Web app pentest with Vega
Vega is an open source web app pentesting tool built in to Java. It has a JavaScript-based API, which makes it even more powerful and flexible. Vega is pretty easy to use in the following recipe, and you will learn how to perform a scan with it.
Getting ready
Some Kali versions do not come with Vega installed, but it can be installed using the command:
apt-get install vegaHow to do it...
- Vega is inbuilt in Kali and can be started using this command:
vega The preceding command opens up the Vega tool:
- There are two ways to start a scan in Vega—by choosing either the scanner mode or the proxy mode. We look at the scanner mode here.
- We choose the
Start New Scanoptions from theScanmenu:
- In the window, we enter the website URL and click on
Next:
- Then, we can choose the modules we want to run:
- In this step, we can enter the cookies:
- Next, we specify whether we want to exclude any parameters and then we click on
Finish:
- We can see the results and vulnerabilities in the left...
