VOOKI - Free Vulnerability Scanner (DAST Tool)

Audit your web security with Vooki. It is a free web application vulnerability scanner which gives us a perfect scan report about the scanned networks, applications. It is a user-friendly tool that you can easily scan any web application and find security vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner and reporting section.

60000+ Downloads

Yaazhini - Free vulnerability scanner for android APK and API.

Prithvi - Report generation tool for Security Assessment.

System Requirements

Operating Systems Mac OSX(64bit), Windows(64bit & 32bit)
RAM Minimum Usage 4GB of available memory. 16GB required for larger Websites
Storage 10GB of available disk space

Use website vulnerability scanner for Third Party

If you are a web development firm, you can show your clients the security scan reports and prove that you have implemented the proper security tool for security measures in the web applications.

VOOKI - Free Vulnerability Scanner (DAST Tool)

Vooki have two modules which are

  • VOOKI - Free Web Application Vulnerability Scanner
  • VOOKI - Free REST API Vulnerability Scanner
Vooki Application Vulnerability Scanner

Web Application Scanner

Vooki web application scanner is an automated tool to scan and detect vulnerabilities in web applications. Our tool help in finding out vulnerabilities with ease. Vooki is very easy and effective.

Web Application Vulnerability Scanner

Vooki – Web Application Scanner can help you to find the following attacks

  • SQL Injection.
  • Command Injection.
  • Header Injection.
  • Cross-site scripting – reflected.
  • Cross-site scripting – stored.
  • Cross-site scripting – dom based.
  • Missing security headers.
  • Malicious JS script execution.
  • Using components with known vulnerabilities.
  • Jquery Vulnerabilities.
  • Angularjs Vulnerabilities.
  • Bootstrap Vulnerabilities.
  • Sensitive Information disclosure in response headers.
  • Sensitive Information disclosure in error messages.
  • Missing Server Side Validation.
  • Javascript Dynamic Code Execution.
  • Sensitive Data Exposure and 50+ more

How to use Vooki Web Vulnerability Scanner

In the Vooki web application scanner, we have many types of scans, those scan types are as follows:

Full Scan

Full Scan checks all the collected URLs from the browser. It includes web spidering and CSRF token bypass. Full Scan checks all the web application vulnerabilities. This is the scan we recommend you to perform on your website.

Steps to perform Full Scan

  • Start Application.
  • Connect the browser proxy to Vooki port.
  • Visit all the pages of your web application.
  • Right-click on node appearing on Vooki tool and click on the scan.
  • After the scan gets completed right click on the project and generate.

Basic Scan

Basic scan checks the URLs which are collected from spidering. The basic scan is good for the websites do not have authentication. Basic Scanner has the facility to save scanned data and generate the report.

Steps to perform Basic Scan

  • Start Application.
  • Provide the full URL and click on Scan.
  • After the scan gets completed right click on the project and generate.

Spidering

Vooki Spidering performs in-depth scanning in your website. You can identify the webpages exposed on the website, based on the collected URL's available in `Captured URL` tab.

Steps to perform Spidering

  • Start Application.
  • Provide the full URL and click on Scan.

Domain & Host Scan

Domain and Host scanner scans your website and finds information about it. That information is as follows

  • Server information
  • DNS information
  • Open Ports of server
  • Archive information of server
  • Geo Information of server
  • SSL certificate
  • who is information of domain

Steps to perform Domain & Host Scan

  • Start Application.
  • Provide the full URL and click on Scan.

Rest API Scanner

Vooki REST application scanner is an automated tool to scan and detect vulnerabilities in REST API. Our tool help in finding out the vulnerabilities with ease. Vooki is very easy and effective. Vooki includes features to import the data from Postman.

Rest API Scanner

Vooki – Rest API Scanner can help you to find the following attacks

  • SQL Injection
  • Command Injection
  • Header Injection
  • Cross-site scripting – reflected.
  • Cross-site scripting – stored.
  • Cross-site scripting – dom based.
  • Missing security headers
  • Sensitive Information disclosure in response headers
  • Sensitive Information disclosure in error messages
  • Missing Server Side input Validation
  • Unwanted use of HTTP methods
  • Improper HTTP Response and 50+ more

How to use Vooki Rest Scanner

Steps to perform Vooki REST Scan

  • Start Application.
  • Create a new Project.
  • Add the new request in the created project.
  • Provide proper headers, URL, and data.
  • Save and run the scan from the menu bar.
  • After scan gets completed click on generate report from the menu bar.

