HelpAddonsBruteforceConcepts
ZAP allows you to try to discover directories and files using forced browsing. A set of files are provided which contain a large number of file and directory names. ZAP attempts to directly access all of the files and directories listed in the selected file directly rather than relying on finding links to them.
Forced Browse is configured using the Options Forced Browse screen.
This functionality is based on code from the OWASP DirBuster project.
| Forced Browse tab | ||
| Sites tab | 'Attack/Forced Browse site' right click menu item | |
| Sites tab | 'Attack/Forced Browse directory' right click menu item | |
| Sites tab | 'Attack/Forced Browse directory (and children)' right click menu item |
| http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project | OWASP DirBuster homepage |
-
ZAP User Guide
- Introduction
-
Getting Started
- Configuring proxies
-
Features
- Active Scan
- Add-ons
- Alerts
- Anti CSRF Tokens
- API
- Authentication
- Break Points
- Callbacks
- Contexts
- Data Driven Content
- Filters
- Globally Excluded URLs
- HTTP Sessions
- Man-in-the-middle Proxy
- Modes
- Notes
- Passive Scan
- Scan Policies
- Scope
- Session Management
- Spider
- Statistics
- Structural Modifiers
- Structural Parameters
- Tags
- Users
- Scanner Rules
- A Simple Penetration Test
-
The User Interface
- Overview
- The Top Level Menu
- The Top Level Toolbar
- The Tabs
-
The Dialogs
- Active Scan
- Add Alert
- Add Break Point
- Add Note
- Encode/Decode/Hash
- Filter
- Find
- History Filter
- Manual Request Editor
- Manage Add-ons
- Manage Tags
-
Options
- Active Scan
- Active Scan Input Vectors
- Alerts
- Anti CSRF Tokens
- API
- Breakpoints
- Callback Address
- Certificate
- Check for Updates
- Connection
- Database
- Display
- Dynamic SSL Certificates
- Extensions
- Global Exclude URL
- HTTP Sessions
- JVM
- Keyboard
- Language
- Local Proxies
- Passive Scan Rules
- Passive Scan Tags
- Passive Scanner
- Rule Configuration
- Scripts
- Search
- Spider
- Statistics
- Persist Session
- Resend
- Scan Policy Manager
- Scan Progress
- Session
- Spider
- The Footer
- Command Line
- Add Ons
- Releases
- Paros Proxy
- Credits
