⚡Zap

https://www.zaproxy.org/docs/

Automated Web Site Scan

• put textbox URL to attack -> http://testphp.vulnweb.com

• check use traditional spider

• click on attack button

After scan, clicking on the Spider section we can see all URL/path of web site scanned.

While, clicking on the Alerts sections we ca see the vulnerabilities that're found and theirs relative methods (POST or GET):

• Absence of Anti-CSRF;

• SQL Injection.

OWASP ZAP – Documentation

Additional References:

https://github.com/Samsar4/Ethical-Hacking-Labs/blob/master/10-Session-Hijacking/1-Using-ZAP.md

Using ZAP