Penetration Testing Lab (4 Part Series)
Days ago I wrote about Kali Linux installation on AWS.
Now let's try and have some scans running with OWASP ZAP ⚡.
I'm running Kali on AWS so I want to connect to the instance using SSH.
I have the
.pem file, so I need to run just few commands.
sudo chmod 400 kali.pem ssh -i kali.pem ec2-user@your-public-dns
For Windows users there is a good article - Connecting to your Linux instance from Windows using PuTTY
I expected to have
zaproxy preinstalled, but no. So, let's install it. Though I've installed the 2019.4 version of Kali.
Let's run the command and get the
sudo apt-get update && sudo apt-get install zaproxy
Hopefully you've completed the installation successfully.
If you run the command
zaproxy, you should probably see output like this:
Found Java version 11.0.5 Available memory: 982 MB Using JVM args: -Xmx245m 0 [main] INFO org.zaproxy.zap.GuiBootstrap - OWASP ZAP 2.9.0 started 30/05/2020, 14:57:21 with home /home/ec2-user/.ZAP/ 2 [main] FATAL org.zaproxy.zap.GuiBootstrap - ZAP GUI is not supported on a headless environment. Run ZAP inline or in daemon mode, use -help command line argument for more details. ZAP GUI is not supported on a headless environment. Run ZAP inline or in daemon mode, use -help command line argument for more details.
We're using zap on a headless environment, so let's figure out how to use this tool in command line.
For some reason
zaproxy -cmd -help command didn't work for me, so I had to figure out another way to run the tool.
whereis zaproxy command shows us the following output
zaproxy: /usr/bin/zaproxy /usr/share/zaproxy.
We're looking for
zap.sh file located at
/usr/share/zaproxy directory. Windows users should look for
You can simply run it with
bash /usr/share/zaproxy/zap.sh command.
If you're too lazy to type as many characters, then you can make an alias
To do that, we need to perform few simple steps and edit the
- Open the
.bashrcfile using vim or nano -
- Add the following code to the end of file -
alias zap="bash /usr/share/zaproxy/zap.sh"
- Save the file and quit
source ~/.bashrcto apply changes, otherwise you need to log out and log in again
As you can see I'm using version 2.9.0.
If your output is similar to mine, then we're done here! 🚀
Now we are ready to execute our first scan. Simply, run the following command:
zap -cmd -quickurl http://example.com -quickprogress -quickout ~/out.xml
Replace the "example.com" with whatever host you want to scan.
Here is my console output:
ec2-user@kali:~$ zap -cmd -quickurl http://example.com -quickprogress -quickout ~/out.xml Found Java version 11.0.5 Available memory: 982 MB Using JVM args: -Xmx245m Accessing URL Using traditional spider Active scanning [====================] 100% Attack complete Writing results to /home/ec2-user/out.xml
So, we just ran an attack on
example.com host and got the output in XML format - the out.xml file located in
Good start. But there is a one problem - I don't want output to be in XML format. I want PDF!
ZAP allows us to install add-ons by their ID. Let's install the add-on:
zap -cmd -addoninstall exportreport
In the next post I want to figure out the usage of Export Report add-on.
In the end I want to have scheduled scans running automatically and generating me nice PDF reports.
Have a great day! ☀️