PREREQUISITE

• Kali Linux Virtual Machine
  You can setup Kali Linux VM via Microsoft Azure Marketplace
  https://azuremarketplace.microsoft.com/en/marketplace/apps/kali-linux.kali-linux?tab=Overview

• Setup Damn Vulnerable Web Application (DVWA) in Kali Linux VM

This just for Education Purpose.

In this article, we will use

• OWASP-ZAP

OWASP-ZAP is an easy-to-use integrated penetration testing tool for finding vulnerabilities in web applications.

1. Go to Applications > Web Application Analysis > OWASP-ZAP
   

2. Click "Accept".
   

3. ZAP will start to load.
   

4. Choose "No,I donot want to persist this session at this moment in time" and Click "Start".
   

5. Enter URL of DVWA at "URL to attack" → click "Attack".
   

6. After the scan is completed, on the top left panel you will see all the crawled sites.
   In the left panel "Alerts", you will see all the findings along with the description.
   

7. Click "Spider" and you will see all the links scanned.
   

Conclusion
I'm self learner and I'm not certified in any Cyber Security Certification. Try at your own risk. Feel free to comment.

REFERENCE
https://github.com/cheahengsoon/KaliLinuxTools