ZAProxy is the OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
it can test the security of a Web app using a “quick start” option that sends out a spider and scans the app. it can be used for both passive scanning, meaning no data is manipulated, and active scanning, meaning that data is manipulated to test the security of an application. And if you’re looking to perform something along the lines of a port scan it is for you too , it is a valuable tool for any organization concerned about the vulnerabilities present in its Web-based applications.
cyborg@cyborg:~$ sudo zaproxy