The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
backtrack 5 r1
/pentest/web/owasp-zap
1. start Zap
java -jar zap.jar
root@bt:/pentest/web/owasp-zap# java -jar zap.jar
2. Open firefox
root@bt:~# firefox
3. Point firefox to use zap as it’s proxy
Edit / Prefrences / Advanced / Network / Settings…
tick Manual proxy configuration
Http Proxy: = 127.0.0.1
Port: = 8080
OK / Close
4. Now connect to your choosen URL
5. OWASP Zap left column under Sites you will see the sites your looking at.
6. Right click and choose Attack / Active Scan site
Active Scan
It should be noted that active scanning can only find certain types of vulnerabilities. Logical vulnerabilities, such as broken access control, will not be found by any active or automated vulnerability scanning. Manual penetration testing should always be performed in addition to active scanning to find all types of vulnerabilities.
———————————————————————————–
7. Right click and choose Brute Force (Site = url, List = the url strings you want to test)
ZAP allows you to try to brute force directories and files.
A set of files are provided which contain a large number of file and directory names.
ZAP attempts to directly access all of the files and directories listed in the selected file directly rather than relying on finding links to them.
———————————————————————————–
Brute force lists can be found in /pentest/web/owasp-zap/dirbuster
You actually make it seem really easy along with your presentation however I in finding this topic to be actually something that I think I’d by no means understand. It seems too complex and extremely vast for me. I am taking a look forward for your next submit, I will attempt to get the hold of it!
Hi Grubaugh Nice forum name. Thanks for your post., we like knowing that people are out there reading our work. If you have any questions just ask as happy to help. I be honest pentesting is not easy, it can be frustrating and much harder than most ever know, but don’t give up as you will find that you make progress all the time.
Remember to have fun.