API Penetration Test – With Vooki REST API Vulnerability Scanner

VOOKI – REST API Vulnerability Scanner

What is VOOKI

Vooki REST application scanner is an automated tool to scan and detect vulnerabilities in REST API.It is a free web application vulnerability scanner which gives a scan report about the scanned networks, applications. It is a user-friendly tool that can easily scan any web application and find security vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner and reporting section. It includes features to import the data from Postman.

Refer the link to Download Vooki  for Mac and Windows

Vooki have two modules that are:-

  1. VOOKI – Web Application Vulnerability Scanner
  2. VOOKI – REST API Vulnerability Scanner

Rest API Scanner:-

Vooki REST application scanner is an automated tool to scan and detect vulnerabilities in REST API.

Vooki – Rest API Scanner can help to find the following attacks

  • SQL Injection
  • Command Injection
  • Header Injection
  • Cross-site scripting – reflected.
  • Cross-site scripting – stored.
  • Cross-site scripting – dom based.
  • Missing security headers
  • Sensitive Information disclosure in response headers
  • Sensitive Information disclosure in error messages
  • Missing Server Side input Validation
  • Unwanted use of HTTP methods
  • Improper HTTP Response

Steps to perform Vooki REST Scan

  1. Start Application.
  2. Create a new Project.
  3. Add the new request in the created project.
  4. Provide proper headers, URL, and data.
  5. Save and run the scan from the menu bar.
  6. After scan gets completed click on generate report from the menu bar.

Vooki includes features to import the data from Postman.

 How to import Postman Environment Variable?

  • In the menu bar click on the Import > Postman > Import Postman Collection.
  • Select the exported file from the postman .

 

How to use Environment Variable?

  • To add the new environment variable click on setting button on top right corner of the application and add new environment variable and its name with value.
  • Now to make use of it in the project to include the variable with double curly braces as {{Variable_name}}
  • Now if we include this anywhere, it will replace the value given during runtime of scan.

Comments