How to Use Yaazhini to Scan Security Vulnerabilities in Android APK API

Windows Version: [Click to Download】(98.7MB)

macOS Version: [Click to Download】(75.8MB)

System Requirements

Operating System: macOS (64-bit), Windows (64-bit & 32-bit)

Runtime Memory: Minimum runtime memory is 4GB, recommended runtime memory is 16GB (for large Android projects)

Disk Space: 10GB of disk space

Required Components: Java 1.8+

Advantages of Yaazhini

1. One-click scanning of Android APK files;

2. Support scanning Android application REST API (simulator or physical device);

3. Generate formatted scan reports;

4. Free to use;

5. Simple operation, friendly interface;

Yaazhini-Android application APK scanning

APK scanning function demonstration:

Usage steps:

1. Open the Yaazhini application;

2. Enter the project name;

3. Upload the APK file to be scanned;

4. Click the 'Upload & Scan' (Upload & Scan) button;

5. After the scan is completed, we will see the detailed vulnerability scan report;

Yaazhini-Android application REST API scanning

Yaazhini-Android application REST API scanning function can help us find and identify the following attack forms:

1. SQL injection

2. Command injection

3. Header injection

4. Cross-site scripting XSS

5. Missing security headers

6. Sensitive information leakage in response headers

7. Sensitive information leakage in error messages

8. Missing server-side input validation

9. Forbidden HTTP methods

10. Incorrect HTTP responses, etc.

Yaazhini-Android application REST API scanning function demonstration:

Demonstration video

Usage steps:

1. Open the application

2. Test the mobile device

3. Create a new project

4. Add a new request to the created project

5. Provide the correct Header, URL, and other data

6. Save and run the scan

7. Click to generate the report after the scan is completed

Yaazhini report sample

The Yaazhini Android APK scanner report includes an overview of the scan results and risk ratings for the risks found. In addition, it provides detailed descriptions and introductions for each detected security risk, along with vulnerability mitigation strategies. The sequence of vulnerabilities in the report is sorted according to the level of danger.

Report sample：【Click to get】

The Yaazhini mobile application scanner report includes an overview of the scan results and risk ratings for the risks found. In addition, it provides detailed descriptions and introductions for each detected security risk, along with vulnerability mitigation strategies. The sequence of vulnerabilities in the report is sorted according to the level of danger.

Report sample：【Click to get】

Project official website

Yaazhini：【Official website link】

* Reference source:vegabirdFB editor Alpha_h4ck compiled, please indicate the source as FreeBuf.COM when reproduced

你可能想看：

Ensure that the ID can be accessed even if it is guessed or cannot be tampered with; the scenario is common in resource convenience and unauthorized vulnerability scenarios. I have found many vulnerab

Different SRC vulnerability discovery approach： Practical case of HTTP request splitting vulnerability

Announcement regarding the addition of 7 units as technical support units for the Ministry of Industry and Information Technology's mobile Internet APP product security vulnerability database

A brief discussion on the methods of discovering vulnerabilities in business systems from the perspective of management

Data security can be said to be a hot topic in recent years, especially with the rapid development of information security technologies such as big data and artificial intelligence, the situation of d

1. How to use Web Cache Vulnerability Scanner to detect web cache poisoning

2.3 Security vulnerabilities similar to cross-site scripting