Mass Baseline Scan
78 views
Skip to first unread message
Fergal Coll
May 28, 2022, 2:40:49 PM5/28/22
to OWASP ZAP User Group
Hello,
I'm following the steps as outlined here community-scripts/api/mass-baseline at main · zaproxy/community-scripts (github.com)
However I'm running into the following error:
docker run -u zap -i -t fergalcoll/mass-baseline mass-baseline.sh --autooff --env baselinecreds="ghp_XXXXXXXXX"
./zap-baseline.py -t https://www.demo.testfire.net/ -d -c mass-baseline-default.conf " "
2022-05-28 18:30:32,111 Could not find custom hooks file at /home/zap/.zap_hooks.py
2022-05-28 18:30:32,111 Trigger hook: cli_opts, args: 1
2022-05-28 18:30:32,112 Using port: 39336
2022-05-28 18:30:32,112 Trigger hook: load_config, args: 4
2022-05-28 18:30:32,112 Loaded config: {'10010': 'WARN', '10011': 'WARN', '10012': 'WARN', '10015': 'WARN', '10016': 'WARN', '10017': 'WARN', '10019': 'WARN', '10020': 'WARN', '10021': 'WARN', '10023': 'WARN', '10024': 'WARN', '10025': 'WARN', '10026': 'WARN', '10027': 'WARN', '10032': 'WARN', '10040': 'WARN', '10105': 'WARN', '10202': 'WARN', '2': 'WARN', '3': 'WARN', '50001': 'WARN', '90001': 'WARN', '90011': 'WARN', '90022': 'WARN', '90030': 'WARN', '90033': 'WARN'}
2022-05-28 18:30:32,123 Starting ZAP
2022-05-28 18:30:32,124 Params: ['zap-x.sh', '-cmd', '-port', '39336', '-host', '0.0.0.0', '-config', 'database.recoverylog=false', '-config', 'api.disablekey=true', '-config', 'api.addrs.addr.name=.*', '-config', 'api.addrs.addr.regex=true', '-addonupdate', '-silent']
2022-05-28 18:30:51,645 Starting ZAP
2022-05-28 18:30:51,645 Params: ['zap-x.sh', '-cmd', '-port', '39336', '-host', '0.0.0.0', '-config', 'database.recoverylog=false', '-config', 'api.disablekey=true', '-config', 'api.addrs.addr.name=.*', '-config', 'api.addrs.addr.regex=true', '-autorun', '/home/zap/zap.yaml']
2022-05-28 18:31:05,948 Failed to access summary file /home/zap/zap_out.json
Traceback (most recent call last):
File "./mass-basescore.py", line 96, in <module>
handle_site(file, summary_file)
File "./mass-basescore.py", line 73, in handle_site
parse_results(name, all_files[0], True, summary_file)
File "./mass-basescore.py", line 13, in parse_results
with open(sys.argv[1] + '/baseline-results/' + site + '/' + date, 'ro') as f:
ValueError: invalid mode: 'ro'
Environment variable 'baselinecreds' not set so not attempting to update Baseline_Results wiki
./zap-baseline.py -t https://www.demo.testfire.net/ -d -c mass-baseline-default.conf " "
2022-05-28 18:30:32,111 Could not find custom hooks file at /home/zap/.zap_hooks.py
2022-05-28 18:30:32,111 Trigger hook: cli_opts, args: 1
2022-05-28 18:30:32,112 Using port: 39336
2022-05-28 18:30:32,112 Trigger hook: load_config, args: 4
2022-05-28 18:30:32,112 Loaded config: {'10010': 'WARN', '10011': 'WARN', '10012': 'WARN', '10015': 'WARN', '10016': 'WARN', '10017': 'WARN', '10019': 'WARN', '10020': 'WARN', '10021': 'WARN', '10023': 'WARN', '10024': 'WARN', '10025': 'WARN', '10026': 'WARN', '10027': 'WARN', '10032': 'WARN', '10040': 'WARN', '10105': 'WARN', '10202': 'WARN', '2': 'WARN', '3': 'WARN', '50001': 'WARN', '90001': 'WARN', '90011': 'WARN', '90022': 'WARN', '90030': 'WARN', '90033': 'WARN'}
2022-05-28 18:30:32,123 Starting ZAP
2022-05-28 18:30:32,124 Params: ['zap-x.sh', '-cmd', '-port', '39336', '-host', '0.0.0.0', '-config', 'database.recoverylog=false', '-config', 'api.disablekey=true', '-config', 'api.addrs.addr.name=.*', '-config', 'api.addrs.addr.regex=true', '-addonupdate', '-silent']
2022-05-28 18:30:51,645 Starting ZAP
2022-05-28 18:30:51,645 Params: ['zap-x.sh', '-cmd', '-port', '39336', '-host', '0.0.0.0', '-config', 'database.recoverylog=false', '-config', 'api.disablekey=true', '-config', 'api.addrs.addr.name=.*', '-config', 'api.addrs.addr.regex=true', '-autorun', '/home/zap/zap.yaml']
2022-05-28 18:31:05,948 Failed to access summary file /home/zap/zap_out.json
Traceback (most recent call last):
File "./mass-basescore.py", line 96, in <module>
handle_site(file, summary_file)
File "./mass-basescore.py", line 73, in handle_site
parse_results(name, all_files[0], True, summary_file)
File "./mass-basescore.py", line 13, in parse_results
with open(sys.argv[1] + '/baseline-results/' + site + '/' + date, 'ro') as f:
ValueError: invalid mode: 'ro'
Environment variable 'baselinecreds' not set so not attempting to update Baseline_Results wiki
Any ideas?
Thanks
Fergal Coll
May 29, 2022, 8:28:42 AM5/29/22
to OWASP ZAP User Group
Hmm looks like I need to mount the directory for a start
Simon Bennetts
May 30, 2022, 4:29:47 AM5/30/22
to OWASP ZAP User Group
If you use:
- docker run -u zap -i -t fergalcoll/mass-baseline mass-baseline.sh --autooff --env baselinecreds="ghp_XXXXXXXXX"
then I think the --env command gets passed to mass-baseline.sh
Try using:
- docker run --env baselinecreds="ghp_XXXXXXXXX" -u zap -i -t fergalcoll/mass-baseline mass-baseline.sh --autooff
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages