trouble running ZAP tool with automation in windows

Arpit Singh

unread,

Aug 30, 2022, 2:05:10 AM8/30/22

to OWASP ZAP User Group

I am having trouble to run ZAP tool with automation in windows. I am so clueless, can someone help me where to start.

Simon Bennetts

unread,

Aug 30, 2022, 3:16:27 AM8/30/22

to OWASP ZAP User Group

Surprisingly enough we are not omnipresent or telepathic :)

So start by telling us what you have done and what error messages you are getting...

Cheers,

Simon

Crispin Owuor

unread,

Aug 30, 2022, 9:55:45 AM8/30/22

to OWASP ZAP User Group

Please share where you are stuck :)

Arpit Singh

unread,

Aug 31, 2022, 2:13:11 AM8/31/22

to OWASP ZAP User Group

Hi,

Please help me with the following:

1. I tried running the following command in windows to generate the reports

zap.bat -daemon -quickurl <url> -quickprogress -quickout \tmp\scanresults.xml

I gave tmp as random directory

error: The directory of given '-quickout' file is not writable:
C:\tmp

If I use a real path

zap.bat -daemon -quickurl<url> -quickprogress -quickout \Users\Arpit.Singh\OWASP ZAP\reports\scanresults.xml

error: File not found 'ZAP\reports\scanresults.xml'

2. Tried running script through command line but got error

zap.bat -session /C:/Users/Arpit.Singh/OWASP ZAP/session -script /C:/Program Files/OWASP/Zed Attack Proxy/scripts/templates/active/Active default template.js

error: Unable to find file

3. Can you provide command for fuzzing and Forced Browse Site.

Thank you!

Arpit Singh

Simon Bennetts

unread,

Aug 31, 2022, 3:13:45 AM8/31/22

to OWASP ZAP User Group

Hi Arpit,

Answers inline:

On Wednesday, 31 August 2022 at 08:13:11 UTC+2 singha...@gmail.com wrote:

Hi,

Please help me with the following:

1. I tried running the following command in windows to generate the reports

zap.bat -daemon -quickurl <url> -quickprogress -quickout \tmp\scanresults.xml

I gave tmp as random directory

error: The directory of given '-quickout' file is not writable:
C:\tmp

Can the user you using write to the c:\tmp directory?

ZAP doesnt think it can - try changing the permissions on that dir or using a directory you user can write to.

If I use a real path
zap.bat -daemon -quickurl<url> -quickprogress -quickout \Users\Arpit.Singh\OWASP ZAP\reports\scanresults.xml

error: File not found 'ZAP\reports\scanresults.xml'

the path name contains a space, which means its reated as 2 separate parameters:

\Users\Arpit.Singh\OWASP
ZAP\reports\scanresults.xml

Surround the path with quotes and try again. But dont use the "-daemon" flag, use the "-cmd" one in this case:

zap.bat -cmd -quickurl<url> -quickprogress -quickout "\Users\Arpit.Singh\OWASP ZAP\reports\scanresults.xml"

2. Tried running script through command line but got error
zap.bat -session /C:/Users/Arpit.Singh/OWASP ZAP/session -script /C:/Program Files/OWASP/Zed Attack Proxy/scripts/templates/active/Active default template.js
error: Unable to find file

Same problem as above - there are multiple spaces in the file name.

3. Can you provide command for fuzzing and Forced Browse Site.

The command line is very limited.

The Automation Framework is much more flexible: https://www.zaproxy.org/docs/automate/automation-framework/

But even that does not support fuzzing or forced browsing.

Cheers,

Simon

Arpit Singh

unread,

Aug 31, 2022, 5:33:15 AM8/31/22

to OWASP ZAP User Group

Thanks Simon for the help, it worked.

But report generated doesn't have any data. Please find the screenshot below

Also, do windows support zap-cli commands? I am unable to do do.

Thank you!

Arpit Singh

Simon Bennetts

unread,

Aug 31, 2022, 5:49:16 AM8/31/22

to OWASP ZAP User Group

Hi Arpit,

The best way to see whats going on is to use the ZAP desktop.

The zap-cli is not supported by the ZAP Core team.

The recommended automation options are listed on https://www.zaproxy.org/docs/automate/

Cheers,

Simon

Arpit Singh

unread,

Aug 31, 2022, 9:32:51 AM8/31/22

to OWASP ZAP User Group

Thank you Simon!

Reply all

Reply to author

Forward