What is Vega?
What does it do?
Vega runs in two modes of operation: as an automated scanner, and as an intercepting proxy.
The automated scanner automatically crawls websites, extracting links, processing forms, and running modules on possible injection points it discovers. These modules can do things like automatically submit requests that fuzz parameters, for example, to test for things like cross-site scripting (XSS) or SQL injection.
The intercepting proxy allows for detailed analysis of browser-application interaction. When enabled, the proxy listens on localhost as a proxy server. When a browser uses the Vega proxy, requests and responses are visible to Vega. Vega can be told to set ''breakpoints'', interception criteria for outgoing requests (from the browser) or incoming responses (from the server). These requests and responses are held in a state where they are editable until released.
Vega can also fuzz parameters and actively test pages that match the target scope as you visit them through the proxy.
Vega supports modules that process responses, typically looking for information (''grep'' modules). Response processing modules can process responses received by either the scanner or the proxy.
Shared knowledge base
Beneath the hood is a database where information, including requests and responses, can be shared among components.
Both types of modules are capable of generating alerts that incorporate a combination of dynamic content from the module, and static content in an XML file specified by the alert.
What's in Vega?
Vega would not have been possible without the generous contributions of the open source and security research communities.
With much appreciation, we acknowledge that Vega is built upon the work of many other individuals and projects, and includes code from the following:
The Vega scanner owes much to the innovative work implemented in Skipfish by Michal Zalewski.
Have feedback on our documentation? Please tell us.