Scan website using ZAP
From Notes_Wiki
<yambe:breadcrumb self="Scan website using ZAP">Website Penetration Testing using Kali|Website Penetration Testing</yambe:breadcrumb>
Scan website using ZAP
ZAP scans website after crawling other links and checks each page for vulnerability. To Scan website using ZAP use:
- Boot Kali Linux and login into GUI
- Go to "Web Application Analysis" -> "Zap" menu
- After starting Zap choose "No I do not want to persist this session" option
- Go to "Quick start" -> "Automated scan"
- Enter the URL and start attack
- After a while stop scan
- Go to File -> Persistent session. If there are any active tasks you might get warning whether to cancel them or not.
- Optionally save the session with desired name for future
- If there are no active tasks left, Go to Report -> "Generate HTML Report" to get useful scan report as part of scan
Refer: