[Tutorial]: Network Attacks Using Zarp

Aug 05, 2016 | 11:08 am

Published by | Sitanshu Dubey

Hey guys..!!!

Network Security is a field where penetration testers are paid to test organization’s  Network Infrastructure’s security against different type of Cyber attacks.

Having options of penetration testing tools is always a good thing. We can test any network’s security using different-different tools. From that list of penetration testing tools, we are going to introduce you with an another network security testing tool i.e. Zarp.

Like others, Zarp is also an network security testing tool which is being used by penetration testers/attackers/hackers widely. It has many features like:

  • Denial of Service against systems and applications
  • Sniff sensitive information transmitted on the network like username and passwords from different protocols (FTP, HTTP , etc)
  • Running scan on the network for assets discovery and fingerprinting

Installation of Zarp is very easy using git. I hope you know how to install software using git 😛

Well here are the steps for installing zarp.

git clone git://github.com/hatRiot/zarp.git

It is always a good practice to update tools before using it. So let’s update it first. But it has been downloaded/cloned in another zarp directory/folder so first we need to navigate to that directory using “cd” command and then update our tool. So the commands will be:

cd zarp
sudo python zarp.py --update

Well, As you have just downloaded this tool using GIT so its already updated but still as i said “Its always a good practice to update tools.” 😛

Before starting or using this tool it is recommended to install other dependent modules which are:

  • airmon-ng suite (for all your wireless cracking needs)
  • tcpdump
  • libmproxy (packaged with zarp)
  • paramiko (SSH service)
  • nfqueue-bindings (packet modifier)
Zarp: network scanning & attack tool

Zarp: network scanning & attack tool

This tool can also be used for the testing session as a PoC that the network is redundant and have no vulnerabilities.