The official program name is OWASP Zed Attack Proxy Project. As copied from the ZAP page, the program does the is described as: "an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually."

Project URL: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Installing: For Ubuntu just go to the downloads page (https://github.com/zaproxy/zaproxy/wiki/Downloads) and download the correct tar file. Simply extract the tar file and run the .sh file. The .sh file will pop up a GUI based program. You are good to use the program from here.

Usage: As the project description describe the tool is meant to be easy to use. You have the option to just throw a url into it and hit scan and it will do the scans for you. If you need anything like authentication you can treat the tool just like a tool such as Wireshark or Fiddler where your traffic is essentially proxied through the program. To setup the proxy you just use their built in tool to integrate with Firefox. Then browse to the page you want. You'll see the site appear in your sites list. If you need to login to the site first, do so, and then the application will have the same cookies Firefox has and be able to use those. You can now go run the "Spider" and see all the URL's the "scan" will use when scanning. Then create a scan and run the scan on the site.

The scan will generate a lot of requests to your target site so be careful of that.

Once finished you can view the results in the "Alerts" tab.

-- JustinVisser - 2015-08-13