Back

ZAP Send to Any tools(My Applicaiton settings, Send to Burpsuite and Other tools)

Hi friends?! I shared the applications settings in ZAP yesterday(https://www.hahwul.com/2019/07/easy-security-testing-with-applications-bridge-in-zap.html). I’m going to share some of the settings that I was writing separately today.

Let’s get started, my go-to settings :)

ZAP Send to Any tools

Send to burp scan(2.0)

Full Command: /usr/local/bin/curl
Parameters: -i -k 127.0.0.1:1337 -X POST -d '{"urls":["%url%"]}' -H 'Content-Type: application/json;'

Add scan burp (https://www.hahwul.com/2018/09/burp-suite-rest-api-burp-2.0.html)

POST /scan HTTP/1.1
Host: 127.0.0.1:1337

{
  "urls":["https://www.hahwul.com"]
}

Send to SQLMap

SQLMAP(GET)

Full Command: /usr/local/bin/sqlmap
Parameters: --dbs --no-cast --random-agent -u %url% --cookie %cookie%

SQLMAP(POST)

Full Command: /usr/local/bin/sqlmap
Parameters: --dbs --no-cast --random-agent -u %url% --cookie=%cookie% --data=%postdata%

Send to A2SV

Full Command: /usr/local/bin/a2sv
Parameters: -t %host% -p %port%

Send to ddp(dotdotpwn)

Full Command: /Users/hahwul/HAHWUL/tool/dotdotpwn/dotdotpwn.pl
Parameters: -m http-url -h %host% -u %url% -k "root:"

e.g

https://127.0.0.1/lib/file_download.asp?FilePath=TRAVERSAL

Send to Arachni

arachni

Full Command: /usr/local/bin/arachni-cli
Parameters: --output-verbose --scope-include-subdomains %url%

arachni (only xss)

Full Command: /usr/local/bin/arachni-cli
Parameters: %url% --checks=xss*

Send to Arjun

GET

Full Command: python3 arjun.py
Parameters: -u %url% --get --headers "Cookie: %cookie%"

POST

Full Command: python3 arjun.py
Parameters: -u %url% --post --headers "Cookie: %cookie%"

My Private Setting?

Secret :P / https://media.giphy.com/media/akbme2WYZCNLW/giphy.gif
Licensed under CC BY-NC-SA 4.0
Last updated on Jul 10, 2021 01:05 +0900