How to use Zarp for penetration testing

Network or systems administrators must conduct pen testing to discover any possible security weaknesses. Find out why Zarp is a very powerful pen-testing tool to have at your disposal.

Image: iStock

Every network administrator knows that security is of the utmost importance. To that end, most admins understand that penetration testing is a necessity for the discovery of network issues. One very powerful pen testing tool is Zarp.

Zarp is a framework that offers the following types of tests:

  • Poisoners
  • Denial of Service
  • Sniffers
  • Scanners
  • Services
  • Parameter
  • Attacks

With this one framework, you can do considerable penetration testing. I'll walk you through the installation and usage of Zarp. Once installed, I'll explain how to issue a TCP SYN DoS attack on a specific IP address so you can see how the machine handles the attack.

SEE: Network Security Policy (Tech Pro Research)

Installing Zarp

The best way to run Zarp is from a pen testing distribution, such as Cyborg Essentials; however, you can install the framework by following these steps.

  1. Open a terminal window.
  2. Install git with the command sudo apt-get install git.
  3. Clone the Zarp git package with the command git clone git://
  4. Change into the newly created zarp folder with the command cd zarp.
  5. Install pip with the command sudo apt-get install python-pip.
  6. Install all dependencies with the command sudo pip install -r requirements.txt.
  7. If necessary, upgrade pip with the command sudo pip install --upgrade pip.
  8. Update zarp with the command sudo python --update.

You can run Zarp with the command (from within the zarp directory created during the installation) sudo ./

Using Zarp

Here's how to run a TCP SYN DoS attack on a specific IP address.

With Zarp open, you'll be greeted by a simple, text-based main menu (Figure A).

Figure A

Figure A

The Zarp main menu.

To start the attack (we'll flood port 22, at the IP address, with 100,000 packets), hit 2 on your keyboard followed by 6. In the next screen (Figure B), follow these steps.

  1. Type 1 100000.
  2. Hit Enter on your keyboard.
  3. Type 2
  4. Hit Enter on your keyboard.
  5. Type 3 22.
  6. Hit Enter on your keyboard.
  7. Type run.
  8. Hit Enter on your keyboard.

Figure B

Figure B

Getting ready to run the attack.

The session is running, and we need to start the session logger. To do this, type 0 to go back to the main menu and then hit the number 8 on your keyboard, followed by 3. Next you will have to enter the file for Zarp to log to. Enter a new log file path and name and then hit Enter on your keyboard.

Next you must define the session to log. Zarp will have already listed the currently running sessions (Figure C). In my sample case it is session 1, number 0. When prompted type the session number followed by the number (in my case that would be 1 0) and hit Enter on your keyboard. The session is now being logged.

Figure C

Figure C

Setting up the log session.

Once the attack completes, Zarp will indicate it has shut down the attack, and you can then stop the session, exit out of Zarp, and view the log to check what the penetration test revealed.

More pen tests are available

There are plenty of other tests available with Zarp. Go through the main menu and familiarize yourself with what's available, as you never know when you might need one.

Zarp is a very powerful tool to have at your disposal. Get this framework up and running on your favorite Linux distribution, and you'll be able to discover weaknesses you didn't know were plaguing your network and systems.

Also see

By Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic, The New Stack, and Linux New Media. He's covered a variety of topics for over twenty years and is an avid promoter of open source. For more news about Jack Wallen, visit his website jackwallen....