Vega - Web Application Security Scanner

Vega - Web Application Security Scanner

Vega is a free and open source web security scanner and web security testing platform to test the security of web applications. It is GUI based, written in Java, and runs on Linux, OS X, and Windows. And, it can be easily extended with modules written in JavaScript. It can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It also probes for TLS / SSL security settings and identifies opportunities for improving the security of your TLS servers.

It runs in two modes of operation: as an automated scanner, and as an intercepting proxy.

  • Automated scanner
The automated scanner automatically crawls websites, extracting links, processing forms, and running modules on possible injection points it discovers. These modules can do things like automatically submit requests that fuzz parameters, for example, to test for things like cross-site scripting (XSS) or SQL injection.

  • Intercepting proxy
The intercepting proxy allows for detailed analysis of browser-application interaction. When enabled, the proxy listens on localhost as a proxy server. When a browser uses the Vega proxy, requests and responses are visible to Vega. Vega can be told to set ''breakpoints'', interception criteria for outgoing requests (from the browser) or incoming responses (from the server). These requests and responses are held in a state where they are editable until released.

Vega can also fuzz parameters and actively test pages that match the target scope as you visit them through the proxy.

It supports modules that process responses, typically looking for information (''grep'' modules). Response processing modules can process responses received by either the scanner or the proxy.


  • On Ubuntu/Debian systems: sudo apt-get install libwebkitgtk-1.0
  • On Fedora systems: sudo yum install webkitgtk
Not having this library will commonly cause Vega to fail after installation.
  • Windows: if you have the 32-bit JRE (x86), you will need to install the 32-bit version of Vega.

The 32-bit JRE is common, especially for Java 7, even on 64-bit Windows systems.

If Vega fails after install because it cannot find Java, this may be the cause and you should try another version of Vega (32/64 bit).

Note: You may also be required to install and/or run Vega with administrator privileges on Windows 8 and some Windows 7 systems.

No comments

Powered by Blogger.