ZAP Proxy - Authenticated attacks

The most simple way to do this is setting your browser to Proxy through ZAP. On Firefox you can go to:

Options -> Advanced -> Network -> Settings.

Select Manual Proxy Configuration and fill the HTTP Host with the address of the machine running ZAP (most probably localhost) and the configured ZAP port.

You can check and configure ZAP port opening ZAP and accessing:

Tools -> Options -> Local Proxy.

Then open your web browser and login to your application. Now go to ZAP, in the Sites tab (left side of ZAP), select your site, right click on it and select:

Include in Context -> Default Context

Now open the HTTP Sessions tab right click on the session and "Set as Active". (HTTP Sessions Tab: View -> Show Tab -> HTTP Sessions)

Now you can perform ZAP Spider, Active Scan and so with an logged in session

Fixing or Setting Bridged Network on VMware Workstation for Kali LInux ( 2018)

If your Kali Linux Virtual Machine not accepting bridged connection from VMWare Workstation

1) Stop Virtual machine.
2) Run VMWare Workstation as admin
3) Open Virtual Network Editor. Edit --- Virtual Network Editor
4) Remove network VMnet0
5) Add Network VMnet0
6) Restart VMWare Workstation
7) Start guest and reset connection

Convert DNS name to IP address in bulk text file

Just really useful script

https://gallery.technet.microsoft.com/scriptcenter/Convert-DNS-name-to-IP-e74f8b01

foreach ($computer in (get-content C:\computers.txt)) { 
  Try{  
    [system.net.Dns]::GetHostAddresses($computer) | Foreach-Object { 
      add-content -path C:\computersips.txt -value "$computer,$($_.IPAddressToString)" 
    } 
  } Catch { 
    add-content -path C:\computersips.txt -value "$computer,Cannot resolve hostname" 
  } 
}

Nmap result parser to CVE. Simple Nmap Parser

Found this little gem for parsing nMap result for reports.

Simple Nmap Parser

https://www.hackwhackandsmack.com/?p=441

Bulk IP CIDR to IP list converter,

This is useful for OpenVAS
https://www.cidrcalculator.com/ipv4/cidr-to-ip-list-bulk.html?lang=en

Can't connect to OPENVAS from external network. Fix

/lib/systemd/system/greenbone-security-assistant.service

changed --listen=127.0.0.1 to --listen=0.0.0.0 
then after changing and saving

Stop and start Openvas service.

Nesuss Excluding list of IP from scan

Recently I found that I need to exclude some IPs from scan.
As I did it in windows :

In the c:\ProgramData\Tenable\Nessus\conf\nessusd.rules


# Target Syntax: accept|reject address/netmask:port[-port_max]
#
# Reject any target on 10.42.***
 reject 65.132.***
 reject 50.233.***
 reject 96.93.***
 reject 216.174.***

As this IPs were in the different places subnets, i used this way. May be there is different and better way.