Vega - Open source web applications Vulnerability Scanner

Vega is an open source platform to test the Security and Vulnerability of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.

Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. Vega can be extended using a powerful API in the language of the web: Javascript.

Modules used in Vega:
* Cross Site Scripting (XSS)
* SQL Injection
* Directory Traversal
* URL Injection
* Error Detection
* File Uploads
* Sensitive Data Discover

Core functions of Vega:
* Automated Crawler and Vulnerability Scanner
* Consistent UI
* Website Crawler
* Intercepting Proxy
* SSL MITM
* Content Analysis
* Extensibility through a Powerful Javascript Module API
* Customizable alerts
* Database and Shared Data Model

Vega Installation
Download the archive corresponding to your architecture Linux GTK 32-bit Intel | Linux GTK 64-bit Intel
Unzip it in your home directory, or wherever appropriate.
Change into your home directory and run ./Vega.

Using Vega:
When you start Vega for the first time, you will be in the scanner perspective. Vega has two perspectives: The scanner, and the proxy. The Vega scanner is an automated security testing tool that crawls a website, analyzing page content to find links and form parameters. Vega finds injection points, referred to as path state nodes, and runs modules written in Javascript to analyze them. Vega also runs Javascript modules on all responses sent back from the server during the scan.
Open up the Vega UI and type the site address on which you need to perform the security scanning.

Latest release:

1.0 Beta

Released on

June 29, 2011

DOWNLOAD VEGA

Links for binary packages built for various platforms are listed below (Java 6 required):