ZAP - Backup files scanning
589 views
Skip to first unread message
Ionathan Noblins
Oct 13, 2015, 9:37:00 AM10/13/15
to OWASP ZAP User Group
Hi,
I seem unable to determine whether ZAP's activescan capabilities include the automated search for backup files: the Internet provides me with conflicting views.
Please find more details on Stackoverflow:
I seem unable to determine whether ZAP's activescan capabilities include the automated search for backup files: the Internet provides me with conflicting views.
Please find more details on Stackoverflow:
http://stackoverflow.com/questions/33103911/zap-backup-files-scanning
Is backup files scanning bundled with ZAP? If yes, how?
Thanks in advance,
Ioni
Simon Bennetts
Oct 13, 2015, 9:44:44 AM10/13/15
to OWASP ZAP User Group
You have a few options:
- Install the Beta Active Scan rules, which includes a Backup File Disclosure rule
- Install the community-scripts and use the gof_lite.js script
- Use the Force Browse option
You _could_ also fuzz for them, but thats probably not so useful.
Anything else I've missed?
Cheers,
Simon
Ionathan Noblins
Oct 13, 2015, 10:59:46 AM10/13/15
to zaprox...@googlegroups.com
Hi,
Thanks a lot for your quick answer: I went for the Beta Active Scan rules :)--
Ionathan
PS: even after being pointed to the resource, I searched for the rule for a while. I assumed it was hosted on GitHub with the zapextensions wiki, before having the idea to look for it on SourceForge. Maybe the add-ons' actual location could be explicitly stated at the top of the page you directed me to.
--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/2iNDOcPMWvg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
thc...@gmail.com
Oct 13, 2015, 11:26:30 AM10/13/15
to zaprox...@googlegroups.com
Hi.
ZAP no longer uses SourceForge, the add-ons are in GitHub
zap-extensions' "Releases" page:
https://github.com/zaproxy/zap-extensions/releases
Although you can also install them from within ZAP with the marketplace:
https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsManageaddons#marketplace
Best regards.
On 13/10/15 15:59, Ionathan Noblins wrote:
> Hi,
>
> Thanks a lot for your quick answer: I went for the Beta Active Scan rules :)
>
> --
> Ionathan
>
> PS: even after being pointed to the resource, I searched for the rule
> for a while. I assumed it was hosted on GitHub with the /zapextensions
> /wiki, before having the idea to look for it on SourceForge. Maybe the
> <https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsAscanrulesBetaAscanbeta>,
> <https://github.com/zaproxy/community-scripts/blob/master/active/gof_lite.js>
> script
> * Use the Force Browse
> <https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsBruteforceConcepts>
> --
> You received this message because you are subscribed to the Google
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
ZAP no longer uses SourceForge, the add-ons are in GitHub
zap-extensions' "Releases" page:
https://github.com/zaproxy/zap-extensions/releases
Although you can also install them from within ZAP with the marketplace:
https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsManageaddons#marketplace
Best regards.
On 13/10/15 15:59, Ionathan Noblins wrote:
> Hi,
>
> Thanks a lot for your quick answer: I went for the Beta Active Scan rules :)
>
> --
> Ionathan
>
> PS: even after being pointed to the resource, I searched for the rule
> /wiki, before having the idea to look for it on SourceForge. Maybe the
> add-ons' actual location could be explicitly stated at the top of the
> page you directed me to.
>
> On Tue, Oct 13, 2015 at 3:44 PM, Simon Bennetts <psi...@gmail.com
> <mailto:psi...@gmail.com>> wrote:
>
> You have a few options:
>
> * Install the Beta Active Scan rules
> page you directed me to.
>
> On Tue, Oct 13, 2015 at 3:44 PM, Simon Bennetts <psi...@gmail.com
> <mailto:psi...@gmail.com>> wrote:
>
> You have a few options:
>
> <https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsAscanrulesBetaAscanbeta>,
> which includes a Backup File Disclosure rule
> * Install the community-scripts and use the gof_lite.js
> <https://github.com/zaproxy/community-scripts/blob/master/active/gof_lite.js>
> script
> * Use the Force Browse
> <https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsBruteforceConcepts>
> option
>
> You _could_ also fuzz for them, but thats probably not so useful.
>
>
> Anything else I've missed?
>
>
> Cheers,
>
>
> Simon
>
>
> On Tuesday, 13 October 2015 14:37:00 UTC+1, Ionathan Noblins wrote:
>
> Hi,
>
> I seem unable to determine whether ZAP's /activescan/
>
> You _could_ also fuzz for them, but thats probably not so useful.
>
>
> Anything else I've missed?
>
>
> Cheers,
>
>
> Simon
>
>
> On Tuesday, 13 October 2015 14:37:00 UTC+1, Ionathan Noblins wrote:
>
> Hi,
>
> capabilities include the automated search for backup files: the
> Internet provides me with conflicting views.
>
> Please find more details on Stackoverflow:
>
> http://stackoverflow.com/questions/33103911/zap-backup-files-scanning
>
>
> Is backup files scanning bundled with ZAP? If yes, how?
> Thanks in advance,
> Ioni
>
> --
> You received this message because you are subscribed to a topic in
> the Google Groups "OWASP ZAP User Group" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/zaproxy-users/2iNDOcPMWvg/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> Internet provides me with conflicting views.
>
> Please find more details on Stackoverflow:
>
> http://stackoverflow.com/questions/33103911/zap-backup-files-scanning
>
>
> Is backup files scanning bundled with ZAP? If yes, how?
> Thanks in advance,
> Ioni
>
> --
> You received this message because you are subscribed to a topic in
> the Google Groups "OWASP ZAP User Group" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/zaproxy-users/2iNDOcPMWvg/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> zaproxy-user...@googlegroups.com
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
Reply all
Reply to author
Forward
0 new messages