⚡Zap

https://www.zaproxy.org/docs/

Automated Web Site Scan

• put textbox URL to attack -> http://testphp.vulnweb.com

• check use traditional spider

• click on attack button

After scan, clicking on the Spider section we can see all URL/path of web site scanned.

While, clicking on the Alerts sections we ca see the vulnerabilities that're found and theirs relative methods (POST or GET):

• Absence of Anti-CSRF;

• SQL Injection.

ZAP – Documentationwww.zaproxy.org

Additional References:

Ethical-Hacking-Labs/10-Session-Hijacking/1-Using-ZAP.md at master · Samsar4/Ethical-Hacking-LabsGitHub

Using ZAP