OWASP ZAP – add-ons that will enrich your discovery

In this article i will refer to number of add-ons that i think may help enrich the vulnerability discovery and also give a clear understanding about the system under test.

First of all what is OWASP ZAP?

Zap is a famous open source automated pen testing tool , created and maintained by the OWASP community. Pen testing is mostly on the application level , but you can extend the testing to cover things like open ports as an example.

I will list some add-ons that enrich the testing capabilities and you may find it useful.

  1. Wappalyzer – Technology Detection :

    This add-on can gather information about the system used technology like the application server , used frameworks , hosting service and also the OS used.

As shown above , this add-on can give you an overview about the used technologies on the system under test.

2. Port Scanner

This add-on can gather information about the open ports on the destination application/ web server , this will help you close all unnecessary ports to eliminate attacks.

3. FuzzDB Files

In Zap you have the ability to fuzz a parameter and with Fuzz here i mean to replace a parameter value with lots of patterns to test things like SQL Injection , XSS , OS Injection and more patterns that help you discover more vulnerabilities.

Fuzz DB files provide you with lots of patterns categorized by the test type as the following screen shots.

In the following example , i used the fuzzDB XSS patterns to exploit a vulnerable search field , and here are the results.

That’s for today 🙂 , hope you find it useful.

Please share your tips, experience, comments, and questions for further enriching this topic of discussion.

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: