Is zap docker generate .xml report?

[Kumar Suresh]

down votefavorite

I am un-able to generating .xml report when i am running zap docker command. Is their any way to generate .xml format report using zap docker. Here is my running zap docker command for .html format. docker run --rm -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-weekly zap-baseline.py -t http://www.example.com -g gen.conf -r zaphtmlreport.html Somewhere i find, for xml we need to change only file format. Then i am using below command for xml format which is not working: docker run --rm -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-weekly zap-baseline.py -t http://www.example.com -g gen.conf -r zapxmlreport.xml Please help me to generate .xml report file.

[Simon Bennetts]

If only the script reported the options available via the commandline :(
Oh wait, it does ;)

./zap-baseline.py -h
WARNING:root:Invalid option h : option -h not recognized
Usage: zap-baseline.py -t <target> [options]
    -t target         target URL including the protocol, eg https://www.example.com
Options:
    -c config_file    config file to use to INFO, IGNORE or FAIL warnings
    -u config_url     URL of config file to use to INFO, IGNORE or FAIL warnings
    -g gen_file       generate default config file (all rules set to WARN)
    -m mins           the number of minutes to spider for (default 1)
    -r report_html    file to write the full ZAP HTML report
    -x report_xml     file to write the full ZAP XML report
    -a                include the alpha passive scan rules as well
    -d                show debug messages
    -i                default rules not in the config file to INFO
    -j                use the Ajax spider in addition to the traditional one
    -l level          minimum level to show: PASS, IGNORE, INFO, WARN or FAIL, use with -s to hide example URLs
    -s                short output format - dont show PASSes or example URLs
    -z zap_options    ZAP command line options e.g. -z "-config aaa=bbb -config ccc=ddd"

Try the '-x' option :)

[Kumar Suresh]

Oh my bad luck, i am not getting -x option in help

please see.. 

[thc...@gmail.com]

Hi.

It seems it's using an outdated version. Could you try pull the image again?

Best regards.

On 26/09/16 10:42, Kumar Suresh wrote:
> <https://lh3.googleusercontent.com/-wbBBwxvo4Ts/V-jtjof667I/AAAAAAAAAE8/42XyxHL4nWcP8qZSNYcnJ5z4sgDtxPnpgCLcB/s1600/sssss.PNG>

>
> Oh my bad luck, i am not getting -x option in help
>

> <https://lh3.googleusercontent.com/-wbBBwxvo4Ts/V-jtjof667I/AAAAAAAAAE8/42XyxHL4nWcP8qZSNYcnJ5z4sgDtxPnpgCLcB/s1600/sssss.PNG>

>
> please see..
>
> On Monday, September 26, 2016 at 1:09:42 PM UTC+5:30, Kumar Suresh wrote:
>
>
>
> down votefavorite

> <http://stackoverflow.com/questions/39696707/is-zap-docker-generate-xml-report#>

>
>
> I am un-able to generating .xml report when i am running zap docker
> command. Is their any way to generate .xml format report using zap
> docker.
>
> Here is my running zap docker command for .html format.
>
> |docker run --rm -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-weekly
> zap-baseline.py -t http://www.example.com -g gen.conf -r
> zaphtmlreport.html |
>
> Somewhere i find, for xml we need to change only file format. Then i
> am using below command for xml format which is not working:
>
> |docker run --rm -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-weekly
> zap-baseline.py -t http://www.example.com -g gen.conf -r
> zapxmlreport.xml |
>
> Please help me to generate .xml report file.
>

> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/zaproxy-users/b94ba243-c5d1-4613-8aa0-73dbe950bdab%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/b94ba243-c5d1-4613-8aa0-73dbe950bdab%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.

[Simon Bennetts]

Yeah, we push a new version every week (typically on Monday mornings).
The latest one (todays) gives me the -x option.

> an email to zaproxy-users+unsubscribe@googlegroups.com
> <mailto:zaproxy-users+unsub...@googlegroups.com>.

[Kumar Suresh]

Hurryyy....
i take update and in other centos server i find -x option and now its working for me.

Thanks guys.. you rock.

On Monday, September 26, 2016 at 1:09:42 PM UTC+5:30, Kumar Suresh wrote:

[Simon Bennetts]

No problem :)
Let us know how you get on with ZAP - all feedback is much appreciated!

[Ian Travell]

Guys,

I cant seem to get it to output a report at all.  Any ideas why this isnt working?

docker run --rm -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-weekly zap-baseline.py -t http://www.example.com -g gen.conf -r  zapxmlreport.xml 

Kind regards

Ian

[kingthorin+owaspzap]

I haven't used the docker version but looking at your command I'm guessing you've run it with -g over and over and just keep creating the default conf???

Also according to the info earlier in this thread: -x is for xml output though you've used -r then specified an xml file name...

[Ian Travell]

Ah, thanks for the spot.  Amended that and now it works.  

Cant get it to work against localhost though.  I get a failed to connect error.  it is anything to do with the port or the fact that this will only work it using HTTP or HTTPS?

Ians-MBP:auto-donor-index iantravell$ docker run --rm -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-weekly zap-baseline.py -t http://localhost:8080 -g gen.conf -r  zaphtmlreport.html 

_XSERVTransmkdir: ERROR: euid != 0,directory /tmp/.X11-unix will not be created.

Apr 27, 2017 1:34:06 PM java.util.prefs.FileSystemPreferences$1 run

INFO: Created user preferences directory.

ERROR Failed to connect

2017-04-27 13:34:14,500 I/O error(5): Failed to connect

Traceback (most recent call last):

  File "/zap/zap-baseline.py", line 406, in main

    raise IOError(5, 'Failed to connect')

IOError: [Errno 5] Failed to connect

Found Java version 1.8.0_121

Available memory: 1999 MB

Thanks.  

Ian

[thc...@gmail.com]

Hi.

In that case "localhost" is referring to the docker image itself. If the
target is in the host running the Docker image it should be used other
hostname/address.

Best regards.

[Ian Travell]

Thanks for getting back to me, although I am not quite sure what you mean?

Kind reagrds

Ian

[thc...@gmail.com]

ZAP is running in the Docker container, so when trying to connect to the
target "localhost" it will be attempted in the Docker container (instead
of the host machine running Docker), unless you also have a HTTP server
running in the Docker container (at 8080) that will not work.

There's a more thorough explanation and possible solutions in:
http://stackoverflow.com/questions/24319662/from-inside-of-a-docker-container-how-do-i-connect-to-the-localhost-of-the-mach

Best regards.