网站漏洞site scan扫描工具

https://blog.csdn.net/ttu1evldelfq5btqik/article/details/78763329 列表

https://baijiahao.baidu.com/s?id=1584015151646929279&wfr=spider&for=pc

 

ZAP

https://www.zaproxy.org/download/

https://github.com/zaproxy/zaproxy/releases/download/2.7.0/ZAPGettingStartedGuide-2.7.pdf

需要安装java的jdk  https://www.oracle.com/sg/java/technologies/javase-jdk15-downloads.html

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

 

在本地已经有代理的情况下，如何使用

Use Proxy chain

This section allows you to connect to another proxy for outgoing connections. This is often required in a corporate environment.