3. Why use Automated Tools
• Automated tools are predesigned tools in which we just have to run them.
• Automated penetration testing tools provide effective exploit libraries and processes to detect network, as
well as application vulnerabilities.
• Automated penetration testing tools have robust, high-quality exploits that are tested and proven; the tools
are also frequently augmented with additional exploits and ensure consistent results.
• One can focus on the process rather than having to experiment with exploits, thus saving time. Further, the
professional framework reduces the chances of testing false exploits over a particular application.
• Reports are automatically produced and are customizable.
6. SHODAN
• SHODAN (https://www.shodan.io/home) is a computer search engine designed by web developer John
Matherly
• Allows users to search for publicly connected internet devices that have been seen by Shodan
• Routers
• Servers
• Firewalls and other Security Devices
• SCADA or other Control Systems…
• This data can be searched for by IP/CIDR combo –
• Open ports seen by Shodan – Hostname, OS, Geo-Location, etc…
• Server Response
7. HOW SHODAN WORKS
• SHODAN interrogates ports and grabs the resulting banners, then indexes
the banners (rather than the web content) for searching
• Rather than to locate specific content on a particular search term,
SHODAN is designed to help the user find specific nodes (desktops,
servers, routers, switches, etc.) with specific content in their banners
8. BASIC OPERATIONS
• Search terms are entered into a text box (seen below)
• Basic Operations: Login
• Create and login using a SHODAN account; or
• Login using one of several other options (Google, Twitter, Yahoo, AOL,
Facebook, OpenID Login is not required, but country and net filters are
not available unless you login
• Export requires you to be logged in
9. SEARCH FILTERS
• Basic Operations: Filters
• country: filters results by two letter country code
• hostname: filters results by specified text in the hostname or domain
• net: filter results by a specific IP range or subnet
• os: search for specific operating systems
• port: narrow the search for specific services
10. Basic Operations: Country Filter
• Filtering by country can be
accomplished by clicking on the
country map (available from the
drop down menu)
• Mouse over a country for the
number of scanned hosts for a
particular country
12. Basic Operations: Net / OS Filters
• The net filter allows you to refine your searches by IP/CIDR notation
The OS filter allows you to refine searches by operating system
Find „iis-5.0‟ servers in the .edu domain
13. Basic Operations: Hostname Filter
• Search results can be filtered using any portion
of a hostname or domain name
15. INTRODUCTION
• An easy to use webapp pentest tool
• Completely free and open source
• OWASP Flagship project
• Ideal for beginners
• But also used by professionals
• Ideal for devs, esp. for automated security tests
16. OWASP ZAP
• The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular
free security tools and is actively maintained by hundreds of international
volunteers. It can help to automatically find security vulnerabilities in web
applications while developing and testing applications. Its also a great tool
for experienced pentesters to use for manual security testing.
• https://github.com/zaproxy/zaproxy
17. Some Statistics
• Released September 2010, fork of Paros
• V 2.3.1 released May 2014, > 40k downloads
• The most active OWASP Project
• Highest activity category on Open Hub
• 31 active developers
• Over 90 translators
• Being translated into over 20 languages
• Paros code ~ 20% ZAP code ~80%
18. ZAP Features
• Swing based UI for desktop mode
• Comprehensive REST(ish) API for daemon mode
• Plugin architecture (add-ons)
• Online ‘marketplace’ (all free:)
• Release, beta and alpha quality add-ons
• Traditional and ajax spiders
• Passive and active scanning
• Highly configurable, eg scan policies
• Highly scriptable
20. Conclusion
• ZAP is changing rapidly
• Its the most active O/S web appsec security tool
• Its great for people new to appsec and also for security pros
• If you dont know its capabilities, how can you know you're using the most
appropriate tool?
• Its a community based tool –so get involved