Vega is a Web vulnerability scanner made by the Canadian company Subgraph and distributed as an Open Source tool. Besides being a scanner, it can be used as an interception proxy and perform, scans as we browse the target site.
We will use Vega to discover Web vulnerabilities in this recipe.
vega
http://192.168.56.102/WackoPicko
to scan that application:Vega works by first crawling the URL we specified as the target, identifying forms and other possible data inputs, such as cookies or request headers. Once they are found, Vega tries different inputs in them to identify vulnerabilities by analyzing the responses and matching them to known vulnerable patterns.
In Vega, we can scan a site or a group of sites that are put together in a scope, we can select what tests to perform by selecting the modules we will use in the scan; also, we can authenticate the site or sites using identities (pre-saved user/password combinations) or session cookies and exclude some parameters from testing.
As an important drawback, it doesn't have a report generation or data export feature, so we will have to see all the vulnerability descriptions and details in the Vega GUI.
3.139.70.21