Basics of ZAP web pentesting tool
An alternative to Burp, ZAP is open source and has a couple or advantages:
- Automated Web Application Scan: This will automatically passively and actively scan a web application, build a sitemap, and discover vulnerabilities. This is a paid feature in Burp.
- Web Spidering: You can passively build a website map with Spidering. This is a paid feature in Burp.
- Unthrottled Intruder: You can bruteforce login pages within OWASP as fast as your machine and the web-server can handle. This is a paid feature in Burp.
- No need to forward individual requests through Burp: When doing manual attacks, having to change windows to send a request through the browser, and then forward in burp, can be tedious. OWASP handles both and you can just browse the site and OWASP will intercept automatically. This is NOT a feature in Burp.
Per TryHackMe.
How to perform an automated scan
Setting URL to attack and attacking with either or both traditional spider and ajax spider, we can get a site map created of our victim.
Brute-force Directories
Similar to dirb, dirbuster, and Gobuster we can use ZAP to find hidden directories with a suppied wordlist
Brute-force credentials
We then add wordlist and can brute force similarly to Burp.
