0

I'm tasked to do a vulnerability assessment on the OWASP Juice shop that is hosted on a VM. The VM that is provided to me is running on VMWare (no UI, only an IP address to access the website with a custom port number). I've used Nmap, Nikto, OpenVAS, and Nessus with almost all settings related to web application scans.

The problem is all these tools are detecting the VM itself, showing that the port number of the website is open and some useless information but nothing else. I would appreciate any help.

Ray
  • 43
  • 4

1 Answers1

2

You need to use a tool designed for attacking websites, like OWASP ZAP. Note that Juice Shop is designed to teach people how to find vulnerabilities. Many of the issues it contains are not easily discoverable by automated tools like ZAP.

Simon Bennetts
  • 5,479
  • 1
  • 14
  • 26
  • I took a look at it and did some research, guess I had the wrong idea about this kind of assessment as I thought it was similar to Nmap on devices. Thank you. – Ray Oct 17 '22 at 14:18