VEGA SCANNER : Powerful Open Source Web Application Vulnerability Scanner

1.   Vega is one free and open source scanner and testing platform to test the security of web applications by Subgraph, an open source security software company. Vega can help find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. 

Main Features:

    Automated Crawler and Vulnerability Scanner
    Consistent UI
    Website Crawler
    Intercepting Proxy
    SSL MITM
    Content Analysis
    Customizable alerts
    Database and Shared Data Model

2.   So to launch Vega in Kali Linux...go to Web Applications then to Web Vulnerability Scanners and select Vega. 

 Vega will flash an introduction banner and display a GUI

Vega has Scanner and Proxy tabs as u play with the interface as seen below. To use Vega as a Scanner,click on the Scanner tab , click on Scan on the top-left corner and select to start new scan

 You will see an input field asking for the target. The screen shot tested below is targeting www.thesecurityblogger.com. Choose target and click on Next:

3.   It takes time to scan but gives pretty exhaustive results and presents a summary too.

Zenmap:GUI for NMAP@Kali Linux

1.     Most of us would have heard of the pretty famous Nmap ("Network Mapper") ,a free and open source (license) utility for network discovery and security auditing.It uses raw IP packets in novel ways to determine what hosts are available on the network, what services those hosts are offering, what operating systems they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Designed to rapidly scan large networks Nmap runs on all major computer operating systems.Official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).In this post the focus will be to introduce Zenmap...a kind of GUI for running NMAP commands which is otherwise terminal based.

2.   To open Zenmap, go to the Backtrack menu. Navigate to Information Mapping - DNS Analysis, and click Zenmap.

3.   Notice that under the Profile menu that there are several options to determine what type of scan you would like to run, as shown in the following screenshot:

4.    The first step is creating a new profile. A profile in Zenmap allows a Penetration Tester to create what type of scan to execute and what different options to include.Navigate to the Profile menu and select New Profile as shown in the following screenshot:

5.   When you select New Profile, the profile editor will launch. You will need to give your profile a descriptive name. For example, you can call the profile testscan as I have named here.Optionally, you can give the profile a description. During your course of using Zenmap you will probably create many profiles and make multiple scans.

6.    Zenmap is the best way to get output from Nmap scans. Zenmap offers a rich graphical user interface that displays scans that can be exported into different formats, such as text or Microsoft Excel.

Wanna sync Two Harddisks / Two Folders : GRSYNC is there for you!!!!

1.   I have two harddisks of 500 gb and I have loads of data in both...but i could never find out time to set my data at one place and then make a clone kindda or a bakup of the other...it is a herculean task if you keep updating your one harddisk regulary...so the crude rule says that you must copy the updated folder to the backup drive and then keep replacing the older one's....but if the data is too much and the files are in thousands and you have lesser time wouldn't you like to simply click one button and auto syn the complete folder or the harddrive at one go!!!!!What if you have the following GUI that give a whole lot of options to play around...like in the screen shot below :

 

 

2.  Isn't this simple and great...no need to bug yourself trying to find what was old and what is newer...what to keep and what not to keep... you simply see the options above and you will be able to figure out how helpful this utility can be if u have not been suing this till date....The best part is that it is very simple to use.

3.   Grsync is a Graphical User Interface (GUI) for the rsync synchronization tool under Linux / Unix System. There are also ports of Grsync on Windows and OS X platforms. Grsync is released under the terms of the GNU General Public License (GPL), so it is free software, and makes use of the GTK+ UI toolkit. In addition, it has support for the Unity user interface. It can be effectively used to synchronize local directories and supports remote targets (although in a limited way).

How do u install this in FEDORA ?

 4.   A simple type yum install grsync with root privileges will do the needful.....