Finds common vulnerabilities which affect web applications: SQL Injection, XSS, OS Comand Injection, Directory Traversal and others. The scanner also identifies specific web server configuration issues.
The online scanner identifies SQL injection vulnerabilities found in web applications by crawling and performing a deep inspection of web pages and parameters. Find below useful examples in which you can use the SQL Injection scanner powered by OWASP ZAP.
Knowing which network services are exposed to the Internet is essential for securing the network perimeter of a company. With a Nmap portscan you can easily obtain a quick view of the network attack surface that includes all open TCP ports and services.
The tool scans a range of IP addresses for network services that require authentication (ex. HTTP web forms, SSH, FTP, MYSQL, etc) and detects weak credentials by trying to login using a set of common usernames and passwords
This tool attempts to identify servers vulnerable to the OpenSSL Heartbleed vulnerability (CVE-2014-0160). When such a server is discovered, the tool also provides a memory dump from the affected server.
This is a useful pentest utility which logs all the HTTP/S requests received on a certain handler URL: source IP, User Agent, URL parameters, timestamp, etc. This allows you to easily create Proof of Concepts in order to demonstrate vulnerabilities such as XSS, data exfiltration or to do social engineering.