From the course: Ethical Hacking: Hacking Web Servers and Web Applications
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Scanning with ZAP
From the course: Ethical Hacking: Hacking Web Servers and Web Applications
Scanning with ZAP
- [Instructor] Burp Suite is a great tool for professionals. But to be able to run vulnerability tests requires the licensed version. Fortunately, Kali comes preloaded with the OWASP tool Zed Attack Proxy, or ZAP, which can do vulnerability scanning. Let's start it and see how we do a website scan looking for vulnerabilities. We start ZAP from the Application menu, Web Application Analysis. I'll accept the default of no persistence and we're at the main screen. Running a scan is simple with ZAP. We can click on the automated scan box in the right hand panel and enter our URL to be tested. I'll test the Metasploitable server which I have on 10.nort.2.23 and I'll start the attack. Let's click on the sites icon on the left and open the website folder. We can see the pages being scanned. ZAP is spidering the site in preparation to doing its main vulnerability scan. This also does some basic checks as it goes. If we…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.