanned data
  • PDF reporting (standard format, OWASP 2021, OWASP 2017, OWASP API 2019, PCI-DSS, CWE)
  • Import/Export of REST API projects
  • Import/Export Postman collections
  • Help center
  • Commercial use
  • Predefined SLA
  • Jira integration
  • CL/CD pipeline support
  • Linux version

VOOKI - REST API Vulnerability Scanner

Vooki’s REST application scanner is an automated tool to scan and detect vulnerabilities in the REST API at ease. Relating to API testing, Vooki also includes features to import the required data from Postman.

Vooki’s REST API vulnerability scanner is specially designed:

  • To scan the API's in an application.
  • To identify the security flaws in it.
  • To demonstrate the vulnerabilities in an understandable manner.

To check this, all you need to do is just execute the API and then run the scan for beholding the sight of security vulnerabilities identified in it.

REST API scanner

Vooki

Features of Vooki REST API Vulnerability Scanner:

  • Reports with all relevant remediation.
  • Environment variables.
  • Imports collection and environment variables from Postman.

Sample Report of Vooki REST API Vulnerability Scanner:

Vooki’s sample report starts with a quick summary of the risk findings and its ratings. Each finding has a detailed explanation in terms of risk and recommendations about the vulnerability. The vulnerabilities are classified based on the risk level. For your reference, you’re most welcome to download and see the sample report.

Vooki’s REST API scanner sample report

REST API scanner

Sample report

VOOKI - Web Application Vulnerability Scanner

Vooki's web application security scanner is an automated tool to effectively scan and detect many underlying vulnerabilities in web applications in a few minutes. These vulnerabilities include not just the easier ones, but the issues takes strenuous human efforts to identify, with least false positive rates compared to many other vulnerability scanners. Web application scanning done with Vooki offers all its users a sense of satisfaction as it has all the modules to perform scanning on a holistic approach. For earning your trust, besides the commercial version, a free version is also available.

Web app scanner

Vooki

Full Scan

Full Scan checks all the collected URLs from the browser. It includes web-spidering and CSRF token bypass. Full Scan checks all the pages of the target web application, detects complex login mechanisms and scans the pages behind the authorization for vulnerabilities. This is the scan we highly recommend you to perform on your website.

Basic Scan

The basic scan is good for websites that do not have authentication and static websites. This basic scan includes a crawler by default. So Basic Scan crawls first, collects the URLs from the website, starts the scan and ultimately provides with the most reliable results.

Penetration Testing

Penetration Testing tab consists of HTTP(S) interceptor and a HTTP request composer. You can edit the HTTP request, drop it and send it to the server. This unique facility in Vooki will help you to perform efficient penetration testing.

Crawler

Vooki crawler performs an in-depth scanning of your website and presents the list of web pages available on the domain. Collected URL’s will be available in the captured URL tab.

Domain & Host Scanner

Domain & Host Scanner scans your entire website and gets various significant information about Open ports, Server, DNS information, Web archive, Certificate information, Geo location of server and ‘Who is’ data.

Cryptography

Cryptography section consists of the below modules:

  • Encoder/Decoder
  • Encryption
  • Hashing

Sample Report of Vooki Web Application Vulnerability Scanner:

Vooki’s sample report starts with a quick summary of the risk findings and its ratings. Each finding has a detailed explanation in terms of risk and recommendations about the vulnerability. The vulnerabilities are classified based on the risk level. For your reference, you’re most welcome to download and see the sample report.

Vooki’s web application vulnerability scanner sample report.

Web app scanner

Sample report

Over 70,000+ downloads of Vooki free version all over the world.

Windows

  • Size (212 MB)
  • Current Version (4.0.11)
Download

macOS

  • Size (275 MB)
  • Current Version (4.0.9)
Download

System Requirements

  • Operating Systems MacOS(64bit), Windows(64bit), Linux all distribution(64bit). Linux version only available in pro
  • RAM A minimum of 4GB of RAM is required for scanning simple websites.
    16GB of RAM is required for scanning medium-range websites.
    32GB is required for larger websites.
  • Storage 10GB of available disk space

We've been helping customers globally with our other product

Vooki Android app vulnerability scanner( Yaazhini )

Android App(APK & API) vulnerability scanner.