How to obtain the scan policies noted in svn/trunk/src/doc/alerts.xml
430 views
Skip to first unread message
Jones Michael
Jul 1, 2014, 9:52:39 AM7/1/14
to zaprox...@googlegroups.com
Hi,
Does anybody know how to get scan policies noted in svn/trunk/src/doc/alerts.xml? When installing the alpha/beta add-ons I don't really see all the scan policy options which contains all the ID's specified below. Possibly its somewhere else. The only policy id's by default are:
SCAN_POLICY_IDS("0, 6, 7, 10001, 30000, 40003, 40008, 40009, 40012, 40014, 40016, 40017, 40018, 50000, 90019, 90020");
Please let me know how to find the others. Thanks!
| <!-- |
| This list the alerts |
| 0 Directory browsing |
| 1 Potential File Path Manipulation |
| 2 Private IP disclosure |
| 3 Session ID in URL rewrite |
| 4 Obsolete file (Depreciated) |
| 5 Obsolete file extended check (Depreciated) |
| 6 Directory/Path traversal |
| 7 Remote File Inclusion |
| 10000 Password Autocomplete in browser (Depreciated) |
| 10001 Secure page browser cache |
| 10010 Cookie set without HttpOnly flag |
| 10011 Cookie set without secure flag |
| 10012 Password Autocomplete in browser |
| 10013 Weak HTTP authentication over an unsecured connection |
| 10014 Cross Site Request Forgery |
| 10015 Incomplete or no cache-control and pragma HTTPHeader set |
| 10016 Web Browser XSS Protection Not Enabled |
| 10017 Cross-domain JavaScript source file inclusion |
| 10018 Untrusted domains in JavaScript source code |
| 10019 Content-Type header missing |
| 10020 X-Frame-Options header not set |
| 10021 X-Content-Type-Options header missing |
| 10022 Information disclosure - database error messages |
| 10023 Information disclosure - debug error messages |
| 10024 Information disclosure - sensitive informations in URL |
| 10025 Information disclosure - sensitive informations on HTTP Referrer header |
| 10026 HTTP Parameter Override |
| 10027 Information disclosure - suspicious comments |
| 10028 Open redirect |
| 10029 Cookie poisoning |
| 10030 User controllable charset |
| 10031 User controllable HTML element attribute (potential XSS) |
| 10032 Viewstate scanner |
| 10033 Directory Browsing |
| 10034 Heartbleed OpenSSL Vulnerability |
| 10035 Strict-Transport-Security Header Not Set |
| 10036 Server Leaks Version Information via "Server" HTTP Response Header Field |
| 10037 Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) |
| 10038 Content Security Policy (CSP) Header Not Set |
| 10039 X-Backend-Server Header Information Leak |
| 10040 Secure pages including mixed content |
| 10041 HTTP to HTTPS insecure transition in form post |
| 10042 HTTPS to HTTP insecure transition in form post |
| 10043 User controllable javascript event (XSS) |
| 20000 Cold Fusion default file (Depreciated) |
| 20001 Lotus Domino default files (Depreciated) |
| 20002 IIS default file (Depreciated) |
| 20003 Macromedia JRun default files (Depreciated) |
| 20004 Tomcat source file disclosure (Depreciated) |
| 20005 BEA WebLogic example files (Depreciated) |
| 20006 IBM WebSphere default files (Depreciated) |
| 20010 URL Redirector Abuse |
| 20014 HTTP Parameter Pollution |
| 20015 Heartbleed OpenSSL Vulnerability |
| 20016 Cross-Domain Requests Permitted |
| 30000 External redirect |
| 40000 Cross site scripting |
| 40001 Cross site scripting in SCRIPT section |
| 40002 Cross site scripting without brackets |
| 40003 CRLF injection |
| 40004 SQL Injection Fingerprinting |
| 40005 SQL Injection |
| 40006 MS SQL Injection Enumeration |
| 40007 Oracle SQL Injection Enumeration |
| 40008 Parameter tampering |
| 40009 Server side include |
| 40010 Cross site scripting in TAG |
| 40011 Cross Site Scripting in TAG Attribute |
| 40012 CSRF Token missing |
| 40013 Session Fixation |
| 40014 Persistent XSS (Attack) |
| 40015 LDAP Injection |
| 40016 Persistent XSS (Prime) |
| 40017 Persistent XSS (Spider) |
| 40018 SQL Injection |
| 40019 SQL Injection MySQL |
| 40020 SQL Injection Hypersonic |
| 40021 SQL Injection Oracle |
| 40022 SQL Injection Postgresql |
| 40023 Username Enumeration |
| 40024 Method Scanner |
| 50000 Active Scan scripts |
| 50001 Passive Scan scripts |
| 60000 Example simple passive rule |
| 60001 Example file passive rule |
| 60100 Example simple active rule |
| 60101 Example file active rule |
| 90018 SQL Injection SQLMap |
| 90019 Code Injection |
| 90020 Command Injection |
| 90021 Xpath Injection |
| 90022 Application Error scanner |
| 90023 XXE External Entity |
| 90024 Generic Padding Oracle |
| 90025 Expression Language Injection |
| 90027 Cookie Slack Detector |
| 90028 Insecure HTTP Method |
kingthorin+owaspzap
Jul 2, 2014, 11:53:28 AM7/2/14
to zaprox...@googlegroups.com
What version of ZAP are you using? What version of the ascan and psan rules do you have installed?
