V O O K I
I N F O S E C

Vooki: Dynamic Web Application & REST API Vulnerability Scanner (DAST Tool)

Looking for a comprehensive security scanning solution for your website and REST API? Enter Vooki, the most robust desktop-based vulnerability scanner tailored for Windows, Mac, and Linux. Engineered with the utmost precision, Vooki delves deep into potential vulnerabilities, running over 10,000+ security checks to ensure your websites and APIs stand strong against threats.

Vooki's suite includes two specialized vulnerability scanners

  • Web App Vulnerability Scanner
  • REST API Vulnerability Scanner

Vooki Features

Web Application Vulnerability Scanner

Vooki incorporates various scan types within its web application vulnerability scanner, optimizing processing time to suit your specific needs. It boasts a simple scanning method and an intuitive user interface.
Vooki's advanced crawler meticulously collects web pages from your application and conducts in-depth scans of all modules and sub-modules. This comprehensive approach provides a clear overview of exposed web pages on your site without the need for manual exploration. Crawl large websites effortlessly and uncover hidden endpoints.
Vooki stands out by detecting over 10,000 vulnerabilities, including components with known security issues, ensuring thorough protection.
Achieve optimal efficiency by simultaneously scanning multiple web applications. Vooki can perform up to 10 concurrent scans, saving you valuable time.
Vooki offers the convenience of scheduling scans to run automatically, either upon completion of the current scan or at a specified date and time.
Vooki empowers you with penetration testing features, allowing for request interception, forwarding, dropping, and manipulation of HTTP requests to conduct meticulous security assessments of your web applications.
Stay informed with real-time updates on new vulnerabilities categorized as High, Medium, Low, or Informational. Vooki provides developers with detailed vulnerability information, highlighting the exact lines of code that require attention.
Streamline issue tracking by effortlessly creating Jira tickets for developers directly from Vooki.
Verify the security of authenticated components within your application, including administration panels and user preferences, exclusively accessible to authorized users. Vooki supports various authentication methods through a browser interface.
Vooki's intelligent detection identifies the technologies employed in your application and presents them on the dashboard for easy reference.
Vooki includes essential cryptographic functionalities such as Encoder/Decoder, Encryption/Decryption, and Hashing.
Enjoy high-quality reports with a user-friendly interface, available in both HTML and PDF formats.
Generate compliance reports for OWASP 2021, OWASP 2017, OWASP API 2019, PCI DSS, and CWE in both HTML and PDF formats.
Simplify scan command generation with Vooki's user-friendly interface, tailored to your selected options.
Vooki is compatible with popular browsers, including Firefox (inbuilt), Google Chrome, Microsoft Edge, and offers manual configuration for any browser.
Vooki can be effortlessly installed and utilized on Windows, MacOS, and Linux (Linux version available in Vooki Pro).
Vooki seamlessly integrates with popular DevOps pipelines, including Jenkins, streamlining the security assessment process within your CI/CD workflows. This ensures that security checks are an integral part of your development and deployment processes, enhancing your web application's security posture.

REST API Vulnerability Scanner

Vooki offers a dedicated user interface specifically designed for API vulnerability scanning, streamlining the process of adding and testing project and API endpoints. With an intuitive interface, users can easily input API details, including headers and body information, enhancing the user experience and facilitating seamless project and API additions.
Vooki stands out from the competition by identifying over 10,000 vulnerabilities, including components known for their susceptibility to breaches. Its superior detection capabilities ensure that your projects are secure from the most commonly known and obscure threats alike.
Vooki allows users to save and reuse values through environment variables, promoting efficiency. These saved values can be referenced in various project contexts and requests, making it easier to manage and manipulate data across different project environments.
The platform simplifies the import and export process of all APIs, addressing the challenge of manually entering or copy-pasting environment values. Vooki's import/export feature for environment variables enhances the ease of data management and transfer.
The dashboard provides immediate updates on newly discovered vulnerabilities, categorizing them based on their severity levels - High, Medium, Low, and Informational. It empowers developers with detailed insights into each vulnerability, highlighting the exact lines of code that need modification to enhance security.
With the capability to import Postman collections and environment variables, Vooki seamlessly integrates with Postman, ensuring a fluid workflow and enhanced project management.
Vooki generates top-quality, user-friendly reports in HTML and PDF formats, providing users with options that best suit their needs and preferences.
Users can generate compliance reports adhering to various industry standards, including OWASP 2021, OWASP 2017, OWASP API 2019, PCI DSS, and CWE, in both HTML and PDF formats.
Vooki simplifies the process of generating scan commands with its intuitive user interface, allowing users to easily select options and run pipeline scans from the command line. The user-centered design ensures that generating scan commands is no longer a daunting task, making Vooki an essential tool for all your API vulnerability scanning needs.
Streamline issue tracking by effortlessly creating Jira tickets for developers directly from Vooki.

