How to Start Scan after authentication is successful via zest script?

161 views
Skip to first unread message

Rohit Kumar

unread,
Sep 4, 2022, 1:29:39 AM9/4/22
to OWASP ZAP User Group
Hi All,

I was watching ZAP automation with zest tutorials. I watched all 3 parts and i was able to configure authentication and login was successful. I wanted to ask how to start scan after authentication is successful?

I can see there is an option "Add zest action > Action - Scan" but in dropdown in there is option to select "Target parameter". Can someone please tell me how to assign target parameter after authentication is successful.

Screenshot 2022-09-04 at 10.58.05 AM.png

This is my Zest script which is working...

Screenshot 2022-09-04 at 10.58.48 AM.png

Please suggest how to start scan after login gets completed

Simon Bennetts

unread,
Sep 6, 2022, 3:41:00 AM9/6/22
to OWASP ZAP User Group
The Zest "Action - Scan" statement is very limited - it just allows you to scan one parameter on one page, so it is not intended for that purpose.
Have a look at the Automation Framework: https://www.zaproxy.org/docs/automate/automation-framework/
That _is_ designed to control ZAP and the active scanner, and that can invoke Zest scripts.

Cheers,

Simon

Valentin Mamontov

unread,
Dec 18, 2024, 3:31:50 PM12/18/24
to ZAP User Group
Hi!
Found an this old thread on my problem, I created a script that should receive some parameter from call API and write it to a variable that I would like to use during active scanning. Now this variable does not work. Should the sequencer and active scanning work like this or is there another mechanism?

1. create a zest script 
1jpg.jpg

2. run active scan with script, and select global env {{test}}

3. when run, {{test}} dont overrided





вторник, 6 сентября 2022 г. в 10:41:00 UTC+3, psi...@gmail.com:
3.jpg
2.jpg

Simon Bennetts

unread,
Dec 19, 2024, 12:27:15 PM12/19/24
to ZAP User Group
No, this will not work I'm afraid.
Its worth noting that the sequence support was definitely alpha status and had some problems.
We have made significant improvements recently and plan to release these with 2.16.
You can try them out in the weekly release if you want.
This should work in the way you need - so if you try it out then let us know how you get on :)

Cheers,

Simon
Reply all
Reply to author
Forward
0 new messages