WebApp Vulnerability scanning with VEGA

Vega is a free web vulnerability diagnostic scanner developed by SUBGRAPH. The UI is also one of my favorite scanners because of its superior performance compared to other WVS that is clean and non-commercial. It is written in Java first and operates through the JVM, so it is not affected by the platform. Well, to be more precise, if you have Java, you can run it. This is a great advantage. I personally use Linux only, but I have to work. The environment itself is based on Linux + Windows.

 

This tool has a good open-source detection rate. That is to say, the rate of mistakes is high, so you have to check the results well.

VEGA can be extended for each scan module. I do not know how many people will be using VEGA’s Jar file, but the interesting thing about this tool is that it uses a web-based UI within the Java base.
If you look at HTML / CSS a bit, you’ll be able to edit it more conveniently.

This also applies to module configurations. VEGA supports Javascript-based modules, and if you have any modules you need, you can write them in JS. This is a very attractive tool in this regard.

Installing

  1. Download VEGA at https://subgraph.com/vega/download/index.en.html
  2. Choose your download the file for each type and download it according to OS
  3. Navigate to the extracted directory and run Vega file to open

Usage:

Scanning is very simple. Open the Scan Wizard via the Scan> Start New Scan icon on the menu bar or the shortcut key.

When you enter the information for Target, an option for Module appears. There are two major categories.

Next is the cookie setting

Click Finsh button, it will start scanning for vulnerabilities.