How can we do Passive Scanning using CLI or Command Line

[Eapen]

Please help me to do a non intrusive scan using Command Line using ZAP. 
I want to do a passive scan on a URL. and generate a report in pdf or html.

[psiinon]

Hiya,

See https://www.zaproxy.org/docs/docker/baseline-scan/

If you want a bit more flexibility then you can also use the Automation Framework (AF): https://www.zaproxy.org/docs/automate/automation-framework/

The baseline scan usesthe AF for the most common options.

Cheers,

Simon

[Eapen]

Thanks a lot for the response.
But how can we run a passive scan using the AF. I cannot see a code for that in the above pages. I can only see an active scan. I need to run a simple passive (non intrusive scan) and generate the report.
Please provide me that command also if you can.
Thanks in advance for the response.

[thc...@gmail.com]

The passive scan is done by default, you just need to generate the
traffic (e.g. proxy, spider).

https://www.zaproxy.org/docs/desktop/start/features/pscan/

Best regards.

On 30/11/2022 04:58, Eapen wrote:
> Thanks a lot for the response.

> But how can we run a passive scan using the AF. I *cannot *see a code for

[psiinon]

You have fine grain control over the passive scan rules via the passiveScan-config job - just make sure you call this before exploring your app.

Also wait for the passive scanner to finish after exploring using the passiveScan-wait job.

Cheers,

Simon

[Eapen]

Can i get the command for running the passive scan on "example.com"  and generating a report for the passive scan.
Thanks for the time and response.

[Eapen]

Can i get the command for running the passive scan on "example.com"  and generating a report for the passive scan.
Thanks for the time and response.