Ethical Hacking Institute Course in Pune-India
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

OWASP-ZAP is a Graphical user interface tool for finding vulnerabilities in web applications.It is completely free and open source.ZAP is an easy to use tool because of it’s GUI,it is used by beginners as well as professionals. When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including traffic using https.

It is highly efficient tool not only for pen-testers also for web developers.It finds all possible vulnerabilities in your web applications. Like Sql Injection and xss vulnerability etc.

Disclaimer – Our tutorials are designed to aid aspiring pen testers/security enthusiasts in learning new skills, we only recommend that you test this tutorial on a system that belongs to YOU. We do not accept responsibility for anyone who thinks it’s a good idea to try to use this to attempt to hack systems that do not belong to you

It can be used to create automated security tests.it has wide variety of tools.

  • Free and open source.There is no pro version
  • Intercepting proxy.Zap configure your browser to proxy through zap in that way zap sees all the requests and responses.
  • Easy to use.
  • Active and scanner.
  • Spider: crawls the pages that are hidden to you.
  • Zap can brutforce directories.

Now let’s do some real work so open your terminal and type:

root@kali:~# owasp-zap

Enter url and click on attack.Wait for few minutes untill scan finishes.

o

You can check for sent requests and responses in the tabs.

o2

When your Scan is finished go to the alert tab.All the vulnerabilities will be listed under alert tab.

o3

As you can see from the scan we have found some dangerous vulnerabilities specially sql injection and xss.

Now click on first vulnerability cross site scripting(reflected) On the left side there are various other details: risk high means that chances are high to exploit website with xss attack. website can be attacked with xss.

o4

Generate reports

Owasp-zap allows us to save the results into various formats like html , xml etc.

o5

 

www.extremehacking.org
Cyber Suraksha AbhiyanCEHv9, CHFI, ECSAv9, CAST, ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNECertified Ethical Hacking,Center For Advanced Security Training in India, ceh v9 course in Pune-India, ceh certification in pune-India, ceh v9 training in Pune-IndiaEthical Hacking Course in Pune-India