Thursday, August 20, 2015

HOWTO : ZAP on Ubuntu 14.04 LTS

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.


Install

sudo apt-get install default-jre unzip

cd ~
mkdir arsenal
cd arsenal

wget https://github.com/zaproxy/zaproxy/releases/download/w2015-08-12/ZAP_WEEKLY_D-2015-08-12.zip
unzip ZAP_WEEKLY_D-2015-08-12.zip
rm ZAP_WEEKLY_D-2015-08-12.zip
cd ZAP_D-2015-08-12
./zap.sh



* ZAP_WEEKLY_D-2015-08-12.zip as example.
* ZAP Team generate weekly releases of ZAP from the trunk, typically every Monday.
These are just intended for people who want to use all of the features we've added since the last 'full' release but dont want the hassle of building ZAP from the source code.
While we endeavor to ensure that weekly releases are robust, things may be broken or only partially implemented.


Update/Upgrade

sudo apt-get update
sudo apt-get dist-upgrade


cd ~/arsenal/

Go to Download to download ZAP Weekly and repeat the procedure of "Install" previously mentioned.


Reference

Wiki

Video


That's all! See you.