How to Start Scan after authentication is successful via zest script?

[Rohit Kumar]

Hi All,

I was watching ZAP automation with zest tutorials. I watched all 3 parts and i was able to configure authentication and login was successful. I wanted to ask how to start scan after authentication is successful?

I can see there is an option "Add zest action > Action - Scan" but in dropdown in there is option to select "Target parameter". Can someone please tell me how to assign target parameter after authentication is successful.

This is my Zest script which is working...

Please suggest how to start scan after login gets completed

[Simon Bennetts]

The Zest "Action - Scan" statement is very limited - it just allows you to scan one parameter on one page, so it is not intended for that purpose.

Have a look at the Automation Framework: https://www.zaproxy.org/docs/automate/automation-framework/

That _is_ designed to control ZAP and the active scanner, and that can invoke Zest scripts.

Cheers,

Simon

[Valentin Mamontov]

Hi!
Found an this old thread on my problem, I created a script that should receive some parameter from call API and write it to a variable that I would like to use during active scanning. Now this variable does not work. Should the sequencer and active scanning work like this or is there another mechanism?

1. create a zest script 


2. run active scan with script, and select global env {{test}}

3. when run, {{test}} dont overrided

вторник, 6 сентября 2022 г. в 10:41:00 UTC+3, psi...@gmail.com:

[Simon Bennetts]

No, this will not work I'm afraid.

Its worth noting that the sequence support was definitely alpha status and had some problems.

We have made significant improvements recently and plan to release these with 2.16.

You can try them out in the weekly release if you want.

This should work in the way you need - so if you try it out then let us know how you get on :)

Cheers,

Simon