Unable to perform ZAP Passive scan through Commandline
137 views
Skip to first unread message
Syndy
May 14, 2018, 7:27:00 AM5/14/18
to ZAP Jenkins Plugin
Hi,
I'm trying to perform ZAP Passive scan through commandline by using below command
C:\Program Files\OWASP\Zed Attack Proxy > zap.bat -quickurl https://demo.testfire.net -quickout C:\output\report.xml -quickprogress -newsession -cmd
I'm able to perform security scan using above command but i'm unable to restrict it perform only passive scan . I'm not sure how to do that . Any advise on this would be helpful. Thanks in advance.
Simon Bennetts
May 14, 2018, 9:45:06 AM5/14/18
to ZAP Jenkins Plugin
Hiya,
The '-quickurl' commandline option does not support just passive scanning.
However we do have a packaged scan that does that - the baseline scan: https://github.com/zaproxy/zaproxy/wiki/ZAP-Baseline-Scan
This uses Docker. If you dont want to use docker then you will be able to do the same thing but you'll need to change the script.
Cheers,
Simon
The '-quickurl' commandline option does not support just passive scanning.
However we do have a packaged scan that does that - the baseline scan: https://github.com/zaproxy/zaproxy/wiki/ZAP-Baseline-Scan
This uses Docker. If you dont want to use docker then you will be able to do the same thing but you'll need to change the script.
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages