Scribd
Upload
9 views

Automated Scanner tool

Uploaded by

Puja Basu
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
9 views

Automated Scanner tool

Uploaded by

Puja Basu
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

AUTOMATED SCANNER TOOL

Page 1 of 6
AUTOMATED SCANNER TOOL.
Automated Scanner tools widely uses in the field of cybersecurity and software
development to identify the security issues in the network, application, websites and
security compliances. Basically the tool automates the scanning code and run in such a way
that understand the security posture and find out potential risk.

LIST OF TOOLS AND THEIR TYPES

1. Web Application Scanner.

• OWASP ZED ATTACK PROXY ZAP: This is an open-source security tool to find
vulnerability in web application.

• BURPSUITE: This tool is widely used to test the security for the web
application that provides scanning and crawling capabilities.

2. Network Scanner.

• NMAP: This is an open-source too as well as very powerful tool, it helps to


discover network, audit network security and open ports as well as versions.

• Wireshark: This tool has a network protocol which allows users to interact
with network and capture the traffic which is running in a computer network.

3. Compliance Scanner.

• Nessus: This tool helps finding vulnerabilities and compliance security issues
and ensure compliance with various standards.

• OpenSCAP: A Security Content Automation Protocol (SCAP) toolkit that


provides set of security related functionality, including compliance checking.

There are various tools which is not mentioned in this document. However, you can search
on internet to get an idea about alternative tools as well as various types of tools and their
usage.

Page 2 of 6
OWASP ZED ATTACK PROXY ZAP
ZAP (ZED ATTACK PROXY) tool widely used by cybersecurity team and developers as
it helps to crawl the website data i.e., each and every page in website. It is helpful to
identify/discover the security issue in the website in testing phase as well as in development
phase.

GUIDE TO INSTALL ZAP IN KALI LINUX

1. Open Terminal:

• You can open terminal in linux by clicking on terminal icon OR you can open
by using keyboard shortcut Ctrl + Alt + T.

2. Install ZAP:

• Install the ZAP package by using the following command given below.

apt install zaproxy

3. Run ZAP:

• Run ZAP graphical user interface by following the below command.

Zaproxy

4. Selections When ZAP Starts:

• When ZAP starts, it opens a window with selection. i.e., you have to select
the option to proceed. So select the following option. Then click on start.

No, I don’t want to persist this session at this moment in time.

5. ZAP Desktop UI:

• Now the UI has been launched. You have to select the ‘Automated Scanner’
option, then enter the URL that you’ve to scan and start the attack. It will
take some time to crawl. However, it will provide you with results.

Page 3 of 6
SCREENSHOT OF INSTALLATION AND LIVE USAGE OF ZAP TOOL

SCREENSHOT: STEP 1 & 2

SCREENSHOT: STEP 3

SCREENSHOT: STEP 5

Page 4 of 6
SCREENSHOT: LIVE WEBSITE https://testphp.vulnweb.com

You can see in the above screenshot above “Automated Scan” headline there is a small report icon
which is highlighted. I’ve downloaded the report from that section and providing few sample
screenshots in this documentation for you reference.

SCREENSHOT OF TARGET REPORT

Page 5 of 6
SCREENSHOT OF TARGET REPORT

REFERENCES

https://www.kali.org/tools/zaproxy/

https://chat.openai.com/

https://www.google.com

Page 6 of 6

You might also like