Using ZAP's spider

Downloading a full site to a directory in our computer leaves us with a static copy of the information; this means that we have the output produced by different requests, but we neither have such requests nor the response states of the server. To have a record of that information, we have spiders, such as the one integrated in OWASP ZAP.

In this recipe, we will use ZAP's spider to crawl a directory in our vulnerable_vm and will check on the information it captures.

Getting ready

For this recipe, we need to have the vulnerable_vm and OWASP ZAP running, and the browser should be configured to use ZAP as proxy. This can be done by following the instructions given in the Finding files and folders with ZAP recipe in the previous chapter. ...

Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Kali Linux Web Penetration Testing Cookbook by Gilberto Nájera-Gutiérrez

Using ZAP's spider

Getting ready

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly