Running Scheduled Authenticated scans via Automation Framework using command line
360 views
Skip to first unread message
Sajal Verma
Apr 6, 2022, 7:58:43 AM4/6/22
to OWASP ZAP User Group
Hi Folks,
I want to run Scheduled Authenticated scans via Automation Framework using command line.Could anyone provide me a link ,video ,blog example of the same?
Thanks,
Sajal Verma
Simon Bennetts
Apr 6, 2022, 8:04:45 AM4/6/22
to OWASP ZAP User Group
Hi Sajal,
We dont provide any scheduling in ZAP as we dont have any long running services.
However you should be able to run a ZAP AF plan using any scheduling service which supports running commands from the command line, which is probably pretty much all of them ;)
FYI this Github action: https://github.com/zapbot/zap-mgmt-scripts/blob/master/.github/workflows/zap-vs-firingrange.yml
Runs ZAP against Google Firing Range and published the results to: https://www.zaproxy.org/docs/scans/firingrange/
Cheers,
Simon
Sajal Verma
Apr 6, 2022, 8:53:40 AM4/6/22
to OWASP ZAP User Group
We will schedule it using cron jobs which will run the Owasp ZAP from the command line.
You have given example of GITHUB actions ,what if we don't want to use GitHub actions.
What if we want to run authenticated scan of another website or application?Can you script link or GitHub link?
Thanks,
Sajal Verma
Simon Bennetts
Apr 6, 2022, 9:11:36 AM4/6/22
to OWASP ZAP User Group
As per https://www.zaproxy.org/docs/desktop/addons/automation-framework/authentication/ the AF supports all of the authentication options supported by the ZAP desktop.
And it also supports ZAP scripting: https://www.zaproxy.org/docs/desktop/addons/script-console/automation/
Running ZAP from a cron job should be straightforward.
You just need to run a script which has access to a ZAP install and run ZAP in command line mode with the relevant AF plan.
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages