Home
This tool is the Attack Surface Detector, a plugin for OWASP ZAP. This tool figures out the endpoints of a web application, the parameters these endpoints accept, and the data type of those parameters. This includes the unlinked endpoints a spider won't find in client-side code, or optional parameters totally unused in client-side code. The plugin then imports this data into ZAP so you view the results, or work with the detected endpoints and parameters from the target site map.
- Install Attack Surface Detector plugin in OWASP ZAP
- Configure source code location in the options dialog
- Configure target url in the options dialog
- Import endpoints