Active scan not running in the cli mode

[LAVAN S]

I created config for active scan in the yaml file but when using that yaml file the scan suddenly stops only executed 0.001s

[thc...@gmail.com]

Hi.

You will have to provide more details, for example, how are you
configuring the active scanner or your context.

The log should give more details why it was stopped earlier (maybe
there's nothing to scan or any scan rule).
https://www.zaproxy.org/faq/where-does-zap-put-its-logs/

Best regards.

[LAVAN S]

Following is the log i got while running.

6483 [ZAP-daemon] ERROR org.zaproxy.addon.automation.jobs.JobUtils - Automation Framework failed to find method setUser on org.parosproxy.paros.core.scanner.ScannerParam
6484 [ZAP-daemon] INFO  org.parosproxy.paros.CommandLine - Job activeScan started
6494 [ZAP-daemon] INFO  org.parosproxy.paros.CommandLine - Job activeScan set default strength to MEDIUM
6495 [ZAP-daemon] INFO  org.parosproxy.paros.CommandLine - Job activeScan set default threshold to MEDIUM
6495 [ZAP-daemon] INFO  org.parosproxy.paros.CommandLine - Job activeScan set rule 40,012 strength to HIGH
6496 [ZAP-daemon] INFO  org.parosproxy.paros.CommandLine - Job activeScan set rule 40,012 threshold to LOW
6499 [ZAP-daemon] INFO  org.parosproxy.paros.core.scanner.Scanner - scanner started
6499 [Thread-5] INFO  org.parosproxy.paros.core.scanner.Scanner - scanner completed in 0s
7013 [ZAP-daemon] INFO  org.parosproxy.paros.CommandLine - Job activeScan finished, time taken: 00:00:00

type: activeScan

parameters:

context: test

user: User1

# policy: myPolicy

maxRuleDurationInMins: 5

maxScanDurationInMins: 60

addQueryParam: true

# defaultPolicy: Default Policy

delayInMs: 1000

handleAntiCSRFTokens: true

injectPluginIdInHeader: true

scanHeadersAllRequests: true

threadPerHost: 4

maxAlertsPerRule: 10

policyDefinition:

defaultStrength: Medium

defaultThreshold: Medium

rules:

- id: 40012

name: Cross Site Scripting (Reflected)

strength: High

threshold: Low

Above is the config i have used for testing

[psiinon]

What jobs have you defined before running the activeScan?

Cheers,

Simon

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/f3fdc844-353b-4e6f-8865-0ae8d2b68a05n%40googlegroups.com.

--

OWASP ZAP Project leader

[LAVAN S]

this is the first job i defined and before i created context in the env

Thanks

Lavan S

[psiinon]

You have to create the context first and then explore it.

If you dont do that then the active scanner has nothing to work on.

We have an example plan which uses the 2 spiders to explore example.com: https://github.com/zaproxy/community-scripts/blob/main/af-plans/BaselineExample.yaml

Cheers,

Simon

To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/6430865c-bdbc-485d-bd54-4bacae940650n%40googlegroups.com.

[LAVAN S]

Is there any way to filter out the scanned ajax sipder results for the active scan.I want to do active scan for particular set of endpoints in my application