HOWTO : ZAP on Ubuntu 14.04 LTS

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.



It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.



ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.





Install



sudo apt-get install default-jre unzip



cd ~

mkdir arsenal

cd arsenal



wget https://github.com/zaproxy/zaproxy/releases/download/w2015-08-12/ZAP_WEEKLY_D-2015-08-12.zip

unzip ZAP_WEEKLY_D-2015-08-12.zip

rm ZAP_WEEKLY_D-2015-08-12.zip

cd ZAP_D-2015-08-12

./zap.sh





* ZAP_WEEKLY_D-2015-08-12.zip as example.

* ZAP Team generate weekly releases of ZAP from the trunk, typically every Monday.

These are just intended for people who want to use all of the features we've added since the last 'full' release but dont want the hassle of building ZAP from the source code.

While we endeavor to ensure that weekly releases are robust, things may be broken or only partially implemented.





Update/Upgrade



sudo apt-get update

sudo apt-get dist-upgrade



cd ~/arsenal/



Go to Download to download ZAP Weekly and repeat the procedure of "Install" previously mentioned.





Reference



Wiki



Video





That's all! See you.