2 months ago 37

Vega is an extended and efficient, Java-based portion of open-source bundle that enables cybersecurity experts to tally a wide scope of security-related tests connected sites searching for imaginable vulnerabilities.


  • +

    A free, open-source tool

  • +

    Can beryllium extended via JavaScript

  • +

    Cross-platform solution

  • +

    Customizable configuration


  • -

    For experienced users only

Vega is simply a free, open-source web information scanner (opens successful caller tab) written successful Java and created to assistance cybersecurity professionals find and hole assorted web vulnerabilities specified arsenic SQL injection, cross-site scripting (XSS), ammunition injection, distant record inclusion (RFI), disclosure of delicate information, and overmuch more. Vega tin besides beryllium utilized to probe TLS/SSL information settings and pinpoint possibilities for strengthening the information of TLS/SSL servers.

The information institution lasting down this web scanner is Subgraph and it was acceptable up successful 2010 successful Montreal (Quebec, Canada) wherever it inactive stands strong. In summation to Vega, the institution has created the Subgraph operating strategy (OS) and a Tor lawsuit Orchid, and they connection different exertion information services specified arsenic penetration testing, codification review, and grooming successful unafraid web development.

Vega’s authoritative tract is acold from fleshy successful its plan but offers a decent magnitude of accusation astir Subgraph’s solutions, Vega included. It besides features a blog wherever you tin backtrack each updates for Subgraph’s products – however, it’s not a blog that’ll support you busy.

If you’re into societal networking oregon privation to get successful interaction with the squad down Vega, you tin bash it via Twitter, GitHub, and LinkedIn.


(Image credit: Vega)

Plans and pricing

As with akin security-related solutions, since Vega is some cost-free and open-source bundle determination are nary pricing models, nor plans for that matter. It runs connected Windows, Linux, and Mac OS.

Vega is simply a Java instrumentality and each its detection modules are written successful JavaScript, which makes it easy extensible – so, if you privation to make caller onslaught modules you tin clone Vega root codification from the GitHub repository.

Features and functionality

Vega runs successful 2 operating modes: arsenic an automated scanner meant for swift tests, and arsenic an intercepting proxy for much in-depth inspection.


(Image credit: Vega)

As its sanction suggests, an automated scanner automatically crawls done websites and extracts links, processing forms, and moving modules with a ngo to observe and show XSS, SQL injection, and different web vulnerabilities (opens successful caller tab). Once supplied with login credentials, Vega’s web crawler tin automatically log into sites of interest.

The intercepting proxy tin beryllium utilized to intercept the transportation betwixt users and servers and execute SSL interception for HTTP sites. It tin beryllium configured to analyse proxy postulation done aggregate scanner modules. As users are browsing the people tract done it, you tin besides configure the Vega proxy to tally onslaught modules connected it.

Vega supports 2 types of Java-based modules to behaviour a vulnerability appraisal - injection modules and effect processing modules wherever the second tin process responses received by the scanner oregon the proxy server.


(Image credit: Vega)

Interface and easiness of use

If you’re not utilizing 1 of the older versions of Kali Linux, Vega astir apt won’t travel pre-installed, which suggests you’ll person to instal the bundle connected your own.

To instal Vega, spell deed the “Download” fastener connected the main paper (and bash the aforesaid connected the adjacent page), prime retired the mentation of the Vega you privation to use, download the EXE file, and proceed to instal Vega similar immoderate different app connected your system. Alternatively, you tin clone Vega from the GitHub repository by executing the close bid successful the terminal league connected the Linux shell. In either case, your caller web scanner should soon beryllium acceptable for use.

To commencement your archetypal scan, you tin either click connected the “Scan” fastener and prime “Start New Scan” connected the drop-down paper oregon simply deed the caller scan icon astatine the apical near corner. This volition unfastened the caller scan wizard asking the idiosyncratic to either participate the azygous assets identifier (URI) straight successful the “Scan Target” tract oregon edit a people scope – then, click the “Next” button.

After this you’ll person to take what injection modules and effect processing modules you privation to utilize during the scan – so, checkmark the ones you privation to use.

Once you pat into the “Finish” button, the scan volition statesman and the Vega log volition commencement to amusement the information, the clip of the crawling phase, and what it has recovered connected the site. Vega classifies each scan alerts arsenic low, medium, oregon precocious precedence arsenic they are shown successful the “Scan Alerts” conception – and this is conscionable a glimpse into Vega’s scanning capabilities.  

While Vega’s graphical idiosyncratic interface (GUI) looks well-designed, it’s evidently outdated which could confuse newcomers.


(Image credit: Vega)

Customer support

As with different free, open-source web information scanners we’ve covered truthful far, there’s nary 24/7 lawsuit enactment with Vega – and understandably so.

However, if you’re into self-help services, you’ll beryllium gladsome to perceive that Vega has a well-supplied documentation section. It is divided into 3 main categories: “Trying Vega” which covers halfway accusation and installation, “Using Vega” which deals with how-to guides, and “Extending Vega” which is focused connected creating caller modules. As acold arsenic we tin see, these guides are beauteous elaborate though chiefly text-based – so, nary screenshots nor easy-to-follow video tutorials.  

If you privation to enactment unneurotic with the squad down Vega, you’re invited to interaction them via telephone and e-mail.


(Image credit: Vega)


If you’re searching for thing akin to Vega but with a modern, user-friendly dashboard, much broad scanning coverage, and a 24/7/365 method enactment team, you mightiness privation to cheque the Nessus vulnerability scanner – that is, if you don’t caput paying a beauteous penny. In contrast, Vega won’t outgo you a dime. 

Fortunately, if you’re dying to effort retired Nessus but can’t due to the fact that you’re moving connected a choky fund – springiness OpenVAS a chance. It’s a powerful, feature-rich vulnerability scanner that tin execute large-scale assessments and a afloat scope of web vulnerability tests. Also, it started its communicative arsenic a spin-off of Nessus and was called GNessUs once. 

If you don’t find Vega celebrated enough, effort retired a tried-and-true seasoned of penetration investigating and larboard scanning – yes, we’re reasoning astir Nmap. Like Vega, it’s escaped to use, truthful you won’t suffer thing by putting it to the test.

Final verdict

Put the information of your web apps to the trial and find (and fix) a wide assortment of vulnerabilities by putting your spot successful a cost-free yet competent, Java-based app called Vega. 

It mightiness not beryllium the simplest web scanning instrumentality to use, but erstwhile it comes to spotting SQL injection, cross-site scripting, and inadvertently disclosed information, Vega doesn’t autumn acold down its proprietary counterparts.

Sead is simply a seasoned freelance writer based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

Read Entire Article