How to disable passive scan rules when running on daemon mode
151 views
Skip to first unread message
Albert
Feb 18, 2016, 11:21:49 AM2/18/16
to OWASP ZAP User Group
Anyone know how to disable the passive scan rules when zap runes in daemon mode?
Albert
Feb 18, 2016, 11:42:31 AM2/18/16
to OWASP ZAP User Group
Basically what I would like to do is something like:
- Run ZAP in daemon mode. For example from Jenkins.
- Disable all the existing passive scans.
- Install a specific passive scan I am interested. For example: https://github.com/zaproxy/community-scripts/blob/master/passive/Find%20Credit%20Cards.js
- And check if it really found all the positives I inserted.
I don't know how to disable the passive scanners. If I run zap.sh and disable it there it persists but then running in daemon mode the final report contains passive scanner results.
thanks
Simon Bennetts
Feb 18, 2016, 11:47:21 AM2/18/16
to OWASP ZAP User Group
Have a look at the ZAP API UI, eg http://zap/UI/pscan/ if proxying through ZAP.
There are operations for enabling and disabling all passive scan rules and for doing the same to specific ones.
They are also shown on the wiki: https://github.com/zaproxy/zaproxy/wiki/ApiGen_pscan
Does that help?
Cheers,
Simon
There are operations for enabling and disabling all passive scan rules and for doing the same to specific ones.
They are also shown on the wiki: https://github.com/zaproxy/zaproxy/wiki/ApiGen_pscan
Does that help?
Cheers,
Simon
Albert
Feb 18, 2016, 12:07:36 PM2/18/16
to OWASP ZAP User Group
Is not exactly what I am looking for. As I have no control of the daemon. I runs in an automated fashion.
So basically I need a way to preset my scans so that when the daemon starts it just runs the ones that are enabled.
Basically how can I remove all passive scanners and add one created by me so when ZAP starts as a daemon it only picks up the one i created?
Reply all
Reply to author
Forward
0 new messages