Hello

I am Aaditya Purani, and i am going to introduce you all and provide you some knowledge about OWASP ZAP.

Today let’s take a look at quick and easy website vulnerability checks with the OWASP Zed Attack Proxy, or “OWASP ZAP” for short.(Note : I am testing on my own Machine)

I am Using Kali Linux OS for this tutorial, OWASP ZAP is inbuilt in KALI LINUX

So i will provide you the steps according to it.

1. First click on IFCONFIG

2. Start Kali Linux, which will boot to the graphical user interface.

3. Start OWASP ZAP:

In the Kali Linux menu, you can find OWASP ZAP in the top ten security menu (If it is not there, update to the latest version of Kali):

OWASP ZAP will open to the main menu.

4. Now, simple input the Metasploitable system’s IP address (192.168.1.133 in my case) into the ‘URL to attack’ box and select, “Attack”:

That’s it, OWASP ZAP will then begin to spider the website:

It will also list any security issues it finds and place them under the “Alerts” tab. Clicking on the tab will show the following alerts:

Wow, that is a lot of alerts! Each folder contains different types of security issues. For this tutorial, let’s just check out the “Path Traversal” folder.

Click to expand it.

Go ahead and click on the very first alert:

On the right side you will see an explanation of the issue:

When you open that link. you would be shown

root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh dhcp:x:101:102::/nonexistent:/bin/false syslog:x:102:103::/home/syslog:/bin/false klog:x:103:104::/home/klog:/bin/false sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin msfadmin:x:1000:1000:msfadmin,,,:/home/msfadmin:/bin/bash bind:x:105:113::/var/cache/bind:/bin/false postfix:x:106:115::/var/spool/postfix:/bin/false ftp:x:107:65534::/home/ftp:/bin/false postgres:x:108:117:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash mysql:x:109:118:MySQL Server,,,:/var/lib/mysql:/bin/false tomcat55:x:110:65534::/usr/share/tomcat5.5:/bin/false distccd:x:111:65534::/:/bin/false user:x:1001:1001:just a user,111,,:/home/user:/bin/bash service:x:1002:1002:,,,:/home/service:/bin/bash telnetd:x:112:120::/nonexistent:/bin/false proftpd:x:113:65534::/var/run/proftpd:/bin/false statd:x:114:65534::/var/lib/nfs:/bin/false snmp:x:115:65534::/var/lib/snmp:/bin/false

The contents of the Linux password file – Obviously not something you want displayed on your webpage!

 

So this is how you use OWASP ZAP for full scanning. More OWASP regarding fuzzing are coming soon