Wednesday, January 20, 2016
Web Application Testing - Vega
Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.
Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. Vega can be extended using a powerful API in the language of the web: Javascript
What does it do?
Vega runs in two modes of operation: as an automated scanner, and as an intercepting proxy.
Automated scanner
The automated scanner automatically crawls websites, extracting links, processing forms, and running modules on possible injection points it discovers. These modules can do things like automatically submit requests that fuzz parameters, for example, to test for things like cross-site scripting (XSS) or SQL injection.
Intercepting proxy
The intercepting proxy allows for detailed analysis of browser-application interaction. When enabled, the proxy listens on localhost as a proxy server. When a browser uses the Vega proxy, requests and responses are visible to Vega. Vega can be told to set ”breakpoints”, interception criteria for outgoing requests (from the browser) or incoming responses (from the server). These requests and responses are held in a state where they are editable until released.
Scanning proxy
Vega can also fuzz parameters and actively test pages that match the target scope as you visit them through the proxy.
Response processing
Vega supports modules that process responses, typically looking for information (”grep” modules). Response processing modules can process responses received by either the scanner or the proxy.
Shared knowledge base
Beneath the hood is a database where information, including requests and responses, can be shared among components.
Workspaces
Vega stores information about the current and past scans in a “workspace”. Clearing the workspace will remove all scan data, including alerts and saved requests/responses. To do so, select the “File” menu item and click on “Reset Current Workspace”.
Preferences
Vega scans websites recursively, building an internal representation of the site in a tree-like data structure comprised of entities known as “path state nodes”. Path state nodes can be directories, files, or files with POST or GET parameters. Complex websites can result in long scans and large path state data structures, so Vega offers configurable parameters that limit the scan scope in the scanner preferences. To access these parameters, click on the Window menu item and choose “Preferences”. There are two sets of preferences associated with the scanner: Scanner preferences and Scanner debugging. Select Scanner debugging.
Search
Categories
Popular Posts
-
dotenv loads .env files into process.env for Node.js projects, making it useful for configuration hygiene checks, secret-handling review...
-
In this post, we will explore a Python script designed to parse logs containing url:user:pass data. These logs are instrumental in executin...
-
New bug bounty(vulnerabilities) collector Requirements Chrome with GUI (If you encounter trouble with script execution, check the stat...
-
x64dbg is a Windows user-mode debugger for controlled runtime inspection, breakpoint logic, trace collection and patch validation in autho...
-
As cyber threats evolve, so must our strategies to combat them. The deepdarkCTI project serves as a crucial resource, offering access to a c...
-
GTFOcli it's a Command Line Interface for easy binaries search commands that can be used to bypass local security restrictions in mis...
-
As mobile applications become more integral to our daily lives, ensuring their security is paramount. Vulnerabilities in mobile apps can exp...
-
social-analyzer provides API, CLI, and web interfaces for finding and analyzing public profiles across more than 1000 social media and web...
-
Remote adminitration tool for android Features Notifications listener SMS listener Phone call recording Image capturing and sc...
-
RepoReaper is a precision tool designed to automate the identification of exposed .git repositories across a list of domains and subdomai...
Blog Archive
-
►
2026
(3)
- ► 05/24 - 05/31 (3)
-
►
2024
(42)
- ► 05/26 - 06/02 (1)
- ► 05/12 - 05/19 (1)
- ► 05/05 - 05/12 (5)
- ► 03/10 - 03/17 (3)
- ► 02/18 - 02/25 (32)
-
►
2022
(20)
- ► 02/06 - 02/13 (18)
- ► 01/30 - 02/06 (2)
-
►
2018
(69)
- ► 10/14 - 10/21 (4)
- ► 08/26 - 09/02 (7)
