October 25, 2016

First Beta of the Vega Vulnerability Scanner Released

The first beta of Vega, an open source tool to test the security of web applications, has been released. Vega can help find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other types of vulnerabilities. Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection and can be extended using Javascript.

The automated scanner crawls a web application, analyzing pages, looking for interesting content and injection points. Vega runs modules on the web application that test for vulnerabilities or analyze content. These modules are written in Javascript and are entirely customizable. Vega modules can generate alerts to make users aware of the findings.

The intercepting proxy is situated between a browser and the target application, intercepting all requests and responses between them. Users can view the interaction of the client with the website, intercepting and modifying requests and responses to probe and verify possible vulnerabilities. The proxy is also capable of intercepting HTTPS communications with dynamically generated man-in-the-middle certificates.

Written in Java, it runs on Linux, OS X, and Windows and can be downloaded from here.