Plugin (Addon)
43 views
Skip to first unread message
Simon Bennetts
Feb 12, 2019, 7:53:02 AM2/12/19
to OWASP ZAP User Group
Hiya,
The sqliplugin adds an active scan rule, so you'll need to run the active scan.
The ZAP quick-scan options are farily limited so that probably wont be suitable for you.
A better option would be to use the packaged full scan: https://github.com/zaproxy/zaproxy/wiki/ZAP-Full-Scan
This always uses the standard spider, but if your app uses javascript links then you can use the ajax spider as well.
You can automatically install the sqliplugin using the ZAP -addoninstall command line option.
Run the command with -g to generate a configuration file, edit it to just enable the sqliplugin rule and then supply that using the -c option when you re-run it.
Cheers,
Simon
Alex
Feb 12, 2019, 9:08:47 AM2/12/19
to OWASP ZAP User Group
Thanks for your quick reply and actually the package offers a lot more options but I want scan an URL just for verify if it's vulnerable for SQL Injection, just SQL injection not other attacks (Cross Site,Web Browser XSS,....).
regards,
regards,
kingthorin+owaspzap
Feb 12, 2019, 9:16:44 AM2/12/19
to OWASP ZAP User Group
When you launch an active scan you can select which plugins are included in the scan policy. If you only include SQLi plugins then that's all that will run.
Simon Bennetts
Feb 12, 2019, 9:18:11 AM2/12/19
to OWASP ZAP User Group
And thats what that script allows you to do.
Run it with -g to generate a config file (once)
Edit the config file so that just the SQL injection rules are enabled
Then you can keep running it passing in the config file and it will just scan for SQL injection vulns.
You cannot just scan for a specific type of vulnerability using the quick-scan option as that is not flexible enough, that why you need the packaged full scan which has the flexibility you need, even if you dont use most of the options.
Alex
Feb 12, 2019, 9:19:14 AM2/12/19
to OWASP ZAP User Group
I want scan just for SQL Injection vulnerabilities, i don't want wait until it scan the whole, to know if my website is vulnerable for SQL injection ;).
Simon Bennetts
Feb 12, 2019, 9:30:25 AM2/12/19
to OWASP ZAP User Group
And thats what you can configure the packaged full scan to do.
There seems to be some miscommunication here :/
The packaged full scan is very flexible, but you can configure it to only scan for SQL injections and nothing else.
Alex
Feb 12, 2019, 10:13:49 AM2/12/19
to OWASP ZAP User Group
Sorry i had lost my connexion...
Anyway, i will try your solution and i will tell you the result.
thank you again for your help.
Anyway, i will try your solution and i will tell you the result.
thank you again for your help.
Alex
Feb 14, 2019, 1:29:03 AM2/14/19
to OWASP ZAP User Group
I tried your solution using the full scan package and modifying the configuration file (gen.conf). But I still feel that does not accelerate the scan and he does not ignore all the attacks while in the file I noted IGNORE .
Le mardi 12 février 2019 17:30:25 UTC+3, Simon Bennetts a écrit :
Simon Bennetts
Feb 14, 2019, 4:26:30 AM2/14/19
to OWASP ZAP User Group
Thats a bug then, I've raised it as https://github.com/zaproxy/zaproxy/issues/5225
I'll aim to look at this soon as it will impact something I'll be working on in a bit, unless anyone beats me to it :)
Simon Bennetts
Feb 27, 2019, 7:47:25 AM2/27/19
to OWASP ZAP User Group
Can you post the command you are using to run the scan?
Based on my testing its working fine :/
Reply all
Reply to author
Forward
0 new messages