Active Scan
The 'Active Scan'
tool attempts to find other vulnerabilities by using known attack vectors against
the current site. As with the spider, you can only run an active scan on sites that are in scope.
It will attack all of the URLs that ZAP knows about for the site. These could have been discovered via
manual browsing or the spider. It will not be able to attack any pages that it does not yet know about,
so it's best to explore a site thoroughly before starting the active scanner.
When started the icon changes to ![[flame]](flame.png)
and, like the Spider tool, the Active Scan tool will show how far it has
progressed and will allow you to stop it if you click on it again.
It will also raise alerts, which you will be able to see via the alert notifications or any of the alert tools.