Vega is an open source and cross platform web application penetration testing tool built in Java. Vega has a JavaScript based API which makes it even more powerful and flexible. In our today's article we are going to install and use Vega on our Kali Linux 2020.4 system without getting any error and use it.
Using Vega is pretty easy by reading our detailed guide, everyone can install & use it to perform a scan also as a proxy. Vega did not comes with Kali Linux. Vega come pre-installed on some previous versions of Kali Linux, but now we need to install it manually, before that we need to do some configuration on our system.
First we need to setup our java version to 8. To do it we need to run following command on our terminal:
sudo update-alternatives --config java
The screenshot of the command is following:
Here we can see that our default Java version is marked by * i.e. Java version 11. To select Java version 8 we need to find the row number of Java 8. In our case Java 8 is on number 2. We need to type 2 and hit enter.
Now we have selected Java version 8 on our system. To check it we can run the previous command again to see the *'s location. It should be on Java 8.
We need to add Debian Linux's repository to install libwebkit on our Kali Linux system. This libwebkit is not available on Kali Linux repository. That's why we need to add Debian's repository by using following command:
echo "deb http://deb.debian.org/debian oldstable main non-free contrib" | sudo tee -a /etc/apt/sources.list
The above command will add Debian repository. We just need to update our cache by using update command:
sudo apt update
Now we are going to install libwebkit on our system, to do it we need to run following command:
sudo apt-get install libwebkitgtk-1.0-0 -y
This may took some time depending on our internet speed and system performance. After this we may need to restart our system to see effects. We rebooted our system.
If we wish we can remove the Debian repository now by using following command:
sudo nano /etc/apt/sources.list
We can download Vega from the official website and Here we got the download option.
After click on the download button we got options for various systems like Mac, Linux and Windows. Here we are using Kali Linux and we have 64 bit system so we download the 64 bit version of Linux.
After downloading the zip file on our downloads folder we can use following command to unzip it
cd Downloads && unzip -q VegaBuild*.zip
It will be unzip in seconds then we need to navigate to vega unzipped directory by using cd command:
cd vega
We can see the files, we just need to run following command to start Vega on our Kali Linux system.
./Vega
After this we can see that Vega is opened in our front as we can see in the following screenshot:
There are two ways to start a scan in Vega. We can use the Scanner mode or We can choose the Proxy mode. First we talk about Scanner mode.
Scanner Mode:
In Scanner mode first we need to choose the "Start New Scan" option from the Scan menu.
In the window, we enter the target website URL and click on Finish.
Then Vega will start the scan. After ending the scan we got the result as we can see in the following screenshot:
Here we can see we got 51 High risk on our vulnerable localhost server.
To check more details about the scan results and know about the vulnerabilities we need to look up at Scan Alerts in the left-hand side panel. Clicking on an alert shows us the details as we can see in the following screenshot:
This is how we can scan a website or web application using Vega on our Kali Linux system in 2020.
Proxy Mode:
This is very similar to Burp Suite and WebScarab. Vega also has a proxy feature, where we can intercept and analyze the requests manually too!
We are also able to edit and replay the requests to perform a manual check.
This is how we can install & use Vega on Kali Linux 2020 versions and use it to do web penetration testing. Vega is still a good all-in one tool for bug bounty hunters and cybersecurity experts.
Liked our tutorials then please do subscribe our website using mail id for free, our new articles will be send in mail. We are also available on Twitter and GitHub. Also follow us there we post updates there.
For any problem please comment down below in the comment section, we will happy to help. We always reply.
FAQs
Vega is a Web vulnerability scanner made by the Canadian company Subgraph and distributed as an Open Source tool. Besides being a scanner, it can be used as an interception proxy and perform, scans as we browse the target site. We will use Vega to discover Web vulnerabilities in this recipe.
What is the most powerful tool in Kali Linux? ›
Top 15 Kali Linux Tools
- 1) Nmap. Nmap, short for Network Mapper, is a versatile and indispensable tool in network exploration and security auditing. ...
