Zap Spider.scanAsUser is i am trying to run.
139 views
Skip to first unread message
Tabassum najneen
Jun 24, 2022, 7:45:53 AM6/24/22
to OWASP ZAP Developer Group
But i got the below error, Please help
INFO org.zaproxy.zap.extension.spider.SpiderThread - Starting spidering scan on Context: testing-post at 2022-06-24T11:40:12.961+0000
15195769 [ZAP-SpiderInitThread-2] INFO org.zaproxy.zap.spider.Spider - Spider initializing...
15195779 [ZAP-SpiderInitThread-2] INFO org.zaproxy.zap.spider.Spider - Starting spider...
15195781 [ZAP-SpiderInitThread-2] WARN org.zaproxy.zap.spider.Spider - No seeds available for the Spider. Cancelling scan...
15195782 [ZAP-SpiderInitThread-2] INFO org.zaproxy.zap.extension.spider.SpiderThread - Spider scanning complete: false on Context: testing-post at 2022-06-24T11:40:13.015+0000
psiinon
Jun 24, 2022, 9:03:11 AM6/24/22
to OWASP ZAP Developer Group
How are you running the spider?
Does the end point you are using exist, and have links on it?
thc...@gmail.com
Jun 24, 2022, 9:16:55 AM6/24/22
to zaproxy...@googlegroups.com
And ensure you are providing one, even when spidering a context ZAP
needs a URL to start from.
On 24/06/2022 14:03, psiinon wrote:
> How are you running the spider?
> Does the end point you are using exist, and have links on it?
>
> On Friday, 24 June 2022 at 13:45:53 UTC+2 tabassum...@gmail.com wrote:
>
>> But i got the below error, Please help
>>
>> *INFO org.zaproxy.zap.extension.spider.SpiderThread - Starting spidering
>> scan on Context: testing-post at 2022-06-24T11:40:12.961+0000*
>>
>> *15195769 [ZAP-SpiderInitThread-2] INFO org.zaproxy.zap.spider.Spider -
>> Spider initializing...*
>>
>> *15195779 [ZAP-SpiderInitThread-2] INFO org.zaproxy.zap.spider.Spider -
>> Starting spider...*
>>
>> *15195781 [ZAP-SpiderInitThread-2] WARN org.zaproxy.zap.spider.Spider -
>> No seeds available for the Spider. Cancelling scan...*
>>
>> *15195782 [ZAP-SpiderInitThread-2] INFO
>>
>
needs a URL to start from.
On 24/06/2022 14:03, psiinon wrote:
> How are you running the spider?
> Does the end point you are using exist, and have links on it?
>
> On Friday, 24 June 2022 at 13:45:53 UTC+2 tabassum...@gmail.com wrote:
>
>> But i got the below error, Please help
>>
>> scan on Context: testing-post at 2022-06-24T11:40:12.961+0000*
>>
>> *15195769 [ZAP-SpiderInitThread-2] INFO org.zaproxy.zap.spider.Spider -
>> Spider initializing...*
>>
>> *15195779 [ZAP-SpiderInitThread-2] INFO org.zaproxy.zap.spider.Spider -
>> Starting spider...*
>>
>> *15195781 [ZAP-SpiderInitThread-2] WARN org.zaproxy.zap.spider.Spider -
>> No seeds available for the Spider. Cancelling scan...*
>>
>> *15195782 [ZAP-SpiderInitThread-2] INFO
>> org.zaproxy.zap.extension.spider.SpiderThread - Spider scanning complete:
>> false on Context: testing-post at 2022-06-24T11:40:13.015+0000*
>>
>
Message has been deleted
Tabassum najneen
Jun 27, 2022, 7:11:18 AM6/27/22
to OWASP ZAP Developer Group
I am using Docker and there I have started zap (8080 port)and also on my local website (3000) is running for testing purposes. Please check the below screen share video to get more context.
PFA
https://www.awesomescreenshot.com/video/9665149?key=b5ccbc2a0deebe806f16d287edf9d665
I want to run the spider -> ScanAsUser and also I am not able to generate the report by its scan ID
PFA
https://www.awesomescreenshot.com/video/9665149?key=b5ccbc2a0deebe806f16d287edf9d665
I want to run the spider -> ScanAsUser and also I am not able to generate the report by its scan ID
psiinon
Jun 27, 2022, 8:24:07 AM6/27/22
to OWASP ZAP Developer Group
Vidios tend to make things harder to debug rather than easier :(.
A text description of what your are doing would be much more helpful.
Otherwise we have to make notes of what you are doing while watching your video.
We can do that buts its time-consuming, and so this would drop right down my priority list tbh :/
Cheers,
Simon
Tabassum najneen
Jun 28, 2022, 1:02:18 AM6/28/22
to OWASP ZAP Developer Group
I'm just trying to automate the zap spider ascan and scan as a user in nodejs, but there's a snag when I put the authentication layer with context and users, and when I start the scan, it throws this error.
There are no seeds available for the Spider.
Cancel scanning...
Could you please explain how to do it and which function to call if possible?
I realise this is a lot to ask, but there is no proper documentation for automating in node.
psiinon
Jun 28, 2022, 4:09:15 AM6/28/22
to OWASP ZAP Developer Group
In these sort of things the details are key.
You could be doing something significant wrong, or it could be a typo.
These things are hard to tell from a video.
I actually dont recommend setting up authentication via the API.
I think its much easier to set up authentication using the ZAP desktop - that way you can test it much more easily.
Once its working in the desktop you can export the context file and then import it via the API.
If you cant do that, can you past all of the URLs that you are invoking via the ZAP API UI?
Also, are you specifying any URLs in the context?
If not that will definitely be a problem.
Cheers,
Simon
Tabassum najneen
Jun 28, 2022, 7:09:21 AM6/28/22
to OWASP ZAP Developer Group
Thanks for your assistance, psiinon... I'll try the approach you're suggesting and see if it works or not!!!!
Thank you for your assistance.
I'm specifying the URLs in context, but what method do you recommend for including the URL in context?
Reply all
Reply to author
Forward
0 new messages