Vega is an open source and cross platform web application penetration testing tool built in Java. Vega has a JavaScript based API which makes it even more powerful and flexible. In our today's article we are going to install and use Vega on our Kali Linux 2020.4 system without getting any error and use it.
Using Vega is pretty easy by reading our detailed guide, everyone can install & use it to perform a scan also as a proxy. Vega did not comes with Kali Linux. Vega come pre-installed on some previous versions of Kali Linux, but now we need to install it manually, before that we need to do some configuration on our system.
Configuring Kali Linux 2020 for Vega
First we need to setup our java version to 8. To do it we need to run following command on our terminal:
The screenshot of the command is following:
Here we can see that our default Java version is marked by * i.e. Java version 11. To select Java version 8 we need to find the row number of Java 8. In our case Java 8 is on number 2. We need to type 2 and hit enter.
Now we have selected Java version 8 on our system. To check it we can run the previous command again to see the *'s location. It should be on Java 8.
The above command will add Debian repository. We just need to update our cache by using update command:
Now we are going to install libwebkit on our system, to do it we need to run following command:
This may took some time depending on our internet speed and system performance. After this we may need to restart our system to see effects. We rebooted our system.
If we wish we can remove the Debian repository now by using following command:
Downloading and Installing Vega on Kali Linux
We can download Vega from the official website and Here we got the download option.
After click on the download button we got options for various systems like Mac, Linux and Windows. Here we are using Kali Linux and we have 64 bit system so we download the 64 bit version of Linux.
It will be unzip in seconds then we need to navigate to vega unzipped directory by using cd command:
We can see the files, we just need to run following command to start Vega on our Kali Linux system.
After this we can see that Vega is opened in our front as we can see in the following screenshot:
Web Penetration Testing with Vega
There are two ways to start a scan in Vega. We can use the Scanner mode or We can choose the Proxy mode. First we talk about Scanner mode.
Scanner Mode:
In Scanner mode first we need to choose the "Start New Scan" option from the Scan menu.
In the window, we enter the target website URL and click on Finish.
Then Vega will start the scan. After ending the scan we got the result as we can see in the following screenshot:
Here we can see we got 51 High risk on our vulnerable localhost server.
To check more details about the scan results and know about the vulnerabilities we need to look up at Scan Alerts in the left-hand side panel. Clicking on an alert shows us the details as we can see in the following screenshot:
This is how we can scan a website or web application using Vega on our Kali Linux system in 2020.
Proxy Mode:
This is very similar to Burp Suite and WebScarab. Vega also has a proxy feature, where we can intercept and analyze the requests manually too!
We are also able to edit and replay the requests to perform a manual check.
This is how we can install & use Vega on Kali Linux 2020 versions and use it to do web penetration testing. Vega is still a good all-in one tool for bug bounty hunters and cybersecurity experts.
Comments