Sample Reports for Vooki

Vooki Sample report starts with a quick summary of the findings and risk ratings. Each finding has a detailed explanation in terms of risk and recommendations about the vulnerability. The vulnerabilities are ordered by the risk level.
Get Here: Free Web Application Vulnerability Scanner sample report.

.

Vooki Sample report starts with a quick summary of the findings and risk ratings. Each finding has a detailed explanation in terms of risk and recommendations about the vulnerability. The vulnerabilities are ordered by the risk level.
Download the Rest API Scanner sample report.

Release Notes of Vooki

Vooki Upcoming Versions

  • Waiting for your feedback and suggestions.

Vooki 3.0.6 (09-Oct-2019)

Fixes :

  • URL highlight issue fixed.
  • XSS issue fixed.

Enhancements :

  • 5 new vulnerabilities added.
  • Warning issues added.

Vooki 3.0.5 (04-Oct-2019)

Fixes :

  • Appropriate messages updated.
  • Alignment issue for the smaller screen size fixed.
  • Scan issue fixed.

Enhancements :

  • Updated spidering for better result.

Vooki 3.0.4 (31-Aug-2019)

Fixes :

  • Unexpected closing issue fixed.
  • Unable to generate report issue fixed.

Enhancements :

  • New method 'OPTIONS' added in REST Vulnerability Scanner.
  • HTTPS outgoing proxy in both Web Vulnerability Scanner and REST Vulnerability Scanner improved.

Vooki 3.0.3 (29-July-2019)

Fixes :

  • UI isues fixed in MAC version.
  • Environment variable issue fixed.

Enhancements :

  • Spidering schema changed.
  • Added Search engine crawling.

Vooki 3.0.2 (23-July-2019)

Fixes :

  • Copy paste headers of REST Vulnerability Scanner fixed.
  • Highlight issue fixed.

Enhancements :

  • One new vulnerability added.

Vooki 3.0.1 (12-July-2019)

Fixes :

  • Scanned project and total vulnerabilities issue fixed.
  • Launch browser port issue fixed.
  • Alignment issue in black theme fixed.

Enhancements :

  • Report generated updated.

Vooki 3.0.0 (28-June-2019)

Fixes :

  • Incoming proxy issue with proper message fixed.
  • Scanned data clearing on delete fixed.

Enhancements :

  • Basic Scan to scan an URL is added.
  • Spidering is added.
  • Domain & Host Scan is added.
  • Saving all scanned data in both REST Vulnerability Scanner and Web Vulnerability Scanner added.
  • Option to load old saved data in Web Vulnerability Scanner added.
  • Option to switch from Web Vulnerability Scanner to REST Vulnerability Scanner and vice versa added.
  • Outgoing proxy for both Web Vulnerability Scanner and REST Vulnerability Scanner added.
  • Tutorial tab to view them inside the Vooki Vulnerability Scanner itself added.
  • Complete view for Web Vulnerability Scanner and REST Vulnerability Scanner changed.
  • Option to add Environment variable added.
  • Option to load Postman exported collection and environment variable added.
  • 7 more vulnerabilities added.
  • Search option to see the URL or in a large project in REST Vulnerability Scanner is added.
  • Option to launch browser from Vooki application added.

Vooki 2.0.0 (19-Oct-2018)

Fixes :

  • UI level multiple fixes in REST Vulnerability Scanner and Web Vulnerability Scanner.
  • IP address issue fixed.
  • Auto update issue fixed.
  • Alignment issue in the generated report is fixed.

Enhancements :

  • Option to save scanned data is added in both REST Vulnerability Scanner and Web Vulnerability Scanner.
  • Additional 5 vulnerabilities added.
  • Option to change vulnerabilities status from 'Issue' to 'Not an Issue' is added.

Vooki 1.0.0 (18-July-2018)

Fixes :

  • Major bug fixes.
  • Alignment Issues fixed.

Enhancements :

  • Included the outgoing proxy in the REST Vulnerability Scanner.
  • Added themes.
  • Generating report.
  • Added themes.
  • Auto update included.
  • New vulnerabilities added.

Vooki Beta Version (01-June-2018)

  • Build to scan vulnerabilities.
  • Finds top OWASP vulnerabilities.
  • Have two different scanners :
         i. Web Vulnerability Scanner
         ii. REST Vulnerability Scanner
  • Spider the web pages.
  • CSRF token bypass.
  • Proxy enabled to intercept traffic.
  • Provide details and recommendation for vulnerabilities.
  • Highlight the issues found.
  • In REST Vulnerability Scanner could include headers also update raw headers and change request method.