Plugin (Addon)

[Alex]

Hello,
how i can launch quick-scan only for the SQL injection vulnerabilities in command line. I installed sqliplugin but i don't know how i use it. 
Please someone help-me :).

[Simon Bennetts]

Hiya,

The sqliplugin adds an active scan rule, so you'll need to run the active scan.

The ZAP quick-scan options are farily limited so that probably wont be suitable for you.

A better option would be to use the packaged full scan: https://github.com/zaproxy/zaproxy/wiki/ZAP-Full-Scan

This always uses the standard spider, but if your app uses javascript links then you can use the ajax spider as well.

You can automatically install the sqliplugin using the ZAP -addoninstall command line option.

Run the command with -g to generate a configuration file, edit it to just enable the sqliplugin rule and then supply that using the -c option when you re-run it.

Cheers,

Simon

[Alex]

Thanks for your quick reply and actually the package offers a lot more options but I want scan an URL just for verify if it's vulnerable for SQL Injection, just SQL injection not other attacks (Cross Site,Web Browser XSS,....).
regards,

[kingthorin+owaspzap]

When you launch an active scan you can select which plugins are included in the scan policy. If you only include SQLi plugins then that's all that will run.

[Simon Bennetts]

And thats what that script allows you to do.

Run it with -g to generate a config file (once)

Edit the config file so that just the SQL injection rules are enabled

Then you can keep running it passing in the config file and it will just scan for SQL injection vulns.

You cannot just scan for a specific type of vulnerability using the quick-scan option as that is not flexible enough, that why you need the packaged full scan which has the flexibility you need, even if you dont use most of the options.

[Alex]

I want scan just for SQL Injection vulnerabilities, i don't want wait until it scan the whole, to know if my website is vulnerable for SQL injection  ;).

[Simon Bennetts]

And thats what you can configure the packaged full scan to do.

There seems to be some miscommunication here :/

The packaged full scan is very flexible, but you can configure it to only scan for SQL injections and nothing else.

[Alex]

Sorry i had lost my connexion...
Anyway, i will try your solution and i will tell you the result.
thank you again for your help.

[Alex]

Hello dear,
I tried your solution using the full scan package and modifying the configuration file (gen.conf). But I still feel that does not accelerate the scan and he does not ignore all the attacks while in the file I noted IGNORE .

Le mardi 12 février 2019 17:30:25 UTC+3, Simon Bennetts a écrit :

[Simon Bennetts]

Thats a bug then, I've raised it as https://github.com/zaproxy/zaproxy/issues/5225

I'll aim to look at this soon as it will impact something I'll be working on in a bit, unless anyone beats me to it :)

[Simon Bennetts]

Can you post the command you are using to run the scan?

Based on my testing its working fine :/