ZAP scan
117 views
Skip to first unread message
Mike Anastasiadis
May 15, 2024, 11:01:26 AM5/15/24
to ZAP User Group
Hello group,
when i perform a scan my computer processes are like the following picture:
Is there any way to handle the processes that zap will use or something like that ?
i tested it with the zap interface, the automation framework and the docker and all of them have the same behavior.
Thanks,
Mike
kingthorin+zap
May 15, 2024, 1:51:19 PM5/15/24
to ZAP User Group
You've shown us a result but not told us what you did or were doing.
Mike Anastasiadis
May 16, 2024, 8:00:59 AM5/16/24
to zaprox...@googlegroups.com
hello kingthorin,
i used the following automation.yaml and scanned the juice-shop with the automation the docker version of zap with the following command:
docker run --net=host -v $(pwd):/zap/wrk/:rw -t zaproxy/zap-stable zap.sh -cmd -autorun /zap/wrk/automation.yaml
---
env:
contexts:
- name: "Juice Shop"
urls:
includePaths:
- "http://localhost:3000.*"
excludePaths: []
authentication:
method: "browser"
parameters:
loginPageWait: 5
browserId: "firefox-headless"
verification:
method: "autodetect"
loggedInRegex: "\\Q 200 OK\\E"
loggedOutRegex: "\\Q 304 Not Modified\\E"
pollFrequency: 60
pollUnits: "requests"
pollPostData: ""
sessionManagement:
method: "autodetect"
parameters: {}
technology:
exclude: []
users:
credentials:
password: "tester"
parameters:
failOnError: true
failOnWarning: false
progressToStdout: true
vars: {}
jobs:
- parameters:
requests:
name: ""
method: ""
httpVersion: ""
headers: []
data: ""
name: "requestor"
type: "requestor"
- parameters:
context: "Juice Shop"
maxDuration: 2
maxDepth: 2
maxChildren: 2
name: "spider"
type: "spider"
- parameters:
context: "Juice Shop"
maxDuration: 10
maxCrawlDepth: 2
numberOfBrowsers: 24
inScopeOnly: true
runOnlyIfModern: false
name: "spiderAjax"
type: "spiderAjax"
- parameters:
template: "traditional-json"
reportDir: "/zap/wrk/"
reportFile: ""
reportTitle: "ZAP Scanning Report"
reportDescription: ""
displayReport: false
risks:
- "info"
- "low"
- "medium"
- "high"
confidences:
- "falsepositive"
- "low"
- "medium"
- "high"
- "confirmed"
sites: []
name: "report"
type: "report"
--
For commercial support options see https://www.zaproxy.org/support/
ZAP is supported by the Crash Override Open Source Fellowship https://crashoverride.com/open-source?zap=user
---
You received this message because you are subscribed to a topic in the Google Groups "ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/M-preEo3EYc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/1e7e9fd8-b29f-458b-a7a5-579d5acaa7f0n%40googlegroups.com.
Simon Bennetts
May 23, 2024, 4:13:10 AM5/23/24
to ZAP User Group
Each of the ZAP "scanners" allow you to configure the number of threads, or browsers as appropriate.
You are already doing that for the Ajax Spider:
- numberOfBrowsers: 24
For the traditional spider you can use "threadCount" as per https://www.zaproxy.org/docs/desktop/addons/spider/automation/
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages