![]() Step 4 − Enter URL of the testing web at “URL to attack” → click “Attack”.Īfter the scan is completed, on the top left panel you will see all the crawled sites. Step 3 − Choose one of the Options from as shown in the following screenshot and click “Start”.įollowing web is metasploitable with IP :192.168.1.101 Step 1 − To open ZapProxy, go to Applications → 03-Web Application Analysis → owaspzap. ZAP-OWASP Zed Attack Proxy is an easy-to-use integrated penetration testing tool for finding vulnerabilities in web applications. If you click it, you will see all the details of the vulnerabilities on the right panel such as “Request”, ”Discussion”, ”Impact”, and ”Remediation”. Step 9 − After the scan is completed, on the left down panel you can see all the findings, that are categorized according to the severity. The scan will continue as shown in the following screenshot. Step 8 − If the following table pops up, click “Yes”. Step 6 − Click “Next” again in the following screenshot. Step 5 − Check all the boxes of the modules you want to be controlled. In this case, it is metasploitable machine → click “ Next”. Step 4 − Enter the webpage URL that will be scanned. Step 3 − To start a scan, click “+” sign. Step 2 − If you don’t see an application in the path, type the following command. Step 1 − To open Vega go to Applications → 03-Web Application Analysis → Vega Vega can be extended using a powerful API in the language of the web: JavaScript. ![]() Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. ![]() It is written in Java, GUI based, and runs on Linux, OS X, and Windows. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. Vega is a free and open source scanner and testing platform to test the security of web applications. ![]() In this chapter, we will learn about website penetration testing offered by Kali Linux. ![]()
0 Comments
Leave a Reply. |