How to limit memory usage of zap?
125 views
Skip to first unread message
Muhammad Kasyfi Assegaf
Jan 4, 2024, 3:56:13 AM1/4/24
to ZAP User Group
Hello..
I've encountered an issue while using OWASP ZAP's AJAX Spider on a large website where it consumes an excessive amount of memory, reaching up to 10GB during its operation. Unfortunately, my system can only handle around 1-2GB per scan.
Could anyone kindly provide guidance on how to effectively limit the memory usage of ZAP during the AJAX Spider process on a substantial website? I'm eager to optimize the tool's performance and make the most of its capabilities without overwhelming my system resources.
Any insights, tips, or configuration adjustments to help manage ZAP's memory usage would be greatly appreciated.
Thank you in advance!
I've encountered an issue while using OWASP ZAP's AJAX Spider on a large website where it consumes an excessive amount of memory, reaching up to 10GB during its operation. Unfortunately, my system can only handle around 1-2GB per scan.
Could anyone kindly provide guidance on how to effectively limit the memory usage of ZAP during the AJAX Spider process on a substantial website? I'm eager to optimize the tool's performance and make the most of its capabilities without overwhelming my system resources.
Any insights, tips, or configuration adjustments to help manage ZAP's memory usage would be greatly appreciated.
Thank you in advance!
Muhammad Kasyfi Assegaf
Jan 4, 2024, 3:57:03 AM1/4/24
to ZAP User Group
For info, i use ZAP command like
"zap-full-scan.py config -config database.request.bodysize=xxx"
"zap-full-scan.py config -config database.request.bodysize=xxx"
Simon Bennetts
Jan 4, 2024, 4:46:47 AM1/4/24
to ZAP User Group
Hiya,
The AJAX Spider works by launching browsers to crawl the target, so its probably the browsers which are taking up so much memory.
By default ZAP will launch 2 x the number of available processors.
You can change that via the config param "ajaxSpider.numberOfBrowsers".
Note that your command line looks wrong to me.
I think it should be something like:
- zap-full-scan.py -t https://your-target.com -c configFile -z "-config database.request.bodysize=xxx -config ajaxSpider.numberOfBrowsers=2"
See https://www.zaproxy.org/docs/docker/full-scan/#usage for more details
Cheers,
Simon
Muhammad Kasyfi Assegaf
Jan 4, 2024, 5:29:40 AM1/4/24
to zaprox...@googlegroups.com
Thank you for your detailed guidance! I appreciate your help. I'll give it a try and follow the steps. Cheers!
--
You received this message because you are subscribed to a topic in the Google Groups "ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/arnqqgYe9DA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/44a940a9-b4ef-4842-a239-baf5e28fc4f0n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages