The development of Pen-testing tools is no longer limited only to the PC environment. Many developers working on building tools for the Android platform.
Vulners Scanner tool has those qualities also. This application is made for the purpose of vulnerability scanning using Android by Vulner Team. The application looks really great and cool. It gives the vulnerability risk in the form of a score. The tests it performs are completely legal. It doesn’t perform any malicious requests, fuzzing.
But as the tool is in development, it has some issues. As the tool use passive methods for scanning sometimes its results could be false positive. Its report cannot be used as evidence as a vulnerability. To get the best result for the vulnerabilities should be validated manually with user interaction using some kind of advanced software like PortSwigger Burp suite with Vulners plugin.
Let’s see the best work Vulners Scanner can do.
Vulners Scanner on Android
For testing purposes, we used a PHP vulnerable sandbox from Hack.me. If you want to test it too legally go to Hackme and search for a PHP vulnerable sandbox. There are many creators on this site who offer vulnerable sandbox.
We scanned the sandbox and you can see the result.
We found many critical risks and Vulners scanner giving the score 10 out of 10. That’s a really big issue. That’s it. Try your own.