The development of Pen-testing tools is no longer limited only to the PC environment. Many developers working on building tools for the Android platform.
We no longer need to assemble any portable custom built PCs to carry everywhere with us. The tools made for Android are easier to use and cleaner interface. They look really amazing.
Vulners Scanner tool has those qualities also. This application is made for the purpose of vulnerability scanning using Android by Vulner Team. The application looks really great and cool. It gives the vulnerability risk in the form of a score. The tests it performs are completely legal. It doesn’t perform any malicious requests, fuzzing.
But as the tool is in development, it has some issues. As the tool use passive methods for scanning sometimes its results could be false positive. Its report cannot be used as evidence as a vulnerability. To get the best result for the vulnerabilities should be validated manually with user interaction using some kind of advanced software like PortSwigger Burp suite with Vulners plugin.
Download the tool from the Google Play store. Now just put the URL of the Web server you want to scan.
For testing purposes, we used a PHP vulnerable sandbox from Hack.me. If you want to test it too legally go to Hackme and search for a PHP vulnerable sandbox. There are many creators on this site who offer vulnerable sandbox.
We scanned the sandbox and you can see the result.
We found many critical risks and Vulners scanner giving the score 10 out of 10. That’s a really big issue. That’s it. Try your own.
These tools contribute a lot to the Android Pen-testing field. Many people still believe that we need a good PC setup to be a Pen-tester but these tools made for Android showing that the only thing you need is talent, knowledge and rest of it can be done with just an Android.
These tools increasing the willing power of the students to learn something about Pen-testing. This is really great work.