Kali Linux - Website Penetration Testing tools Vega and ZapProxy. Vega is free and open source scanner and testing platform to test the security of website.

Kali Linux – Website Penetration Testing tools Vega and ZapProxy

It's only fair to share...Digg thisShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInFlattr the authorShare on TumblrShare on VKShare on YummlyShare on RedditShare on StumbleUpon

Kali Linux – Website Penetration Testing tools Vega and ZapProxy

 

Vega Usage

Kali Linux – Website Penetration Testing tools Vega and ZapProxy. Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. Also, It is written in Java, GUI based, and runs on Linux, OS X, and Windows. Kali Linux – Website Penetration Testing tools Vega and ZapProxy

Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. Vega can be extended using a powerful API in the language of the web: JavaScript. The official webpage is https://subgraph.com/vega/

Subgraph

Step 1 − To open Vega go to Applications → 03-Web Application Analysis → Vega

Vega

and Step 2 − If you don’t see an application in the path, type the following command.

Subgraph

Step 3 − To start a scan, click “+” sign.

Subgraph Vega

and Step 4 − Enter the webpage URL that will be scanned. In this case, it is metasploitable machine → click “ Next”.

Enter Page URL

Step 5 − Check all the boxes of the modules you want to be controlled. Then, click “Next”.

Module Boxes

Step 6 − Click “Next” again in the following screenshot.

Next Again

Step 7 − Click “Finish”. Kali Linux – Website Penetration Testing tools Vega and ZapProxy

Finish Button

Step 8 − If the following table pops up, click “Yes”.

Follow Redirect

The scan will continue as shown in the following screenshot.

Scanner Progress

Step 9 − After the scan is completed, on the left down panel you can see all the findings, that are categorized according to the severity. If you click it, you will see all the details of the vulnerabilities on the right panel such as “Request”, ”Discussion”, ”Impact”, and ”Remediation”.

ALSO READ  Learn to Hack Instagram utilizing Kali Linux 2017.1

Left Down Panel

ZapProxy

ZAP-OWASP Zed Attack Proxy is an easy-to-use integrated penetration testing tool for finding vulnerabilities in web applications. Also, It is a Java interface. Kali Linux – Website Penetration Testing tools Vega and ZapProxy

Step 1 − To open ZapProxy, go to Applications → 03-Web Application Analysis → owaspzap.

ZapProxy

Step 2 − Click “Accept”.

Licensed Version

ZAP will start to load.

OWASP Zap

Step 3 − Choose one of the Options from as shown in the following screenshot and click “Start”.

Choose Options

Following web is metasploitable with IP :192.168.1.101

Web Metasploitable

Step 4 − Enter URL of the testing web at “URL to attack” → click “Attack”.

Url Attack

After the scan is completed, on the top left panel you will see all the crawled sites.

In the left panel “Alerts”, you will see all the findings along with the description. Also, Kali Linux – Website Penetration Testing tools Vega and ZapProxy

Alerts

Step 5 − Click “Spider” and you will see all the links scanned.

It's only fair to share...Digg thisShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInFlattr the authorShare on TumblrShare on VKShare on YummlyShare on RedditShare on StumbleUpon