Small white diary 32:kali Penetration testing Web penetration-scanning tool-qwasp_zap

Scan Tool-qwasp_zap

One of the top ten security tools, integrated tools, fully functional, and Powerful. Both active scanning and truncation agent can be done. Open source free cross-platform, easy to use, experience relative confusion, but in the active scanning aspect, relatively dominant. "kali integration"

# # #建议选择第二项

# # #注意检查更新

Updates and plug-in installation

Install Plug-ins release and beta "release: mature beta: beta alpha: immature version"

Truncate agent "combined with manual crawl"

By default, the agent function starts from

1. Start the browser agent

2.

2. Active scanning

one, Fast Crawl Scan

second, the direct scan crawled content

A Web page that is to be authenticated for access cannot be scanned and requires an authentication configuration

Fuzz

Two

Results analysis:

1, Check the code "ok" () if 302, it is redirected

2. See if size resp.header is different

Brute Force Hack:

API function "program interface"

~http:/zap/"agent has pointed to owasp_zap"

3. How to use

0. Persist Session

1. Four modes mode----safe<protect<standard<attack "carefully Select Scan mode"

2, Upgrade Add-ons

3. Scan Profile (scanning Strategy)

Right-click attack->active Scan

Custom Scan Policies

4, Anti CSRF Tokens "some sites in order to prevent CSRF attacks, each randomly generated Tokens"

5. When the HTTPS website is scanned, a certificate error occurs, and the SSL certificate is imported, the error will not Occur.

6, scope/contexts (range)/filter

#Scope scan with the same policy (context Included)

#Contexts

7. Http sessions--default Session Tokens & Site session tokens

Session Properties #使用默认Manual已能满足大多数, Failure to consider the following

#使用表单进行身份认证

#脚本认证Script, you have to write your own script "script template"

#默认情况下, only specify the name of the session, you must manually add another session "such As: security"

#显示http Session Tab

#用于使用不同用户登录审计 to determine if there is any authority

8, Note/tag "add A variety of labels, easy to audit"

9. Passive Scan

############################################################################################

#实时截断 "note truncation time, need to be quick"

# #返回的结果也会拦截

#显示隐藏域

# # #隐藏域在客户端是为了降低客户端对服务端的请求过程 to improve speed and user Experience. If the data is not inspected or inspected by the server, price modification and malicious code injection are Possible.

#被动扫描规则

#爬网域值

############################################################################################

Scan Standard Process

Set up Proxy

Crawl manually

Automatic crawling

#强制浏览web服务器 "it's possible to find some web directories"

#强制目录浏览, forcing directories and subdirectories to crawl "have their own dictionaries"

Proactively scan "active scan"

Small white diary 32:kali Penetration testing Web penetration-scanning tool-qwasp_zap