Using OWASP ZAP to scan for vulnerabilities

OWASP ZAP is a tool that we have already used in this book for various tasks, and among its many features, it includes an automated vulnerability scanner. Its use and report generation will be covered in this recipe.

Getting ready

Before we perform a successful vulnerability scan in OWASP ZAP, we need to crawl the site:

Open OWASP ZAP and configure the Web browser to use it as proxy.
Navigate to 192.168.56.102/peruggia/.
Follow the instructions from Using ZAP's spider from Chapter 3, Crawlers and Spiders.

How to do it...

Go to OWASP ZAP's Sites panel and right-click on the peruggia folder.
From the menu, navigate to Attack | Active Scan.
A new window will pop up. At this point, we know what technology our application ...

Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Kali Linux Web Penetration Testing Cookbook by Gilberto Nájera-Gutiérrez

Using OWASP ZAP to scan for vulnerabilities

Getting ready

How to do it...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly