How to run ZAF scan with the minimal inputs?
61 views
Skip to first unread message
LearnWork Smart (TheNoobEngineer)
Aug 11, 2023, 5:19:57 AM8/11/23
to ZAP User Group
Hi,
I am trying to understand how ZAF yaml works, e.g.
I am trying to understand how ZAF yaml works, e.g.
1. what each parameter stands for?
2. what are the optional inputs
3. how to turn off authentication option.
I have generated the example.yaml file using "zap.sh -cmd -autogenconf /zap/wrk/autogenconf.yam".
For the zap.yaml, i added the URL path
I ran the scan with "docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-stable:2.13.0 zap.sh -cmd -autorun /zap/wrk/example.yaml" and it returns the following error:
Aug 11, 2023 9:13:56 AM java.util.prefs.FileSystemPreferences$1 run
INFO: Created user preferences directory.
Job authentication set parameters = {loginRequestBody=null, hostname=null, port=null, loginRequestUrl=null, realm=null, loginPageUrl=null, scriptEngine=null, script=null}
Invalid authentication loginRequestBody: {method=null, parameters={hostname=null, port=null, realm=null, loginPageUrl=null, loginRequestUrl=null, loginRequestBody=null, script=null, scriptEngine=null}, verification={method=null, loggedInRegex=null, loggedOutRegex=null, pollFrequency=null, pollUnits=null, pollUrl=null, pollPostData=null, pollAdditionalHeaders=[{header=null, value=null}]}}
Invalid authentication hostname: {method=null, parameters={hostname=null, port=null, realm=null, loginPageUrl=null, loginRequestUrl=null, loginRequestBody=null, script=null, scriptEngine=null}, verification={method=null, loggedInRegex=null, loggedOutRegex=null, pollFrequency=null, pollUnits=null, pollUrl=null, pollPostData=null, pollAdditionalHeaders=[{header=null, value=null}]}}
Unexpected error accessing file /zap/wrk/example.yaml : null - see log for details
null
Usage:
zap.sh [Options]
Aug 11, 2023 9:13:56 AM java.util.prefs.FileSystemPreferences$1 run
INFO: Created user preferences directory.
Job authentication set parameters = {loginRequestBody=null, hostname=null, port=null, loginRequestUrl=null, realm=null, loginPageUrl=null, scriptEngine=null, script=null}
Invalid authentication loginRequestBody: {method=null, parameters={hostname=null, port=null, realm=null, loginPageUrl=null, loginRequestUrl=null, loginRequestBody=null, script=null, scriptEngine=null}, verification={method=null, loggedInRegex=null, loggedOutRegex=null, pollFrequency=null, pollUnits=null, pollUrl=null, pollPostData=null, pollAdditionalHeaders=[{header=null, value=null}]}}
Invalid authentication hostname: {method=null, parameters={hostname=null, port=null, realm=null, loginPageUrl=null, loginRequestUrl=null, loginRequestBody=null, script=null, scriptEngine=null}, verification={method=null, loggedInRegex=null, loggedOutRegex=null, pollFrequency=null, pollUnits=null, pollUrl=null, pollPostData=null, pollAdditionalHeaders=[{header=null, value=null}]}}
Unexpected error accessing file /zap/wrk/example.yaml : null - see log for details
null
Usage:
zap.sh [Options]
...
For ZAF, can we run without authentication option?
psiinon
Aug 11, 2023, 10:39:26 AM8/11/23
to zaprox...@googlegroups.com
The yaml is described on https://www.zaproxy.org/docs/automate/automation-framework/
Just follow the link for each section.
Alternatively you can:
- Create (and optionally test) the AF plan in the ZAP Desktop and then export it
- Generate a "minimum" or "maximum" template as per https://www.zaproxy.org/docs/desktop/addons/automation-framework/
By default ZAP will not perform any authentication, you have to tell it to do that.
Cheers,
Simon
--
You received this message because you are subscribed to the Google Groups "ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/cf06e4ef-ed61-4c13-b058-c228d413d1f7n%40googlegroups.com.
--
ZAP Project leader
Reply all
Reply to author
Forward
0 new messages