O'Reilly logo

Kali Linux Web Penetration Testing Cookbook by Gilberto Nájera-Gutiérrez

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Finding files and folders with ZAP

OWASP ZAP (Zed Attack Proxy) is a very versatile tool for web security testing. It has a proxy, passive and active vulnerability scanners, fuzzer, spider, HTTP request sender, and some other interesting features. In this recipe, we will use the recently added "Forced Browse", which is the implementation of DirBuster inside ZAP.

Getting ready

For this recipe to work, we need to use ZAP as a proxy for our web browser:

  1. Start OWASP ZAP and, from the application's menu, navigate to: Applications | Kali Linux | Web Applications | Web Application Fuzzers | owasp-zap.
  2. In Mantra or Iceweasel, go to the main menu and navigate to Preferences | Advanced | Network, in Connection click on Settings…
  3. Chose a Manual proxy configuration ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required