How to scan a web application for vulnerabilities using Vega

How to scan a web application for vulnerabilities using Vega

BlackTrack5 which was an ubuntu based operating system focusing on provides us with a variety of tools for the purpose of ethical hacking related tasks.

In this discussion we will look at how we can scan web application for possible vulnerabilities using the Vega tool. This is one of the tools that helps us to scan an application for XSS attacks, Sql Injection attacks among other vulnerabilities. The tool works by crawling the application under test and identify possible vulnerabilities based on a set of scripts the tool uses during the scanning.

Lets look at the simple steps to get the test running.

Since we are going to use the tool through BlankTrack5, first, we need to startup the BlackTrack5 operating system. Since Vega is a is a GUI based tool,  we need to start the OS in GUI mode.

Once the operating system is started, we can find the tool by navigating to the path BlackTrack > Vulnerability Assessment > Web Vulnerability Scanner where the list of available tools will be listed. For our use lets select Vega.

  

Next, within the text filed titled "Input the Base URL", enter the URL of the target application which needs to be tested as shown below.

As the screen above displays the tool provides a list of modules that we can run as scenarios for our test. Select the required modules using the checkbox as shown in the below diagram.

Once, we click on "Finish", the tool will start the scan process and show us the results of the full scan done on the application.

The final screen shows the output that is generated by the Vega  with the result of its vulnerability analysis. This section shown identified vulnerabilities in different categories of High, Medium, Low and Info levels.

The benefit of the tools report is that it provides a categorized  result sheet with classification and description of the type of vulnerability the tool has identified.