Sunday, 27 May 2018

Website Pentesting With Kali Linux | Vega Scanner | Tutorial

Scan Websites for Potential Vulnerabilities Using Vega in Kali Linux 


 Vega Vulnerability Scanner, a free, open-source, graphical web-auditing tool developed by the security company Subgraph. This tool contains several interesting features such as a proxy scanner, but we'll be focusing on the automated security testing aspect that can help us find and validate SQL injection, cross-site scripting (XSS), inadvertently disclosed sensitive information, and many other vulnerabilities.

 Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. Vega can be extended using a powerful API in the language of the web: JavaScript. The official webpage is 

Step 1   Install Vega

 Vega is not included with Kali Linux v 2.0. As a result, it has to be installed. You can download the latest version at

you can run the apt-get command seen below in a terminal. You'll get a message saying it's already installed if you do have it already, and if not, it will install it for you.

apt-get update && apt-get install vega

Step 2   Start Vega

 In Kali Linux, tools are automatically sorted into categories, so click on "Applications," then hover over the "Web Application Analysis" category, and click on "Vega." Depending on if you're using something like XFCE, a lightweight version of Kali, the Applications menu may look a bit different. You could also just search for "Vega" from the "Show Applications" screen.


Step 3  Configure Vega

After starting an application for the first time, I like to view the available preferences and options. In the top-left corner, click on the "Window" menu, then view the "Preferences," which I'll walk you through in the next two steps.


If you prefer to anonymize your Vega scans and proxy all connections, check the "Enable SOCKS proxy" option under General, and enter a proxy address and port. If you're using Tor, enter the default Tor address and port ( This will help conceal the origin of your scans. Otherwise, if you're using a free or premium proxy service, choose the address and port you prefer.

Step 4  Scan a Website with Vega

Now that we have Vega installed and configured, we're now ready to start scanning a website. To start scanning, open the "Scan" menu in the top left and click on "Start New Scan." Vega will prompt us with the Select a Scan Target window. Enter your target URL into the box under Scan Target, then hit "Next."

By default vega vulnerability scanner will scan for lots of different vulnerability types.
Header Injections.
Directory Traversal Attacks.
URL Injection Attacks.
XML Injection Attacks.
XSS Injections.
Blind SQL Injections.
Shell Injection Attacks.
Remote file include Attacks.
String Format attacks.
OS Command Injection Attacks.
This is just the first page of the modules section, there are quite a lot to choose from!

  Check all the boxes of the modules you want to be controlled. Then, click “Next”.

Step 5   Interpret Vega's Alerts

  After the scan is completed, on the left down panel you can see all the findings, that are categorized according to the severity. If you click it, you will see all the details of the vulnerabilities on the right panel such as “Request”, ”Discussion”, ”Impact”, and ”Remediation”.

 If Vega reports a "High" alert, don't panic. Vega's modules are sensitive and sometimes produce false positive alerts for vulnerabilities that may not actually exist. False positives aren't necessarily a bad thing. That being said, it's a good idea to comb through the report and manually investigate each alert. Think of these alerts as areas worth further investigating and not definitive indications that something needs to be fixed.

 Clicking on one of the alerts will display tons of useful information.

Vega works by first crawling the URL we specified as the target, identifying forms and other
Possible data inputs, such as cookies or request headers. Once they are found, Vega tries different inputs in them to identify vulnerabilities by analysing the responses and matching them to known vulnerable patterns.

In Vega, we can scan a site or a group of sites that are put together in a scope, we can select what tests to perform by selecting the modules we will use in the scan; also, we can authenticate the site or sites using identities (pre-saved user/password combinations) or session cookies and exclude some parameters from testing. As an important drawback, it doesn’t have a report generation or data export feature, so we will have to see all the vulnerability descriptions and details in the Vega GUI.

 Vega is an excellent tool to help security researchers better understand web application penetration testing. Its vast selection of modules allows even novice users to dig deep into potential security risks and assess their severity to websites. Anyone interested in improving the security of their website and enhancing their web hacking skills will come to love Vega and its ease of use, or at least, I hope so.

No comments:

Post a Comment