Jones Michael
Jul 8, 2014, 9:22:25 PM7/8/14
to zaprox...@googlegroups.com
The latest which is 2.3.1
On Wed, Jul 2, 2014 at 11:53 AM, kingthorin+owaspzap <kingt...@gmail.com> wrote:
What version of ZAP are you using? What version of the ascan and psan rules do you have installed?
--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/YZC0I1lbEtE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
thc...@gmail.com
Jul 23, 2014, 4:17:20 AM7/23/14
to zaprox...@googlegroups.com
Hi.
You've to install all the active and passive scanner rules add-ons (and possible other add-ons) to have "all" the mentioned scanners.
The following IDs are built-in ZAP and are used for the script scanners so they don't require installing any add-on:
50000 Script active scan rules
50001 Script passive scan rules
For the other active and passive scanners you need to install the following add-ons to have (almost) all of them:
(IDs followed by the scanner names)
"Active scanner rules" add-on version 16:
0 Directory browsing
6 Path Traversal
7 Remote File Inclusion
You've to install all the active and passive scanner rules add-ons (and possible other add-ons) to have "all" the mentioned scanners.
The following IDs are built-in ZAP and are used for the script scanners so they don't require installing any add-on:
50000 Script active scan rules
50001 Script passive scan rules
For the other active and passive scanners you need to install the following add-ons to have (almost) all of them:
(IDs followed by the scanner names)
"Active scanner rules" add-on version 16:
0 Directory browsing
6 Path Traversal
7 Remote File Inclusion
10001 Secure page browser cache
30000 External redirect
40003 CRLF injection
40003 CRLF injection
40008 Parameter tampering
40009 Server side include
40012 Cross Site Scripting (Reflected)
40014 Cross Site Scripting (Persistent)
40016 Cross Site Scripting (Persistent) - Prime
40017 Cross Site Scripting (Persistent) - Spider
40018 SQL Injection
90019 Server Side Code Injection
90020 Remote OS Command Injection Plugin
"Active scanner rules (beta)" add-on version 13:
20012 Anti CSRF tokens scanner
20014 HTTP Parameter Pollution scanner
40013 Session Fixation
40015 LDAP Injection
40019 SQL Injection - MySQL
40020 SQL Injection - Hypersonic SQL
40021 SQL Injection - Oracle
40022 SQL Injection - PostgreSQL
40023 Possible Username Enumeration
90021 XPath Injection Plugin
90023 XML External Entity Attack
40014 Cross Site Scripting (Persistent)
40016 Cross Site Scripting (Persistent) - Prime
40017 Cross Site Scripting (Persistent) - Spider
40018 SQL Injection
90019 Server Side Code Injection
90020 Remote OS Command Injection Plugin
"Active scanner rules (beta)" add-on version 13:
20012 Anti CSRF tokens scanner
20014 HTTP Parameter Pollution scanner
40013 Session Fixation
40015 LDAP Injection
40019 SQL Injection - MySQL
40020 SQL Injection - Hypersonic SQL
40021 SQL Injection - Oracle
40022 SQL Injection - PostgreSQL
40023 Possible Username Enumeration
90021 XPath Injection Plugin
90023 XML External Entity Attack
90024 Generic Padding Oracle
90025 Expression Language Injection
"Active scanner rules (alpha)" add-on version 7:
41 Source Code Disclosure - Git
42 Source Code Disclosure - SVN
43 Source Code Disclosure - File Inclusion
10095 Backup File Disclosure
20015 Heartbleed OpenSSL Vulnerability
20016 Cross-Domain Misconfiguration
60100 Example Active Scanner: Denial of Service
60101 An example active scan rule which loads data from a file
"Passive scanner rules" add-on version 11:
41 Source Code Disclosure - Git
42 Source Code Disclosure - SVN
43 Source Code Disclosure - File Inclusion
10095 Backup File Disclosure
20015 Heartbleed OpenSSL Vulnerability
20016 Cross-Domain Misconfiguration
60100 Example Active Scanner: Denial of Service
60101 An example active scan rule which loads data from a file
"Passive scanner rules" add-on version 11:
2 Private IP disclosure
3 Session ID in URL rewrite
10010 Cookie no http-only flag
10011 Cookie without secure flag
10011 Cookie without secure flag
10012 Password Autocomplete in browser
10015 Incomplete or no cache-control and pragma HTTPHeader set
10016 Web Browser XSS Protection Not Enabled
10017 Cross-domain JavaScript source file inclusion
