Vega web Application Vulnerability Tester

Intro - Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities.

1. How to open
A. GUI Method

Application → Kali linux → Web Applications → Web Vulnerability Scanners → vega

B. Open Terminal, type vega and hit enter

2. Go to Scan → Start New Scan (click on this)

3.  Write your target URL and click on next

4. Select Modules to run which modules do you want to run. For example if I want to know only XSS Injection than just check it and uncheck others afterthat click on next.

5. Here you can configure cookies and authentication identity. I am leaving all this I don’t need it.

6.  Click on Finish. And your scan will be start.

7. After completing scan you will see result like this image, If you got High alert than you got vulnerabilities on your target. If not than your target do not have any type of vulnerability.

8. Just go to scan alert and select your vulnerability for more information. After selecting this you will see information about selected item like in this image we selected ‘Possible SQL Injection → /products/details’ here we can see this is a SQL Injection, we can see details like resource, method. If you want more details than just click on REQUEST filed ‘GET /products/details.’

9. This is Request window. Here we can see host, method etc as well as we can see the response. On the response tab we can watch this is a sql error.

10. If you want to see this is a sql vulnerability or not than just put your url on address bar.