Yaazhini is the vulnerability scanner for android application APK and REST api service. This tool is widely used in many corporate companies to find vulnerabilities.
Why Yaazhini?
- Easy to use
- Scans android APK and Rest API
- Scan Android APK by just one click
- Scan Android Application REST API (emulator, device)
- Most and major vulnerabilities are covered
- Provides Vulnerability Details
- Generates Vulnerability Report
- Vulnerability and Risk level is provided
- Generates report and more
In Yaazhini we have two sections Yaazhini - Android Application APK Scanner & Yaazhini - Android Application API Scanner. These two section have separate facilities which gives boost to security and shows exact vulnerability.
Yaazhini - Android Application APK Scanner
In the APK scanner we have to upload the .apk file and click on scan, it automatically scans and displays all vulnerabilities available in the APK file.
Facilities of Yaazhini - Android Application APK Scanner
- Reverse Engineer the APK
- Shows all file like Android manifesto
- Can download source code
- Finds vulnerability of APK and other files
- Generates the report and more
Yaazhini - Android Application API Scanner
In this API scanner of yaazhini tool captures all request passing from device or emulator and send to yaazhini tool and later it scan for vulnerability and displays vulnerabilities.
Facilities of Yaazhini - Android Application API Scanner
- Intercept request from Android device and also from emulator
- Uses the OWASP top 10 standard
- Finds major vulnerabilities available in the API
- Generate reports and more
List of Vulnerabilities Covered in Yaazhini Android Application REST API Scanner
- SQL Injection
- Command Injection
- Header Injection
- Cross-site scripting – reflected
- Cross-site scripting – stored
- Cross-site scripting – DOM based
- Missing security headers
- Malicious JS script execution
- Using components with known vulnerabilities
- JQuery Vulnerabilities
- Angularjs Vulnerabilities
- Bootstrap Vulnerabilities
- Sensitive Information disclosure in response headers
- Sensitive Information disclosure in error messages
- Missing Server Side Validation
- JavaScript Dynamic Code Execution
- Sensitive Data Exposure and more