- ► 08/12 - 08/19 (4)
- ► 07/15 - 07/22 (2)
- ► 07/08 - 07/15 (6)
- ► 07/01 - 07/08 (3)
- ► 06/17 - 06/24 (2)
- ► 03/04 - 03/11 (2)
- ► 02/18 - 02/25 (1)
- ► 02/04 - 02/11 (3)
- ► 01/28 - 02/04 (7)
- ► 01/21 - 01/28 (6)
- ► 01/14 - 01/21 (12)
- ► 01/07 - 01/14 (10)
-
►
2017
(72)
- ► 12/31 - 01/07 (2)
- ► 12/03 - 12/10 (1)
- ► 11/19 - 11/26 (1)
- ► 11/12 - 11/19 (1)
- ► 10/22 - 10/29 (3)
- ► 10/01 - 10/08 (2)
- ► 09/17 - 09/24 (6)
- ► 09/10 - 09/17 (2)
- ► 09/03 - 09/10 (2)
- ► 08/27 - 09/03 (4)
- ► 07/23 - 07/30 (5)
- ► 07/16 - 07/23 (3)
- ► 06/25 - 07/02 (1)
- ► 06/18 - 06/25 (4)
- ► 05/21 - 05/28 (7)
- ► 05/14 - 05/21 (1)
- ► 05/07 - 05/14 (2)
- ► 04/30 - 05/07 (2)
- ► 04/23 - 04/30 (2)
- ► 04/16 - 04/23 (2)
- ► 03/19 - 03/26 (4)
- ► 01/22 - 01/29 (2)
- ► 01/15 - 01/22 (1)
- ► 01/08 - 01/15 (8)
- ► 01/01 - 01/08 (4)
-
▼
2016
(648)
- ► 12/25 - 01/01 (1)
- ► 12/18 - 12/25 (2)
- ► 12/11 - 12/18 (6)
- ► 12/04 - 12/11 (4)
- ► 11/27 - 12/04 (5)
- ► 11/13 - 11/20 (1)
- ► 11/06 - 11/13 (1)
- ► 10/30 - 11/06 (5)
- ► 10/23 - 10/30 (1)
- ► 10/16 - 10/23 (2)
- ► 10/09 - 10/16 (5)
- ► 10/02 - 10/09 (3)
- ► 09/25 - 10/02 (2)
- ► 09/18 - 09/25 (6)
- ► 09/11 - 09/18 (6)
- ► 09/04 - 09/11 (4)
- ► 08/28 - 09/04 (7)
- ► 08/21 - 08/28 (5)
- ► 08/14 - 08/21 (4)
- ► 08/07 - 08/14 (2)
- ► 07/31 - 08/07 (2)
- ► 07/24 - 07/31 (5)
- ► 07/17 - 07/24 (2)
- ► 07/10 - 07/17 (3)
- ► 07/03 - 07/10 (6)
- ► 06/26 - 07/03 (11)
- ► 06/12 - 06/19 (4)
- ► 06/05 - 06/12 (1)
- ► 05/29 - 06/05 (1)
- ► 05/08 - 05/15 (4)
- ► 04/24 - 05/01 (8)
- ► 04/17 - 04/24 (5)
- ► 04/10 - 04/17 (1)
- ► 04/03 - 04/10 (8)
- ► 03/27 - 04/03 (1)
- ► 03/20 - 03/27 (5)
- ► 03/13 - 03/20 (1)
- ► 03/06 - 03/13 (12)
- ► 02/28 - 03/06 (14)
- ► 02/21 - 02/28 (11)
- ► 02/14 - 02/21 (12)
- ► 02/07 - 02/14 (13)
- ► 01/31 - 02/07 (121)
- ► 01/24 - 01/31 (34)
-
▼
01/17 - 01/24
(58)
- Open Source Vulnerability Scanner - OpenVAS
- Passive DNS Network Mapper - dnsmap
- Admin Page Finder Script
- TrueCrypt brute-force password cracker - TrueCrack
- Automatic Database Dump - sqlcake
- Open Source Intelligence - Maltego
- Mobile Terminal Application for Intermittent Conne...
- Joomla Security Scanner - Joomscan
- Post Exploitation Framework - Intersect
- Exploring Android Platform - Mercury
- Python Script Searching - Dark D0rk3r
- SQLi and Web Attack Framework - Enema SQLi
- Linux Live USB Creator - LiLi
- Backup and Recovery - ReDo
- Yet Another Man in The Middle Automation Script -...
- Wi-Fi network scanner - inSSIDer
- Open Source MySQL Injection - sqlsus
- Extreme GPU - Bruteforcer
- Passive Traffic Fingerprinting - p0f
- Rainbow Tables Hash Cracker - RainbowCrack
- Web Application Testing - Vega
- PDF Analysis Tool - peepdf
- PHP Vulnerability - Hunter
- O Programa da Matrix Está Falhando - ''O Que Você ...
- Automatic Bluetooth Spoofing - Spooftooph
- Wireless Network Monitoring Tool - Kismet
- Pentest - Security Cheatsheets
- Antivirus Evasion - foolav
- Razorback
- LAMP/LEMP Secure Deployment - JShielder
- Wordlist Generator - Crunch
- SIP Witch
- Injecting Fake Updates - Evilgrade
- Tiny Core Linux
- MD5 Online Password Cracking - md5cracker
- Writing Your Own Exploits
- Encrypt Your Network Traffic - Tcpcrypt
- Passive Network Monitoring - lanmap2
- Wireless and Wired Network Interceptor - the Inter...
- Encrypted UDP based FTP - UFTP
- IDS evasion - Inundator
- Standardized Security - OpenSCAP
- Web Application Security Scanner - w3af
- Log Monitoring Daemon - agentsmith
- Blind SQL Injections - BSQL Hacker
- Final Released - Bruter v1.0
- V For Vendetta
- AfterGlow
- Network Forensics - Xplico
- Digital Forensics Framework - DFF
- Digital Forensics - Autopsy
- Volatility 2.5 - Memory Forensics
- Credit Card Magstripe Spoofer - MagSpoof
- Privilege Escalation - Potato
- Cross Platform ELF Analysis - ELF Parser
- Pentest Distro - Web Testing Framework Samurai
- 10 Estratégias de Manipulação da Mídia
- Project Arsenal X - As HackTheGame But Real
- ► 01/10 - 01/17 (59)
- ► 01/03 - 01/10 (174)
-
►
2015
(26)
- ► 12/27 - 01/03 (1)
- ► 08/30 - 09/06 (8)
- ► 08/23 - 08/30 (16)
- ► 08/16 - 08/23 (1)
Home
Privacy Center
Data Protection
Community
Digital Policy
Security Tools
Online Utilities
Resources
Search Operators
Library


0 comentários:
Post a Comment
Note: Only a member of this blog may post a comment.