Passive Scan on ZAP using command line
246 views
Skip to first unread message
Eapen
Dec 1, 2022, 4:29:32 AM12/1/22
to OWASP ZAP User Group
Please help me to do a non intrusive scan using Command Line using ZAP.
I want to do a passive scan on a URL. and generate a report in pdf or html.
I want to do a passive scan on a URL. and generate a report in pdf or html.
Can i get the command for running the passive scan on "example.com" and generating a report for the passive scan.
Thanks for the time and response.
Thanks for the time and response.
Simon Bennetts
Dec 1, 2022, 5:09:52 AM12/1/22
to OWASP ZAP User Group
docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-stable zap-baseline.py -t https://www.example.com -r testreport.html
If you dont want to use docker then that command also generates a zap.yaml file which works in the Automation Framework.
It needs some tweaking so I've done that - see attached.
That can be run using the command:
zap.sh -cmd -autorun /full/path/to/example.yaml
Cheers,
Simon
Eapen
Dec 1, 2022, 11:26:38 PM12/1/22
to OWASP ZAP User Group
" Job spider failed to access URL http://altoromutual.com/ : Connection refused: connect"
this is the error I am getting from the execution after running "java -Xmx512m -jar zap-2.11.1.jar -cmd -autorun example.yaml"
this is the error I am getting from the execution after running "java -Xmx512m -jar zap-2.11.1.jar -cmd -autorun example.yaml"
Simon Bennetts
Dec 2, 2022, 4:15:30 AM12/2/22
to OWASP ZAP User Group
Can you access that site from the command line, eg using curl?
Reply all
Reply to author
Forward
Message has been deleted
0 new messages