OWASP Automation Framework
107 views
Skip to first unread message
Anthony Robinson
Mar 22, 2022, 8:41:41 AM3/22/22
to OWASP ZAP User Group
Hi
When trying to use the automation framework I receive an error relating to Zest Script.
The error is as follows: The provided Authentication script (auth1.zst) does not implement the required interface.
Are there any obvious things I can check to get this to work?
My YAML is as follows (note url has been removed):
env:
contexts:
- name: context 1
url: {{url}}
includePaths:
excludePaths:
authentication:
method: script
parameters:
script: C:\auth1.zst
scriptEngine: Mozilla Zest
verification:
loggedInRegex: Acumen Super
loggedOutRegex: Please enter your username and password
parameters:
failOnError: true
failOnWarning: false
progressToStdout: true
jobs:
- type: addOns
parameters:
updateAddOns: true
install:
- ascanrules
- ascanrulesAlpha
- ascanrulesBeta
- pscanrulesBeta
- pscanrulesAlpha
- automation
- domxss
- graphql
- openapi
- reflect
- reports
- soap
- spiderAjax
uninstall:
- type: passiveScan-config
parameters:
maxAlertsPerRule: 10
scanOnlyInScope: true
maxBodySizeInBytesToScan:
- type: spider
parameters:
context:
url:
failIfFoundUrlsLessThan:
warnIfFoundUrlsLessThan:
maxDuration:
maxDepth:
maxChildren:
acceptCookies:
handleODataParametersVisited:
handleParameters:
maxParseSizeBytes:
parseComments:
parseGit:
parseRobotsTxt:
parseSitemapXml:
parseSVNEntries:
postForm:
processForm:
requestWaitTime:
sendRefererHeader:
threadCount:
userAgent:
- type: passiveScan-wait
parameters:
maxDuration: 1
- type: activeScan
parameters:
context:
policy:
maxRuleDurationInMins:
maxScanDurationInMins:
addQueryParam:
defaultPolicy:
delayInMs:
handleAntiCSRFTokens:
injectPluginIdInHeader:
scanHeadersAllRequests:
threadPerHost:
policyDefinition:
defaultStrength: High
defaultThreshold: High
- type: report
parameters:
template: traditional-xml
reportDir: C:\
reportFile: OWASP-ZAP-Report
reportTitle:
reportDescription:
displayReport:
risks:
- high
- medium
- low
- info
confidences:
- high
- medium
- low
- falsepositive
sections:
contexts:
- name: context 1
url: {{url}}
includePaths:
excludePaths:
authentication:
method: script
parameters:
script: C:\auth1.zst
scriptEngine: Mozilla Zest
verification:
loggedInRegex: Acumen Super
loggedOutRegex: Please enter your username and password
parameters:
failOnError: true
failOnWarning: false
progressToStdout: true
jobs:
- type: addOns
parameters:
updateAddOns: true
install:
- ascanrules
- ascanrulesAlpha
- ascanrulesBeta
- pscanrulesBeta
- pscanrulesAlpha
- automation
- domxss
- graphql
- openapi
- reflect
- reports
- soap
- spiderAjax
uninstall:
- type: passiveScan-config
parameters:
maxAlertsPerRule: 10
scanOnlyInScope: true
maxBodySizeInBytesToScan:
- type: spider
parameters:
context:
url:
failIfFoundUrlsLessThan:
warnIfFoundUrlsLessThan:
maxDuration:
maxDepth:
maxChildren:
acceptCookies:
handleODataParametersVisited:
handleParameters:
maxParseSizeBytes:
parseComments:
parseGit:
parseRobotsTxt:
parseSitemapXml:
parseSVNEntries:
postForm:
processForm:
requestWaitTime:
sendRefererHeader:
threadCount:
userAgent:
- type: passiveScan-wait
parameters:
maxDuration: 1
- type: activeScan
parameters:
context:
policy:
maxRuleDurationInMins:
maxScanDurationInMins:
addQueryParam:
defaultPolicy:
delayInMs:
handleAntiCSRFTokens:
injectPluginIdInHeader:
scanHeadersAllRequests:
threadPerHost:
policyDefinition:
defaultStrength: High
defaultThreshold: High
- type: report
parameters:
template: traditional-xml
reportDir: C:\
reportFile: OWASP-ZAP-Report
reportTitle:
reportDescription:
displayReport:
risks:
- high
- medium
- low
- info
confidences:
- high
- medium
- low
- falsepositive
sections:
The header of my zest script is as follows (note sensitive info has been removed)
"about": "This is a Zest script. For more details about Zest visit https://github.com/zaproxy/zest/",
"zestVersion": "0.8",
"generatedBy": "OWASP ZAP Dev Build",
"title": "auth1",
"description": "login",
"prefix": "",
"type": "Authentication",
"parameters": {
"tokenStart": "{{",
"tokenEnd": "}}",
"tokens": {},
"elementType": "ZestVariables"
},
"zestVersion": "0.8",
"generatedBy": "OWASP ZAP Dev Build",
"title": "auth1",
"description": "login",
"prefix": "",
"type": "Authentication",
"parameters": {
"tokenStart": "{{",
"tokenEnd": "}}",
"tokens": {},
"elementType": "ZestVariables"
},
Reply all
Reply to author
Forward
0 new messages