In this Raspberry Pi network scanner project, we will be showing you how you can utilize a software package called Kismet. This project relies on the Kismet software that utilizes your network interfaces such as your WiFi adapter and your Bluetooth adapter to scan for all available devices across all available frequencies. A network scanner is one major tool for analyzing the hosts that are available on the network. A network scanner is an IP scanner that is used for scanning the networks that are connected to several computers. To get the list of the available hosts on a network, there are two basic methods – ICMP Echo Request. A Network Administrator was recently promoted to Chief Security Officer at a local university. One of employee's new responsibilities is to manage the implementation of an RFID card access system to a new server room on campus.
Docker image with OWASP Zed Attack Proxy preinstalled.
Note: -config api.addrs.addr.name=. opens the API up for connections from any other host, it is prudent to configure this more specifically for your network/setup. This first starts xvfb (X virtual frame buffer) which allows add-ons that use Selenium (like the Ajax Spider and DOM XSS scanner) to run in a headless environment.
Install Instructions:
For the stable release:
For the latest weekly release:
For the live release (built whenever the zaproxy project is changed):
For the bare release (a very small Docker image, contains only the necessary required dependencies to run ZAP, ideal for CI environments):
The Dockerfiles can be found here.
Healthcheck
The docker file now supports healthcheck. The check uses the zap-cli status
to check that ZAP completed loading. If you are running ZAP with port other than the default 8080
, you need to set the ZAP_PORT
environment variable. Otherwise, the healthcheck will fail.
Usage Instructions:
Packaged Scans:
All of the docker images provide a set of packaged scan scripts:
- Baseline Scan which runs the ZAP spider against the target for (by default) 1 minute followed by an optional ajax spider scan before reporting the results of the passive scanning.
- Full Scan which runs the ZAP spider against the target (by default with no time limit) followed by an optional ajax spider scan and then a full active scan before reporting the results.
- API Scan which performs an active scan against APIs defined by OpenAPI, or GraphQL (post 2.9.0) via either a local file or a URL.
In all cases the scans are tuned by:
- Disabling the Db recovery log
- Disabling all tags
- Reporting a maximum of 10 passive scan alert instances
The zap_tuned()
Scan Hook is called after these changes have been made so you can undo them or apply other changes at this point if you want.
GitHub Actions:
The following GitHub Actions wrap 2 of the above packaged scans and also support raising GitHub issues for potential vulnerabilities found:
For more details see the blog posts:
ZAP GUI in a Browser:
Yes, you can run the ZAP Desktop GUI in a browser. You can use it in just the same way as the Swing UI and can even proxy via it.See the Webswing page for details.
ZAP Headless:
You can also start the ZAP in headless mode with following command:
Note: -config api.addrs.addr.name=.*
opens the API up for connections from any other host, it is prudent to configure this more specifically for your network/setup.
ZAP Headless with xvfb:
You can start the ZAP in headless mode with xvfb following command:
Note: -config api.addrs.addr.name=.*
opens the API up for connections from any other host, it is prudent to configure this more specifically for your network/setup.
This first starts xvfb (X virtual frame buffer) which allows add-ons that use Selenium (like the Ajax Spider and DOM XSS scanner) to run in a headless environment. Firefox is also installed so can be used with these add-ons.
ZAP CLI:
ZAP CLI is a ZAP wrapper written in Python. It provides a simple way to do scanning from the command line:
ZAPR:
Zapr is ruby script for ZAP which allows commandline active scanning for desired target:
Inet Network Scanner 2 4 9 Free
Accessing the API from outside of the Docker container:
Docker appears to assign ‘random' IP addresses, so an approach that appears to work is:
Run ZAP as a daemon listening on '0.0.0.0':
ZAPR:
Zapr is ruby script for ZAP which allows commandline active scanning for desired target:
Inet Network Scanner 2 4 9 Free
Accessing the API from outside of the Docker container:
Docker appears to assign ‘random' IP addresses, so an approach that appears to work is:
Run ZAP as a daemon listening on '0.0.0.0':
Find out the container id:
Find out which address has been assigned to it:
You should be then able to point your browser at the specified host/port and access the ZAP API, eg http://172.17.0.8:8090/
Note that on Macs the IP will be the IP of the Docker VM host. This is accessible with:
Scanning an app running on the host OS
IP addresses like localhost and 127.0.0.1 cannot be used to access an app running on the host OS from within a docker container.To get around this you can use the following code to get an IP address that will work:
For example:
Scanning an app running in another Docker container
By default Docker does not allow apps running in one container to access an app running in another container.To get around this restriction create a Docker network using:
Inet Network Scanner 2 4 9 Download
And then include the Docker option --net zapnet
when starting both your target app and the ZAP packaged scan.