Out of scope issue

Harshitha C

unread,

Jan 12, 2023, 12:32:07 AM1/12/23

to OWASP ZAP Developer Group

Hi All,

I am facing "out of scope issue" while scanning the URL with Ajax spider. Can you someone help me regarding that.

Ananda Krishna

unread,

Jan 12, 2023, 1:12:31 AM1/12/23

to OWASP ZAP Developer Group

Hi Harshitha,

Do you mean to say that even after defining a scope for a scan, alerts are being generating for urls that our out of scope during the ajax spider crawl? If you can share steps to reproduce the issue, and the configuration you have done - that would be great. What are the included scope regex you have defined?

Thanks,

Ananda

psiinon

unread,

Jan 12, 2023, 5:15:26 AM1/12/23

to OWASP ZAP Developer Group

The Ajax Spider will only make requests to URLs that are in scope. Well, and JS / CSS files.

The scope will either be the starting url or the scope of the context you define.

This means that if you start the Ajax Spider on https://example.com/ it will not start crawling https://example2.com/

Why not?

If we followed all links we could end up trying to crawl the entire internet :)

If you want the Ajax Spider to crawk multiple domains then create a context that includes them and specify that to the Ajax Spider.