Vega is a free and open source web security scanner and web security testing platform to test the security of web applications. It can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information and other vulnerabilities. It is written in Java, GUI based and runs on Linux, OS X, and Windows.
Vega scans websites recursively, building an internal representation of the site in a tree-like data structure comprised of entities known as "path state nodes". Path state nodes can be directories, files, or files with POST or GET parameters. Complex websites can result in long scans and large path state data structures, so Vega offers configurable parameters that limit the scan scope in the scanner preferences. To access these parameters, click on the Window menu item and choose "Preferences". There are two sets of preferences associated with the scanner: Scanner preferences and Scanner debugging. Select Scanner debugging.
◾️ You can download Vega file right HERE ◾️
First test on Vega:
- Click on “Start New Scan” button in the top left corner. A new pop-up would open-up.
- Enter the website’s URI to scan it against vulnerabilities and loopholes. After entering all the details hit the “Next” button and choose the modules to run, It is recommended to choose all the modules for better testing and after you finish it, You will the scanner in progress and once the scan is completed you would see the results.
Vega will start crawling the target web application. Vega sends many requests. This is because in addition to analyzing the page content, the crawling engine does several tests on each potential path, trying to determine if it is a file or a directory. Vega also compares pages to each other, and tries to figure out what the 404 page looks like. Vega modules also send their own requests.
The scan progress will be indicated with a progress bar. Note that the total number of links to crawl will grow as Vega discovers new ones and generates variations to perform the above described tests, so the finish time will be a moving target. The preferences described at the start of this tutorial control the parameters that limit scope of the scan.
To stop an active scan, click the red icon with an "x" next to the new scan button.
Here you go. We ran the scanner on the above-mentioned link and the results are as follows:
You can see the requests/response results: