Now that we have the browser and proxy configured, we are ready to scan a server for existing folders using the following steps:
- Having configured the proxy properly, browse to http://192.168.56.11/WackoPicko.
- We will see ZAP reacting to this action by showing the tree structure of the host
we just visited.
- Now, in ZAP's upper-left panel (the Sites tab), right-click on the WackoPicko folder inside the http://192.168.56.11 site. Then, in the context menu, navigate to Attack | Forced Browse directory (and children); this will do a recursive scan:
- In the bottom panel, we will see that the Forced Browse tab is displayed. Here we can see the progress of the scan and its results: