Tag: buttons

Business

Nessus – Free Security Scanner

Overview Nessus is a proprietary vulnerability scanner developed by Tenable. It is a free security scanner that can assess the modern attack surface and find vulnerabilities. It also uses the CVE architecture for easy cross-linking between compliant security tools. Nessus has multiple scanning options such as: Hosts discovery Basic network scan  Web application scan Advance Scan Malware Scan etc In this article, we will discuss how to install and use Nessus. We will also discuss its configurations and automation abilities. Nessus Installation (Kali Linux) Nessus is compatible with Linux and Windows Operating systems. This installation guide will be done on a Kali Linux machine. To use Nessus, you need an activation code. This can be acqu...
Business

Optimizing ZAP Scan

Overview Is your ZAP scan taking hours to complete? Maybe even a day to two? Not everyone has the luxury to wait for a 24hr ZAP scan to complete. This is the problem many people face and is what we will be tackling. In this article, we will discuss the variables that affect the duration of the scan and optimise zap scans. Optimise Zap Scans - What Affects a ZAP Scan? Server Hardware and network are one factor that affects the speed of a ZAP scan. So you could get better equipment, but the target equipment is also another factor that we can't control. Thus, let's focus on the configuration of the ZAP application itself. When running an automated scan, there are 2 things that occur, the spidering (which is also part of the passive scan) and the active scan. Each of these co...
Business

How to Automate OWASP ZAP – Automation Framework

In a penetration test, there are vulnerabilities, exploits and misconfiguration to find, which requires a lot of time to test for. But, we can solve this easily and efficiently with the help of automation. With the ZAP application, there are many ways to automate ZAP, such as using the command line, APIs or a docker package. In this article, we will be focusing on the Automation Framework provided by ZAP, as it is a feature that is already part of the ZAP application and is also the easiest way to automate ZAP. How to use the ZAP Automation Frameworks? ZAP Automation Framework from the GUI The Automation framework should already be part of the ZAP application. However, if this is not the case, you can install it from the ZAP Marketplace. To use the automation framew...
Business

How to use OWASP ZAP – Open Source Vulnerability Scanner

Overview OWASP ZAP is an open-source web application vulnerability scanner that runs on Java11+. It has features such as spidering, passive scanning, active scanning, fuzzing, automation, API and more. ZAP is available on operating systems such as Windows, Linux, Mac and cross platforms. You can download ZAP from here. If you are using Kali Linux, it comes preinstalled. In this article, we will discuss how to use ZAP, its features and results to take note of. How to use ZAP ZAP can be executed through the Automated Scan or the Manual Explore option. Automated Scan This method is an automatic scan. It is the main feature of ZAP. First, enter the URL to attack, and select a spider to use (traditional or ajax). Next, click attack and let it run to comp...
Business

Wappalyzer – Website Technology Identifier

Overview In the information-gathering stage of penetration testing, we must know the technologies used by the target so that we can plan our attacks. One tool that can help with this is Wappalyzer, a website technology identifier. Wappalyzer is a tool that identifies technologies used on a website, such as CMS, web frameworks, eCommerce platforms, JavaScript libraries, analytics tools and more. It is also fast and easy to use. Wappalyzer is a free tool but more advanced services like access to their API require a monthly subscription. Fortunately, Wappalyzer is an open-source project, so you download their code from their GitHub. How to use Wappalyzer Wappalyzer lookup The simplest way to use Wappalyzer is through their website lookup page. Simply input the URL of...