You want to install OWASP ZAP (aka Open Web Application Security Project's Zed Attack Proxy). You want to test it out. How do you do this on Linux?
Note: It is advisable to only install ZAP on OSes that have JREs that have up-to-date patches with regular maintenance. If you need assistance installing the JRE, see this posting.
- Gain access to a Linux server with a desktop GUI. If you need assistance with this, see this posting.
- Open a terminal. Run this:
curl -Ls https://github.com/zaproxy/zaproxy/releases/download/v2.9.0/ZAP_2.9.0_Linux.tar.gz > /tmp/ZAP_2.9.0_Linux.tar.gz
tar -zxvf ZAP_2.9.0_Linux.tar.gz
sudo mv /tmp/ZAP_2.9.0 /opt/
- Now a GUI pop up should appear.
- Choose "Yes" to the question about persist.
- In the "Manage Add-ons" section, click "Update All".
- In a new Session window, click on the "Sites" tab.
- In the "Sites" tab click on "Sites" underneath "Contexts."
- Click on the "Spider" tab.
- Click on the "Ne…" (or "New Spider" button).
- Enter a URL to test. Only test URLs you are in control of (e.g., you own web server).
- Click "Start Scan".