How to Pen-Test without loosing reputation/credibility of ip-address, domain-name or ssl certificate
22 views
Skip to first unread message
Pedram Ganjeh Hadidi
Jun 4, 2026, 4:51:38 AMJun 4
to ZAP User Group
Short History/Background for my Question:
Once upon a time, as I was newbie to ZAP, I started to run Pen-Tests on my own bare matal server at home behind random ISP's router, where my web-server was connected to and reached by DynDNS.
The Nightmare began the next day, when at work (out of home) I wanted to reach my web apps: the FW+IDS+AV system at work die warn me about the "malicious ip address/domain-name" and did not let me visit any host/vhost on my server!
The Solution was a long and intensive time consuming process to get my domain-name and ip out of some FW/IDS/AV producer's databases!
Since then I start pen-tests on a kali notebook which cannot access WAN/Internet (prohibited by router + no gateway + no dns + all websites/apache-vhosts are registered with local ip adresses in hosts file + ...)
My Problem:
ZAP calls `zapCallBackUrl` while pen-tests but cannot reach the zap server.
My Questions:
Once upon a time, as I was newbie to ZAP, I started to run Pen-Tests on my own bare matal server at home behind random ISP's router, where my web-server was connected to and reached by DynDNS.
The Nightmare began the next day, when at work (out of home) I wanted to reach my web apps: the FW+IDS+AV system at work die warn me about the "malicious ip address/domain-name" and did not let me visit any host/vhost on my server!
The Solution was a long and intensive time consuming process to get my domain-name and ip out of some FW/IDS/AV producer's databases!
Since then I start pen-tests on a kali notebook which cannot access WAN/Internet (prohibited by router + no gateway + no dns + all websites/apache-vhosts are registered with local ip adresses in hosts file + ...)
My Problem:
ZAP calls `zapCallBackUrl` while pen-tests but cannot reach the zap server.
My Questions:
- Are there any other services/links which ZAP tries to connect to while pen-tests? If yes -> which?
- Does anyone have or know any to-do-list for doing pen-test from LAN without spoil the reputation of my domain-name (DynDNS), ip address and/or ssl cert?
- Is there anything else I should care about to have a thoroughly pen-test without ruin the mentioned reputations (in context of landing on FS/IDS/AV databases/black-lists)?
Thank you in advance and pardon me for my long letter.
Kind regards
Pedram G.H.
Kind regards
Pedram G.H.
Simon Bennetts
Jun 4, 2026, 11:35:43 AMJun 4
to ZAP User Group
Hiya Pedram,
Note that the BOAST service is no longer available, so you will need to use one of the other options.
Cheers,
Simon
Reply all
Reply to author
Forward
Message has been deleted
0 new messages