10016 Web Browser XSS Protection Not Enabled
10017 Cross-domain JavaScript source file inclusion
10019 Content-Type header missing
10020 X-Frame-Options header not set
10021 X-Content-Type-Options header missing
10020 X-Frame-Options header not set
10021 X-Content-Type-Options header missing
10040 Secure pages including mixed content
90022 Application Error disclosure
"Passive scanner rules (beta)" add-on version 9:
"Passive scanner rules (beta)" add-on version 9:
10023 Information disclosure - debug error messages
10024 Information disclosure - sensitive informations in URL
10025 Information disclosure - sensitive informations on HTTP Referrer header
10026 HTTP Parameter Override
10027 Information disclosure - suspicious comments
10032 Viewstate scanner
40014 Absence of Anti-CSRF Tokens
40017 Weak Authentication Method
90001 Insecure JSF ViewState
90011 Charset Mismatch
90033 Loosely Scoped Cookie
"Passive scanner rules (alpha)" add-on version 4:
40014 Absence of Anti-CSRF Tokens
40017 Weak Authentication Method
90001 Insecure JSF ViewState
90011 Charset Mismatch
90033 Loosely Scoped Cookie
"Passive scanner rules (alpha)" add-on version 4:
10028 Open redirect
10029 Cookie poisoning
10030 User controllable charset
10031 User controllable HTML element attribute (potential XSS)
10033 Directory Browsing
10034 Heartbleed OpenSSL Vulnerability (Indicative)
10034 Heartbleed OpenSSL Vulnerability (Indicative)
10035 Strict-Transport-Security Header Not Set
10036 Server Leaks Version Information via "Server" HTTP Response Header Field
10037 Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
10038 Content Security Policy (CSP) Header Not Set
10039 X-Backend-Server Header Information Leak
10041 HTTP to HTTPS insecure transition in form post
10042 HTTPS to HTTP insecure transition in form post
10043 User controllable javascript event (XSS)
10042 HTTPS to HTTP insecure transition in form post
10043 User controllable javascript event (XSS)
10094 Base64 Disclosure
10096 Timestamp Disclosure
10097 Hash Disclosure
10098 Cross-Domain Misconfiguration
10099 Source Code Disclosure
60001 An example passive scan rule which loads data from a file
60000 Example Passive Scanner: Denial of Service
"SQLMap Injection Engine" version 6:
90018 Advanced SQL Injection
So by installing the previous add-ons you will get pretty much all of the scanners, the missing IDs are from scanners that are no longer in use (the corresponding scanners are obsolete and are no longer distributed, e.g. "Obsolete file", "Cross site scripting in TAG", "Cross Site Scripting in TAG Attribute", ...) or from scanners that were not yet released (e.g. "Cookie Slack Detector", "Insecure HTTP Method", ...).
HTH.
Best regards.
10096 Timestamp Disclosure
10097 Hash Disclosure
10098 Cross-Domain Misconfiguration
10099 Source Code Disclosure
60001 An example passive scan rule which loads data from a file
60000 Example Passive Scanner: Denial of Service
"SQLMap Injection Engine" version 6:
90018 Advanced SQL Injection
So by installing the previous add-ons you will get pretty much all of the scanners, the missing IDs are from scanners that are no longer in use (the corresponding scanners are obsolete and are no longer distributed, e.g. "Obsolete file", "Cross site scripting in TAG", "Cross Site Scripting in TAG Attribute", ...) or from scanners that were not yet released (e.g. "Cookie Slack Detector", "Insecure HTTP Method", ...).
HTH.
Best regards.
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
Jones Michael
Jul 23, 2014, 8:25:55 AM7/23/14
to zaprox...@googlegroups.com
Ahhh OK. Good to know and tkx :-). Just to let you know, I'm a Sr. Quality Assurance Engineer at NBCUniversal and we will be leveraging this tool in addition to communicating to the rest of the org to adopt. So really happy to share how beneficial this is to the rest of the world
--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/YZC0I1lbEtE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
Jones Michael
Jul 23, 2014, 8:30:45 AM7/23/14
to zaprox...@googlegroups.com
Ahh OK tkx. Appreciate the update :-)
On Wed, Jul 23, 2014 at 4:17 AM, <thc...@gmail.com> wrote:
--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/YZC0I1lbEtE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages