Yaazhini - Free Android APK & API Vulnerability Scanner

Yaazhini is a free vulnerability scanner for android APK and API. It is a user-friendly tool that you can easily scan any APK and API of android application and find the vulnerabilities. Yaazhini includes vulnerability scan of API, the vulnerability of APK and reporting section to generate a report. Yaazhini includes Android APK Scanner and API Scanner

20000+ Downloads

Vooki - Free web application vulnerability scanner.

Prithvi - Report generation tool for Security Assessment.

System Requirements

Operating Systems Mac OSX(64bit), Windows(64bit & 32bit)
RAM Minimum Usage 4GB of available memory. 16GB required for larger Android Apps
Storage 10GB of available disk space
Dependency Software JDK 1.8+

Use website vulnerability scanner for Third Party

If you are a Android application development firm, you can show your clients the security scan reports and prove that you have implemented the proper security tool for security measures in the Android applications and its API.

Yaazhini - Free Android APK & API Vulnerability Scanner

Yaazhini have two modules which are

  • Yaazhini - Free Android Application APK Vulnerability Scanner
  • Yaazhini - Free Android Application REST API Vulnerability Scanner
Yaazhini - Free Android APK & API Vulnerability Scanner

Yaazhini - Android Application APK Scanner

Yaazhini android application is one of our pioneer products which help us to scan the android application APK to scan and find its vulnerabilities which are mistakenly committed by developers. It's easy and free to use.

Android Application APK Scanner

How to use Yaazhini - Android Application APK Scanner

There we have several modules in the Yaazhini tool, we will explain how to use each one of them separately. Follow these steps:

Steps to perform scan

  • Start the Yaazhini application.
  • Provide the project name.
  • Select the android APK file.
  • Click on Upload & Scan button.
  • After the scan gets completed, it will provide all details of vulnerability

Steps to generate report

  • As the scan gets completed it will take you to the main page where you can see details.
  • Right-click on the node of the project you want to generate report.
  • Click on Generate Report.
  • Save the report at preferred location.

Advantages of Yaazhini - Android Application APK Scanner

  • Scan Android APK by just one click.
  • Provide the detail and recommendation of the vulnerabilities.
  • It finds the permissions, activities, recievers and services used in the application .
  • We see the source code of the APK and download it.
  • Generate and save the report at preferred location.

Yaazhini - Android Application Rest API Scanner

Yaazhini REST API scanner is an automated tool to scan and detect vulnerabilities in REST API. It has very useful features which could detect the vulnerabilities with ease.

Android Application Rest API Scanner

How to use Yaazhini - API Scanner

There we have several modules in the Yaazhini API scanner, we will explain how to use each one of them separately. Follow these steps:

Steps to perform scan

  • Start the Yaazhini application.
  • Select the device type.
  • Provide the PORT number for incoming proxy.
  • Click on Next button.
  • Now set the proxy of device to the Yaazhini and traverse through the app
  • Right-click on node appearing on Yaazhini tool and click on the scan.

Steps to generate report

  • As the scan gets completed it will show all the vulnerabilities and its details with recommendation.
  • Right-click on the node on the of the project you want to generate report.
  • Click on Generate Report.
  • Save the report at preferred location.

Advantages of Yaazhini - API Scanner

  • Scan API with ease.
  • It finds the various vulnerabilities available in the API.
  • Provide the detail and recommendation of the vulnerabilities.
  • Generate and save the report at preferred location.

Yaazhini – Android Application Rest API Scanner can help you to find the following attacks

  • SQL Injection
  • Command Injection
  • Header Injection
  • Cross-site scripting – reflected.
  • Cross-site scripting – stored.
  • Cross-site scripting – DOM based.
  • Missing security headers
  • Sensitive Information disclosure in response headers
  • Sensitive Information disclosure in error messages
  • Missing Server Side input Validation
  • Unwanted use of HTTP methods
  • Improper HTTP Response and 50+ more

Sample Reports for Yaazhini

Yaazhini-Android APK Scanner Sample report starts with a quick summary of the findings and risk ratings. Each finding has a detailed explanation in terms of risk and recommendations about the vulnerability. The vulnerabilities are ordered by the risk level.
Get Here: Yaazhini-Android APK Scanner Sample Report.

Yaazhini -Mobile Application Scanner Sample report Sample report starts with a quick summary of the findings and risk ratings. Each finding has a detailed explanation in terms of risk and recommendations about the vulnerability. The vulnerabilities are ordered by the risk level.
Get Here: Yaazhini- Mobile Application Scanner Sample report.

Release Notes of Yaazhini

Yaazhini Upcoming Versions

  • Waiting for your feedback and suggestions.

Yaazhini 0.0.6 (25-Oct-2019)

Fixes :

  • Supports JDK version 1.8 or higher.
  • Performance level issues fixed.

Yaazhini 0.0.5 (11-Sep-2019)

Fixes :

  • Performance level issues fixed.
  • NO XML issue fixed.
  • Reverse Engineering the APK file issues fixed.
  • Report alignment issues fixed.

Enhancements :

  • APK Reverse Engineering enhanced (update the JDK to 1.8 or higher version).
  • Added libraries used in the Yaazhini APK Scanner.
  • Vulnerability view changed to tree structure. (More user friendly to find issues with high severity)
  • Linked URL's in the APK file added in the Yaazhini APK Scanner.
  • Reporting issues in the API scanner tool and APK scanner tool included.
  • Option to change incoming proxy in the Yaazhini API Scanner added.

Yaazhini 0.0.4 (01-Aug-2019)

Fixes :

  • Scanned date issue fixed.
  • White theme issue fixed.
  • Viewing the source code issues fixed.

Enhancements :

  • Downloading source code of APK added in the Yaazhin APK Scanner.
  • Viewing binary files validation added in the Yaazhin APK Scanner.
  • Updated the recommendation and details for various vulnerabilities.

Yaazhini 0.0.3 (31-July-2019)

Fixes :

  • Performance level issue fixed.
  • Clearing the view on delete or change of project selection fixed.

Enhancements :

  • Direct switching from Android APK Scanner to Android API Scanner and vice versa added.
  • New themes added.
  • Overall view of both Android API Scanner and Android APK Scanner changed.
  • Viewing tutorial inside the application itself added.
  • Summary of the scan added on APK scan.
  • Highlight included for fouded vulnerabilities.
  • Updated the report generated in both Android API Scanner and Android APK Scanner.
  • Viewing source code of APK added in the Yaazhin APK Scanner.
  • Outgoig nProxy added in the Yaazhini API Scanner.
  • 5 new vulnerabilities added.

Yaazhini 0.0.2 (28-Mar-2019)

Fixes :

  • UI level multiple fixes in Android API Scanner and Android APK Scanner.
  • Validation added in the input fields.
  • Auto update issue fixed.
  • Alignment issue in the generated report is fixed

Enhancements :

  • Loading the saved data added in Android API Scanner.
  • Additional 4 vulnerabilities added
  • Viewing recent scan in the Android APK Scanner included.

Yaazhini 0.0.1 (28-Feb-2019)

Fixes :

  • Major bug fixes.
  • Alignment Issues fixed

Enhancements :

  • Option to change vulnerabilities status from 'Issue' to 'Not an Issue' is added.
  • Switching from APK to API scanner added.
  • Included viewing Activities, Services, Recievers and Permissions in the Android APK Scanner.
  • Auto update included.
  • New vulnerabilities added in both Android API Scanner and Android API Scanner.

Yaazhini Beta Version (14-Feb-2019)

  • Build to scan vulnerabilities in Android application.
  • Finds top OWASP vulnerabilities.
  • Have two different scanners:
         i. Android APK Vulnerabilities Scanner
         ii. Android API Vulnerability Scanner
  • Finds vulnerabilities in APK file.
  • Finds vulnerabilities in API of Android application.
  • Proxy enabled to intercept traffic in Android API Scanner.
  • Provide details and recommendation for vulnerabilities for both Android API Scanner and Android API Scanner.
  • Highlight the issues found.
  • Generates Report in both Android API Scanner and Android API Scanner..
  • Save scanned data in both Android API Scanner and Android API Scanner.