VAPT Tools
Vulnerability Assessment and Penetration Testing (VAPT) is a range of security testing services to identify and address cybersecurity vulnerabilities.
Helium offers a variety of VA Scanners and Pentest Tools. Below are the different types available.
VA Scanner
| VA Scanner | Function |
|---|---|
| Website Scanner | Discover vulnerabilities in web applications, including Log4j, SQL Injection, and XSS. |
| Network Scanner | Discover outdated network services, insecure software configuration, missing security patches, and more vulnerabilities. |
| API Scanner | Users can identify potential vulnerabilities and improve IoT network security. |
| Mobile Apps Scanner | Discover vulnerabilities that affect mobile apps (Android and iOS), including insecure data storage and poor client code quality. |
To use the Mobile Apps Scanner tool, users can only access it via the navigation menu.
Pentest Tools
| Pentest Tools | Function |
|---|---|
| Bruteforce | Find service credentials on Web Apps, SSH, FTP, MySQL, Telnet, and more. |
| CMS Scanner | Detecting security flaws of the foremost popular CMSs. |
| Find DNS | Find name servers of a target domain vulnerable to DNS Zone. |
| Find Git Exposure | Discover source code via the exposed .git folder. |
| Find Open Ports and Services | Discover network services, operating systems, misconfigurations, and more. |
| Find Security Headers | Discover the Security Header policies in place and add another level of protection that can stop common attacks such as code injection, XSS attacks, and clickjacking. |
| Find Subdomain | Discover subdomains and enumerate the vulnerabilities. |
| Find Website Directory | Discover hidden directories and files on a website, making it easier for you for information gathering. |
| Find Website Tech | Find useful information about the technologies a target web application uses - server-side and client-side. |
| Google Hacking | A hacker technique called Google dorking uses Google Search and other Google apps to search for vulnerabilities in website code and configuration. |
| SQLI Exploitation | Discover SQL Injection vulnerabilities in web applications. |
| Website Recon | Find useful information about Misconfiguration and sensitive folders/files used by a target web application - server-side and client-side. |
| Whois Lookup | Discover data about an Internet resource such as a domain name or IP address. |
| XSS Scanner | Discover Cross-Site Scripting (XSS) vulnerabilities in web applications. |
| XSS Hunting | Assuring your Proofs-of-Concept and demonstrating the risk of XSS vulnerabilities in web applications. |
To use the Google Hacking dan XSS Hunting tool, users can only access it via the navigation menu.
Users can access the tools via the navigation menu by clicking on "VAPT Tools". If the user chooses to perform scanning via the navigation menu, then the user must enter the required target values. This is different from scanning via the targets page because the target value is entered at the beginning when adding the target. Once the scanning process is complete, users will receive a notification via email, and if they have integrated with Telegram or Slack, they will also receive notifications via both platforms.