Problem scenario
You want to install OWASP ZAP (aka Open Web Application Security Project's Zed Attack Proxy). You want to test it out. How do you do this on Linux?
Solution
Note: It is advisable to only install ZAP on OSes that have JREs that have up-to-date patches with regular maintenance. If you need assistance installing the JRE, see this posting.
Procedures
- Gain access to a Linux server with a desktop GUI. If you need assistance with this, see this posting.
- Open a terminal. Run this:
curl -Ls https://github.com/zaproxy/zaproxy/releases/download/v2.9.0/ZAP_2.9.0_Linux.tar.gz > /tmp/ZAP_2.9.0_Linux.tar.gz cd /tmp
tar -zxvf ZAP_2.9.0_Linux.tar.gz
sudo mv /tmp/ZAP_2.9.0 /opt/
cd /opt
bash zap.sh- Now a GUI pop up should appear.
- Choose "Yes" to the question about persist.
- In the "Manage Add-ons" section, click "Update All".
- In a new Session window, click on the "Sites" tab.
- In the "Sites" tab click on "Sites" underneath "Contexts."
- Click on the "Spider" tab.
- Click on the "Ne…" (or "New Spider" button).
- Enter a URL to test. Only test URLs you are in control of (e.g., you own web server).
- Click "Start Scan".