Failed to load context file /zap/wrk/scans/dvwa.context : internal_error

[LearnWork Smart (TheNoobEngineer)]

Hi, 

I am trying to load context file onto zap-full-scan.py (from owasp/zap2docker-stable:2.13.0) but received "Failed to load context file /zap/wrk/scans/dvwa.context : internal_error". 

• Command used to run the scan: 
  • zap-full-scan.py -d -t http://dvwa/ -n scans/dvwa.context -r local-dvwa-admin.html

The context file was exported from Zap GUI (v2.13) and it was able to completed an authenticated scan successfully. 

Has anyone encountered similar issue? 

Can we load the exported context file (from GUI) to docker zap's zap-full-scan.py? 

Any help is appreciated! 

[LearnWork Smart (TheNoobEngineer)]

Another related error happened after: 

2023-07-23 16:45:25,335 [ZAP-IO-Server-1-1] ERROR ScriptBasedAuthenticationMethodType - Unable to find script while loading Script Based Authentication Method for name: /zap/wrk/scans/dvwa.js

[thc...@gmail.com]

Hi.

You need to add the script used by the context as well, e.g.:
https://www.zaproxy.org/faq/how-do-you-add-a-script-to-zap-from-the-command-line/

Best regards.

On 23/07/2023 17:55, LearnWork Smart (TheNoobEngineer) wrote:
> Another related error happened after:
>
> 2023-07-23 16:45:25,335 [ZAP-IO-Server-1-1] ERROR
> ScriptBasedAuthenticationMethodType - Unable to find script while loading
> Script Based Authentication Method for name: /zap/wrk/scans/dvwa.js
>
>
> On Monday, July 24, 2023 at 12:52:29 AM UTC+8 LearnWork Smart wrote:
>
>> Hi,
>>
>> I am trying to load context file onto zap-full-scan.py (from

>> *owasp/zap2docker-stable:2.13.0*) but received "Failed to load context
>> file /zap/wrk/scans/dvwa.context : internal_error".
>>
>>
>> - Command used to run the scan:
>> - zap-full-scan.py -d -t http://dvwa/ -n scans/dvwa.context -r
>> local-dvwa-admin.html
>>
>> The context file was exported from* Zap GUI (v2.13)* and it was able to

[LearnWork Smart (TheNoobEngineer)]

The /zap/wrk/scans/dvwa.js does exists, is there a specify path that zap-full-scan.py only or start search from? 

[LearnWork Smart (TheNoobEngineer)]

Hi, 

I am running the zap.sh -cmd option within a zap containers which is started with daemon option. 

The -cmd option returns the following error. Any idea on how to add authentication script within a zap container?

>

zap@cb3f9d86e94a:/zap$ zap.sh -cmd -config script.scripts.name="dvwa" -config script.scripts.type=authentication -config script.scripts.enabled=true -config script.scripts.file="/zap/wrk/scans/dvwa.js"
Found Java version 11.0.18
Available memory: 7960 MB
Using JVM args: -Xmx1990m
Failed to start the main proxy: java.net.BindException Address already in use
Terminating ZAP, unable to start the main proxy.

[thc...@gmail.com]

You should/can pass arguments to ZAP through zap-full-scan.py script by
using the -z arg.

https://www.zaproxy.org/docs/docker/full-scan/#usage


Best regards.

>>>> *owasp/zap2docker-stable:2.13.0*) but received "Failed to load context
>>>> file /zap/wrk/scans/dvwa.context : internal_error".
>>>>
>>>>
>>>> - Command used to run the scan:
>>>> - zap-full-scan.py -d -t http://dvwa/ -n scans/dvwa.context -r
>>>> local-dvwa-admin.html
>>>>
>>>> The context file was exported from* Zap GUI (v2.13)* and it was able to

[LearnWork Smart (TheNoobEngineer)]

Thanks thc202! I managed to get it work. Here is the command in case anyone else faced the same issue:

zap-full-scan.py -d -t http://dvwa/ -n scans/dvwa.context -j -r dvwa-admin.html \
 -z "-config script.scripts.name=dvwa -config script.scripts.type=authentication -config script.scripts.engine='Oracle Nashorn' -config script.scripts.enabled=true -config script.scripts.file=/zap/wrk/scans/dvwa.js"