An AJAX Spider comes integrated with OWASP ZAP. It uses a simple methodology where it follows all of the links that it can find through a browser, even the ones generated by the client-side code, which helps it effectively spider a wide range of applications.

The AJAX Spider can be invoked from the Attack menu, as shown in the following screenshot:

Next, there are parameters to configure before the Spider starts the crawling process. You can select the web browser to be used by the plugin. In the Options tab, you can also define the number of browser windows to open, crawl depth, and the number of threads. Be careful ...

Get Web Penetration Testing with Kali Linux - Third Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.