OWASP ZAP

Fire Up Kali

Let's begin in the usual way—by firing up Kali. In this tutorial, I will be using Kali 2.0 as so many of you are now using it, although I still have my reservations. Earlier versions of Kali also have OWASP ZAP, so if you are using those, you can also follow this tutorial.

Start OWASP ZAP

If you want to start OWASP ZAP from the command line, you can simply type:

kali > owasp-zap

The first thing you will see is the license. Go ahead and accept the terms if you feel comfortable with them. This is a standard Apache license

If you don't have the zap installed in kali, Download it

Zed Attack Proxy - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

The OWASP ZAP Interface

When OWASP ZAP eventually opens, it should look like the screenshot below. This tool has many powerful features, but initially, we will only try out its "Attack" function in the large right-hand window. In this mode, OWASP ZAP aggressively goes to the website we designate and begins to look for vulnerabilities

Last updated