ZAP from jenkins & cmd doesn´t work -> Failed to attack the URL
147 views
Skip to first unread message
Octavio Ricci
Sep 26, 2022, 3:48:39 PM9/26/22
to OWASP ZAP User Group
Hello there,
I´m configuring Owasp zap to run the automation framework and also some quickscans file from the Jenkins server (Red Hat Server 7).
So I create a Jenkins Job that executes a quickscan:
I´m configuring Owasp zap to run the automation framework and also some quickscans file from the Jenkins server (Red Hat Server 7).
So I create a Jenkins Job that executes a quickscan:
sh 'zap.sh -quickurl https://www.example.com -quickprogress -cmd'
And I get this result:
Accessing URL: host "www.example.com" not found, please check that the URL you
specify is correct
Failed to attack the URL: connect timed out
<?xml version="1.0"?>
<OWASPZAPReport version="2.11.1" generated="Mon, 26 Sep 2022 09:56:13">
</OWASPZAPReport>
Failed to attack the URL: connect timed out
<?xml version="1.0"?>
<OWASPZAPReport version="2.11.1" generated="Mon, 26 Sep 2022 09:56:13">
</OWASPZAPReport>
I also get the same result from the server shell
But, if I make a curl request I get the response.
I know this server proxy the request, and I´ve tried with this options, having the same result as above:
- -config connection.proxyChain.hostName=<Proxy_Server> -config connection.proxyChain.port=<port_server>
- -host <Proxy_server> -port <port_server>
Really appreciated in advance!
kingthorin+owaspzap
Sep 26, 2022, 5:33:53 PM9/26/22
to OWASP ZAP User Group
Octavio Ricci
Sep 27, 2022, 2:01:35 PM9/27/22
to OWASP ZAP User Group
Yeah mate, I´ve read everything (or at least, I think I have) (forum, google).
That´s why I´m asking some advice, because I feel lost.
I´ve test in my machine (ubuntu), where I have exported the Owasp Zap certificate from the GUI, and installed in the Java Truststore.
- If I start in the Red Hat Server a haeadless zap server : zap.sh -daemon -host 0.0.0.0 -port 8083 -config api.disablekey=true
- And then I make from the same server a zap.sh -cmd -quickurl https://www.example.com -quickprogress or zap.sh -cmd -quickurl https://www.example.com -quickprogress -config connection.proxyChain.hostname=<EnterpriseProxyServer> -config connection.proxyChain.port=<port>
- I get: Failed to attack the URL: host "www.example.com" not found, please check that the URL you specify is correct
- I also add that I have configured in the JAVA_TOOL_OPTIONS: -Dhttp.proxyHost=<EnterpriseProxyServer> -Dhttp.proxyPort=<Port>, so I don´t need to set the -config parameters.
Sorry to bother, but I´m searching and reading from everywhere to try to solve it, before asking here.
Really appreciate any help
kingthorin+owaspzap
Sep 27, 2022, 3:01:28 PM9/27/22
to OWASP ZAP User Group
Seems like your Red Hat server can't resolve the DNS for your target.
Octavio Ricci
Sep 30, 2022, 10:57:42 AM9/30/22
to OWASP ZAP User Group
Hello.
I´ve found the problem. It was the enterpise firewall.
Thanks!
Simon Bennetts
Sep 30, 2022, 11:16:16 AM9/30/22
to OWASP ZAP User Group
Thanks for letting us know!
Reply all
Reply to author
Forward
0 new messages