Export scanned URLs job

[Julia Khanbekova]

Hi Simon,

How can I obtain a list of all discovered ZAP addresses before scanning, as well as all scanned addresses afterwards?

I’m trying to export the addresses after the active scan job using:

• parameters:
  type: "url"
  source: "all"
  fileName: "zap_scanned_urls.txt"
  type: "export"

However, I’ve run into an issue: when I execute the YAML plan in ZAP Desktop, the exported file contains significantly more URLs than when I run ZAP in a container.

Could this discrepancy be caused by the fact that on Desktop I’m using Firefox, while in the container I’m using Firefox ESR?

[Simon Bennetts]

Hiya,

Yes, thats a good way to get all of the URLs.

Are you calling the passiveScan-wait after exploring and before exporting? If not you should.

Are there any errors in the zap.log file?

I would not expect Firefox ESR to make a big difference to the number of URLs ZAP reports.

Cheers,

Simon

[Julia Khanbekova]

To get all discovered URLs before scanning, I run an export after passive-wait.

Then, to obtain all scanned URLs, I run another export after the active-scan.

However, the list of scanned URLs does not include all the addresses that ZAP supposedly found after passive-wait.

When I run the same YAML in ZAP Desktop, all discovered URLs are present in the scanned list after the active scan completes. Could you please explain why there might be such a difference when running the scan through the Automation Framework in a container versus in Desktop?

[Simon Bennetts]

Are the 2 lists very different?

I would expect them to be very similar - active-scan might find a few more URLs, but its main job is attacking rather than exploreing.

As to why they might be different when running in a container vs running in docker .. in theory they should be the same, but they are different environments so may not have the same connectivity.

Can you spot any patterns in the differences?