Trusted by over 450+ companies of all sizes.

Explore Packages That Best Suit Your Needs!

Installation takes less than a minute! Don't just take our word for it; we’re pleased to offer a free version of Vooki for trial use. Experience the simplicity and efficiency yourself!

For one-time purchases, we accept a variety of payment methods including credit cards (Visa, MasterCard, American Express, Discover, Diners Club, and JCB), PayPal, Alipay, WeChat Pay, and Afterpay/Clearpay, as well as bank debits (e.g., ACH, SEPA) from customers around the globe.
Free
$0
Free Forever
No card required
  • Limited features
  • Unlimited scan
Download Now
PRO (10 domains)
$49
1 License/1 Month
Billed One Time
  • 10 domains
  • Unlimited scan
Buy Now Request Trial
PRO (25 domains)
$79
1 License/1 Month
Billed One Time
  • 25 domains
  • Unlimited scan
Buy Now Request Trial
PRO (50 domains)
$99
1 License/1 Month
Billed One Time
  • 50 domains
  • Unlimited scan
Buy Now Request Trial
PRO (75 domains)
$129
1 License/1 Month
Billed One Time
  • 75 domains
  • Unlimited scan
Buy Now Request Trial
PRO (~ domains)
$199
1 License/1 Month
Billed One Time
  • Unlimited domains
  • Unlimited scan
Buy Now Request Trial
For one-time purchases, we accept a variety of payment methods including credit cards (Visa, MasterCard, American Express, Discover, Diners Club, and JCB), PayPal, Alipay, WeChat Pay, and Afterpay/Clearpay, as well as bank debits (e.g., ACH, SEPA) from customers around the globe.
Free
$0
Free Forever
No card required
  • Limited features
  • Unlimited scan
Download Now
PRO (10 domains)
$499
1 License/1 Year
Billed One Time
  • 10 domains
  • Unlimited scans
Buy Now Request Trial
PRO (25 domains)
$899
1 License/1 Year
Billed One Time
  • 25 domains
  • Unlimited scan
Buy Now Request Trial
PRO (50 domains)
$1099
1 License/1 Year
Billed One Time
  • 50 domains
  • Unlimited scan
Buy Now Request Trial
PRO (75 domains)
$1499
1 License/1 Year
Billed One Time
  • 75 domains
  • Unlimited scan
Buy Now Request Trial
PRO (~ domains)
$1999
1 License/1 Year
Billed One Time
  • Unlimited domains
  • Unlimited scan
Buy Now Request Trial
For subscription payments, currently, we can only accept credit cards
Free
$0
Free Forever
No card required
  • Limited features
  • Unlimited scan
Download Now
PRO (10 domains)
$49
1 License/1 Month
Billed monthly
  • 10 domains
  • Unlimited scan
Buy Now Request Trial
PRO (25 domains)
$79
1 License/1 Month
Billed monthly
  • 25 domains
  • Unlimited scan
Buy Now Request Trial
PRO (50 domains)
$99
1 License/1 Month
Billed monthly
  • 50 domains
  • Unlimited scan
Buy Now Request Trial
PRO (75 domains)
$129
1 License/1 Month
Billed monthly
  • 75 domains
  • Unlimited scan
Buy Now Request Trial
PRO (~ domains)
$199
1 License/1 Month
Billed monthly
  • Unlimited domains
  • Unlimited scan
Buy Now Request Trial
For subscription payments we only support credit cards at this time.
Free
$0
Free Forever
No card required
  • Limited features
  • Unlimited scan
Download Now
PRO (10 domains)
$499
1 License/1 Year
Billed annually
  • 10 domains
  • Unlimited scans
Buy Now Request Trial
PRO (25 domains)
$899
1 License/1 Year
Billed annually
  • 25 domains
  • Unlimited scan
Buy Now Request Trial
PRO (50 domains)
$1099
1 License/1 Year
Billed annually
  • 50 domains
  • Unlimited scan
Buy Now Request Trial
PRO (75 domains)
$1499
1 License/1 Year
Billed annually
  • 75 domains
  • Unlimited scan
Buy Now Request Trial
PRO (~ domains)
$1999
1 License/1 Year
Billed annually
  • Unlimited domains
  • Unlimited scan
Buy Now Request Trial