- 3) Wireshark. ...
- 4) Metasploit Framework. ...
- 5) Aircrack-ng. ...
- 6) John the Ripper. ...
- 7) SQLmap. ...
- 8) Autopsy. ...
- 9) Social Engineering Toolkit.
The most advanced. Penetration Testing Distribution
Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.
What is Vega Linux? ›
Vega is a free, open-source web security scanner written in Java and created to help cybersecurity professionals find and fix various web vulnerabilities such as SQL injection, cross-site scripting (XSS), shell injection, remote file inclusion (RFI), disclosure of sensitive information, and much more.
What is the decrypt tool for Kali Linux? ›
ccrypt is a utility for encrypting and decrypting files and streams. It was designed as a replacement for the standard unix crypt utility, which is notorious for using a very weak encryption algorithm.
What is the best scanner tool for Kali Linux? ›
nmap. Nmap (network mapper) is perhaps the most popular network and port scanner ever created. It is capable of scanning for useful information; such as open ports, running services, operating system version, etc. It accomplishes these tasks by sending IP packets to probe the target host, or network, in various ways.
How do hackers scan for vulnerabilities? ›
Network vulnerability scanners. Network vulnerability scanners are so called because they scan your systems across the network, by sending probes looking for open ports and services, and then probing each service further for more information, configuration weaknesses or known vulnerabilities.
What is the IP scanning tool in Kali? ›
Nmap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques, version detection (determine service protocols and application versions listening behind ports), and TCP/IP fingerprinting (remote host OS or device identification).
What OS do hackers use? ›
Kali Linux
The most widely used ethical hacking OS, Kali Linux, is a Debian-based Linux-based operating system. It is developed for digital forensics and penetration testing and is financed and maintained by Offensive Security Ltd.
Why do hackers use Kali Linux? ›
Hackers use Kali Linux as it is the best distribution for hacking: it comes with all the tools you need to hack right out of the box. It is also free to use, which makes it a good choice for individuals who want to try ethical hacking for the first time.
Additionally, there is an Everything flavor of the Installer and Live images, for 64-bit architectures only.
- If in doubt, use the “Installer” image. ...
- This is the recommended image to install Kali Linux. ...
- We recommend sticking with the default selections and add further packages after the installation as required.
Best Tools for Penetration Testing Experts
- Kali Linux. License: open source. GitHub Repo: N/A. ...
- Burp Suite. License: free and paid options. ...
- Wireshark. License: open source. ...
- John the Ripper. License: open source. ...
- Hashcat. License: open source. ...
- Nmap. License: open source. ...
- Invicti. License: commercial.
Kali Purple offers numerous tools for various defense tasks, including network monitoring, threat intelligence, incident response, and forensics, so the possibilities for device configuration are numerous.
What is the cyber security tool for Kali Linux? ›
Metasploit Framework
Available for Windows and Linux, MSF is most likely one of the most potent security auditing Kali Linux tools freely available for cybersecurity professionals. Metasploit Framework's features include: Network enumeration and discovery. Evading detection on remote hosts.
What is the fuzzing tool in Kali? ›
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked directories, servlets, scripts, etc, bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing, etc.
What is Legion tool in Kali Linux? ›
Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems.
What do all the Kali Linux tools do? ›
Kali Linux has numerous security-hacker applications pre-installed for exploitation tools, forensic tools, hardware hacking, information gathering, password cracking, reverse engineering, wireless attacks, web applications, stress testing, sniffing and spoofing, vulnerability analysis, and many more.
What is the Metasploit tool in Kali? ›
Steps to Use Metasploit
- Open Kali Linux Terminal. Open the Kali Linux terminal using the Ctrl+Alt+T keyboard shortcut or by clicking on the terminal icon in the menu. ...
- Start Metasploit Framework. ...
- Check Modules in Metasploit. ...
- Select a Module. ...
- Configure the Exploit. ...
- Launch the Exploit. ...
- Interact with the Session.
