RayZed : Ray-based, distributed web vulnerability scanner

Finding out web vulnerabilities for specific targets(URLs) is a critical task. For this OWASP ZAP-ZED helps by using its various scan functionalities like active, passive and spider scan. These scans scrutinize the target URL for different standard vulnerabilities and thus is an extensive process. The target(URLs) could be distributed among Ray cluster nodes deployed on the cloud-native platform where ZAP is running as a daemon. This architecture scales the process of finding vulnerabilities for targets. The purpose of this project is to create a parallelized tool that could fetch vulnerabilities of different websites in an efficient way such that the process could be scaled and automated for cybersecurity research. This project has the setup for ZAP, Ray and Terraform as infrastructure as code for GCP ready and tasks for setup automated using Ansible. Project Architecture RayZed tool would have the following main components: 1. Terraform 2. Cloud-native platforms(GCP) 3. VMs of cloud-native platforms configured for ssh, firewall and local execution(ZAP). 4. Ray manages the parallelized architecture of the head and workers.