Differences Between Vooki Pro and Free Versions

PRO
  • Unlimited Web Application Scanning
  • Ability to Add Unlimited REST APIs
  • Concurrent Scanning Capabilities
  • Scheduled Scanning Features
  • Queue-Based Scanning Options
  • Command Line Scanning Functionality
  • Multiple Authentication Scanning Options (Proxy Retrieval, Manual Cookie Entry, Simple and Complex Forms)
  • Over 10,000 Security Checks
  • Variety of Scanning Types
  • Penetration Testing Tools (Including Interceptor, Composer, and Compare)
  • Web Crawler Feature
  • Detailed Vulnerability Reports with Remediation Suggestions and Classification Information
  • HTML Reporting in Standard Format, OWASP 2021, OWASP 2017, OWASP API 2019, PCI-DSS, and CWE
  • Import/Export of web scanned data
  • PDF Reporting in Standard Format, OWASP 2021, OWASP 2017, OWASP API 2019, PCI-DSS, and CWE Import/Export Options for REST API Projects
  • Capability to Import/Export Postman Collections
  • Accessible Help Center
  • Predefined Service Level Agreements (SLAs)
  • Integration with Jira
  • Continuous Integration/Continuous Deployment (CI/CD) Pipeline Support
  • Availability of Linux Version
Free
  • Unlimited Web Application Scans (One Scan at a Time)
  • Limit of Adding 20 REST APIs Only
  • Concurrent Scanning Capabilities
  • Scheduled Scanning Features
  • Queue-Based Scanning Options
  • Command Line Scanning Functionality
  • Multiple Authentication Scanning Options (Proxy Retrieval, Manual Cookie Entry)
  • Over 10,000 Security Checks
  • Variety of Scanning Types
  • Penetration Testing Tools (Including Interceptor, Composer, and Compare)
  • Web Crawler Feature
  • Detailed Vulnerability Reports with Remediation
  • HTML Reporting in Standard Format, OWASP 2021, OWASP 2017, OWASP API 2019, PCI-DSS, CWE
  • Import/Export of web scanned data
  • PDF Reporting in Standard Format, OWASP 2021, OWASP 2017, OWASP API 2019, PCI-DSS, and CWE Import/Export Options for REST API Projects
  • Capability to Import/Export of REST API projects
  • Capability to Import/Export Postman Collections
  • Accessible Help Center
  • Predefined Service Level Agreements (SLAs)
  • Integration with Jira
  • Continuous Integration/Continuous Deployment (CI/CD) Pipeline Support
  • Availability of Linux Version

Effortless Vulnerability Detection with Vooki’s Automated REST API Scanner

Vooki’s REST Application Scanner is a sophisticated automated tool designed for effortless scanning and detection of vulnerabilities within REST APIs. In addition to API testing, Vooki provides the convenience of importing essential data directly from Postman.

Designed with precision, Vooki’s REST API Vulnerability Scanner offers specialized functions:

  • Scanning APIs within an application efficiently.
  • Identifying and highlighting security flaws accurately.
  • Presenting detected vulnerabilities in a comprehensible manner for easy understanding.

To utilize these features, simply execute the API, run the scan, and observe the security vulnerabilities identified and displayed for your review.

REST API Vulnerability Scanner

Vooki
  • Separate user interface for API.
  • Add project/API end-points and test it.
  • 10000+ vulnerabilities detection.
  • Environment variables.
  • Import/Export project.
  • Import/Export environment variable.
  • Imports collection and environment variables from Postman.
  • Vulnerability dashboard.
  • Compliance report.
  • Run pipeline scan from command line.
  • Vulnerability report generation.
  • Reports with all relevant remediation.
  • Supported on Windows,MacOS and Linux.

Vooki’s sample report begins with a concise summary of risk findings and their respective ratings. Each finding is accompanied by a detailed explanation, outlining the associated risks and providing recommendations for addressing the identified vulnerabilities. These vulnerabilities are systematically classified according to their level of risk. You are encouraged to download and review the sample report for your reference.

Vooki’s REST API Vulnerability Scanner sample report

REST API Vulnerability Scanner

Sample report

VOOKI - Web Application Vulnerability Scanner

Vooki’s Web Application Security Scanner serves as an automated, efficient tool designed for rapid scanning and detection of a wide range of vulnerabilities in web applications. Within minutes, not only does it pinpoint the straightforward vulnerabilities, but it also identifies intricate issues that typically require substantial human effort to detect. Furthermore, it boasts a lower false positive rate compared to numerous other scanners available in the market.

Engage in web application scanning with Vooki for a satisfying, comprehensive security assessment experience. Vooki’s scanner is holistically designed, incorporating various modules to perform in-depth, approachable scanning. To instill confidence and demonstrate its value, Vooki offers not only a premium commercial version but also a free version for users looking to explore its capabilities without initial investment.

