• Diniz Martins

Vega | Web Security Scanner

Vega is a free and open source web security scanner and web security testing platform to test the security of web applications. It can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information and other vulnerabilities. It is written in Java, GUI based and runs on Linux, OS X, and Windows.

When you start Vega for the first time, you will be in the scanner perspective. Vega has two perspectives: The scanner, and the proxy. We'll start the introduction with the scanner. The Vega scanner is an automated security testing tool that crawls a website, analyzing page content to find links and form parameters. Vega finds injection points, referred to as path state nodes, and runs modules written in Javascript to analyze them. Vega also runs Javascript modules on all responses sent back from the server during the scan.


Vega scans websites recursively, building an internal representation of the site in a tree-like data structure comprised of entities known as "path state nodes". Path state nodes can be directories, files, or files with POST or GET parameters. Complex websites can result in long scans and large path state data structures, so Vega offers configurable parameters that limit the scan scope in the scanner preferences. To access these parameters, click on the Window menu item and choose "Preferences". There are two sets of preferences associated with the scanner: Scanner preferences and Scanner debugging. Select Scanner debugging.


◾️ You can download Vega file right HERE ◾️


First test on Vega:

- Click on “Start New Scan” button in the top left corner. A new pop-up would open-up.

- Enter the website’s URI to scan it against vulnerabilities and loopholes. After entering all the details hit the “Next” button and choose the modules to run, It is recommended to choose all the modules for better testing and after you finish it, You will the scanner in progress and once the scan is completed you would see the results.


Vega will start crawling the target web application. Vega sends many requests. This is because in addition to analyzing the page content, the crawling engine does several tests on each potential path, trying to determine if it is a file or a directory. Vega also compares pages to each other, and tries to figure out what the 404 page looks like. Vega modules also send their own requests.

The scan progress will be indicated with a progress bar. Note that the total number of links to crawl will grow as Vega discovers new ones and generates variations to perform the above described tests, so the finish time will be a moving target. The preferences described at the start of this tutorial control the parameters that limit scope of the scan.

To stop an active scan, click the red icon with an "x" next to the new scan button.


Here you go. We ran the scanner on the above-mentioned link and the results are as follows:

You can see the requests/response results:



31 views0 comments

Recent Posts

See All

G00gle Dorks | Vulnerable Services

Google serves some 80 percent of all search queries on the Internet, making it by far the most popular search engine. Its popularity is due not only to excellent search effectiveness, but also extensi

OpenSSH via PowerShell

This is an alternative to connect to a server via SSH without leaving PowerShell or Command Prompt. ◼️ Free download HERE ◼️ #1 Download OpenSSH-Win64.zip and unzip it. #2 Open Windows PowerShell and

Windows | OpenStego

What is Steganography? Steganography is the science of hiding secret message inside another larger and harmless looking message. This is one notch above regular cryptography; which just obscures the o