Web app scanner

Vooki

A Full Scan by Vooki meticulously examines all URLs collated from the browser, encompassing advanced features like web-spidering and CSRF token bypass for thorough analysis. The process involves a comprehensive review of all pages within the target web application. Moreover, it adeptly navigates through intricate login mechanisms, scanning pages situated behind authorization protocols to identify potential vulnerabilities. Engaging in a Full Scan provides a robust shield against security breaches by pinpointing and mitigating risk areas within your website. For a website fortified against unforeseen security threats, we highly recommend utilizing Vooki’s Full Scan feature for an in-depth, reliable vulnerability assessment.

Ideal for websites without authentication requirements and for static sites, Vooki's Basic Scan provides a reliable security assessment solution. This fundamental scan comes equipped with a default crawler, initiating its process by crawling through the site, aggregating URLs, and proceeding with the scan. The outcome of the Basic Scan offers dependable results, presenting a security snapshot for your unauthenticated and static websites. Engage with the Basic Scan for a straightforward, trustworthy evaluation of your site’s security landscape.

The Penetration Testing tab within Vooki is equipped with both an HTTP(S) interceptor and an HTTP request composer, creating an environment conducive for proficient penetration testing. Users have the capability to edit, drop, and subsequently send HTTP requests directly to the server. Additionally, Vooki introduces a Composer tab, a feature allowing users to modify and dispatch HTTP(S) requests to servers. There is also a Compare tab available, designed for users to juxtapose two HTTP requests or HTTP Response, highlighting the differences between them. This function proves invaluable during penetration testing, aiding in the identification and analysis of variances in requests. These distinctive, user-friendly features collectively facilitate a streamlined and effective penetration testing process, contributing to a thorough and reliable security assessment for web applications. Engage with Vooki’s intuitive Penetration Testing tools for a superior, secure testing experience.

The Vooki Crawler conducts thorough scanning of your website, identifying and listing all available web pages on the specified domain. This in-depth process ensures that all URLs are captured and conveniently displayed under the "Captured URL" tab for easy access and review. Engage with the Vooki Crawler for a comprehensive overview and collection of your website's URLs, enhancing your site's security assessment and management process.

The Domain & Host Scanner by Vooki meticulously sweeps through your entire website, extracting crucial data that includes information on open ports, the server, DNS configurations, web archives, certificate details, the geographical location of the server, and 'Whois' data. This comprehensive scan provides an array of significant insights, aiding in a better understanding of your website's infrastructure and security landscape. Engage with the Domain & Host Scanner for a holistic view and in-depth analysis of your website’s crucial components and configurations.

Vooki’s Cryptography section is comprised of the following essential modules:

  • Encoder/Decoder: This module facilitates the conversion of data into different formats, assisting users in encoding and decoding information efficiently.
  • Encryption: The Encryption module is designed to secure your data by converting it into a code to prevent unauthorized access. It is a crucial tool for safeguarding sensitive information within your web applications.
  • Hashing: The Hashing module is integral for the generation of a value or values from a string of text in a way that is nearly impossible to turn back into the original string. It is vital for the secure storage and transmission of data.

These modules collectively offer a suite of tools that are indispensable for ensuring the secure handling, transmission, and storage of data within your web applications, providing users with a robust set of cryptographic utilities.

Vooki’s sample report begins with a concise summary of risk findings and their respective ratings. Each finding is accompanied by a detailed explanation, outlining the associated risks and providing recommendations for addressing the identified vulnerabilities. These vulnerabilities are systematically classified according to their level of risk. You are encouraged to download and review the sample report for your reference.

Vooki’s web application vulnerability scanner sample report.

Web app scanner

Sample report

Vooki's free version has garnered over 70,000 downloads worldwide.

Windows

  • Size (212 MB)
  • Current Version (4.0.11)
Download

macOS

  • Size (275 MB)
  • Current Version (4.0.9)
Download

System Requirements

Operating Systems:
  • MacOS(64bit)
  • Windows(64bit)
  • Linux all distribution(64bit)
    Note: Linux version is only available with the Pro plan.
RAM Requirements:
  • Minimum 4GB of RAM for scanning simple websites.
  • 16GB of RAM is necessary for scanning medium-sized websites.
  • For larger websites, 32GB of RAM is required.
Storage:
  • 10GB of available disk space

We have been assisting customers worldwide with our other product.

Vooki Android App vulnerability scanner( Yaazhini )

Android App(APK & API) vulnerability scanner.