Error running active scan: "url_not_found"

[Manojkumar S.J]

Hi Everyone,

We are running a Active ZAP scan for our site and facing some issues with the scan not able to run properly or give the desired results. Did go through the forum and documentation and was able to rule out all the checks mentioned below

• Server is up and running before scan starts
• URL is accessible for the script to execute
• URL is present in the site structure

Please find the data for the setup which we have for the scan. Any leads or pointers to fix this issue would be much appreciated. Thanks

ZAP: owasp/zap2docker-stable

Code Snippet:

targetURL=$1

zap-cli --verbose --boring start --start-options "-Xmx2g -config api.disablekey=true -config scanner.attackOnStart=true -config view.mode=attack -config connection.dnsTtlSuccessfulQueries=-1 -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true"

zap-cli context import $(pwd)/ci/zap-context.xml

zap-cli --verbose --boring quick-scan --context-name zap-context --scanners all --alert-level Informational --recursive --spider --ajax-spider $targetURL

Context File:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<configuration>

    <context>

        <name>zap-context</name>

        <desc/>

        <inscope>true</inscope>

        <incregexes>^(https\:\/\/www\.testdomain\.com\/samplepage).*$</incregexes>

        <excregexes>^(?!https\:\/\/www\.testdomain\.com\/samplepage).*$</excregexes>

        <tech>

            <include>Language.JSP/Servlet</include>

            <include>Language.Java</include>

            <include>Language.JavaScript</include>

            <include>Language.XML</include>

            <include>OS</include>

            <include>OS.Linux</include>

            <include>OS.MacOS</include>

            <include>OS.Windows</include>

            <include>WS.Apache</include>

            <exclude>Db</exclude>

            <exclude>Db.CouchDB</exclude>

            <exclude>Db.Firebird</exclude>

            <exclude>Db.HypersonicSQL</exclude>

            <exclude>Db.IBM DB2</exclude>

            <exclude>Db.Microsoft Access</exclude>

            <exclude>Db.Microsoft SQL Server</exclude>

            <exclude>Db.MongoDB</exclude>

            <exclude>Db.MySQL</exclude>

            <exclude>Db.Oracle</exclude>

            <exclude>Db.PostgreSQL</exclude>

            <exclude>Db.SAP MaxDB</exclude>

            <exclude>Db.SQLite</exclude>

            <exclude>Db.Sybase</exclude>

            <exclude>Language</exclude>

            <exclude>Language.ASP</exclude>

            <exclude>Language.C</exclude>

            <exclude>Language.PHP</exclude>

            <exclude>Language.Python</exclude>

            <exclude>Language.Ruby</exclude>

            <exclude>SCM</exclude>

            <exclude>SCM.Git</exclude>

            <exclude>SCM.SVN</exclude>

            <exclude>WS</exclude>

            <exclude>WS.IIS</exclude>

            <exclude>WS.Tomcat</exclude>

        </tech>

        <urlparser>

            <class>org.zaproxy.zap.model.StandardParameterParser</class>

            <config>{"kvps":"&amp;","kvs":"=","struct":[]}</config>

        </urlparser>

        <postparser>

            <class>org.zaproxy.zap.model.StandardParameterParser</class>

            <config>{"kvps":"&amp;","kvs":"=","struct":[]}</config>

        </postparser>

        <authentication>

            <type>0</type>

        </authentication>

        <forceduser>-1</forceduser>

        <session>

            <type>0</type>

        </session>

        <authorization>

            <type>0</type>

            <basic>

                <header/>

                <body/>

                <logic>AND</logic>

                <code>-1</code>

            </basic>

        </authorization>

    </context>

</configuration>

Script Logs:

[INFO]            Starting ZAP daemon

[DEBUG]           Starting ZAP process with command: /zap/zap.sh -daemon -port 8080 -Xmx2g -config api.disablekey=true -config scanner.attackOnStart=true -config view.mode=attack -config connection.dnsTtlSuccessfulQueries=-1 -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true.

[DEBUG]           Logging to /zap/zap.log

[DEBUG]           ZAP started successfully.

[INFO]            Imported context from /var/lib/jenkins/workspace/ci/zap-context.xml

[INFO]            Running a quick scan for https://www.testdomain.com/samplepage

[DEBUG]           Disabling all current scanners

[DEBUG]           Enabling all scanners

[DEBUG]           Spidering target https://www.testdomain.com/samplepage...

[DEBUG]           Started spider with ID 0...

[DEBUG]           Spider progress %: 0

[DEBUG]           Spider #0 completed

[DEBUG]           AJAX Spidering target https://www.testdomain.com/samplepage...

[DEBUG]           AJAX Spider: running

[DEBUG]           AJAX Spider: running

[DEBUG]           AJAX Spider completed

[DEBUG]           Scanning target https://www.testdomain.com/samplepage...

[ERROR]           Error running active scan: "url_not_found". Make sure the URL is in the site tree by using the open-url or scanner commands before running an active scan.

ZAP Logs:

1604054366452 Marionette INFO Listening on port 36885

1604054366551 Marionette WARN TLS certificate errors will be ignored for this session

33971 [Forwarding newSession on session null to remote] INFO org.openqa.selenium.remote.ProtocolHandshake  - Detected dialect: W3C

35700 [ZAP-AjaxSpiderApi] INFO com.crawljax.core.CrawlController  - Received shutdown notice. Reason is Exausted

1604054368457 Marionette INFO Stopped listening on port 36885

37174 [ZAP-AjaxSpiderApi] INFO com.crawljax.core.CrawlController  - Shutdown process complete

37175 [ZAP-AjaxSpiderApi] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread  - Stopping proxy...

37276 [ZAP-AjaxSpiderApi] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread  - Proxy stopped.

37276 [ZAP-AjaxSpiderApi] INFO org.zaproxy.zap.extension.spiderAjax.SpiderThread  - Finished Crawljax: API - https://www.te..com/samplepage

43254 [ZAP-ProxyThread-36] WARN org.zaproxy.zap.extension.api.API  - Bad request to API endpoint [/JSON/ascan/action/scan/] from [127.0.0.1]:

URL Not Found in the Scan Tree (url_not_found)

at org.zaproxy.zap.extension.ascan.ActiveScanAPI.scanURL(ActiveScanAPI.java:910)

at org.zaproxy.zap.extension.ascan.ActiveScanAPI.handleApiAction(ActiveScanAPI.java:369)

at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:506)

at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:499)

at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:335)

at java.lang.Thread.run(Thread.java:748) 

Regards,

Manoj

[Manojkumar S.J]

Hi Experts,

Could you please provide us some inputs or direction to resolve the above issue?

Thanks in advance.

Regards,

Manoj

[INsomplan347]

wkkwkwk 

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/c20c83bb-7223-43aa-b46c-3821db8e3c7cn%40googlegroups.com.

[Manojkumar S.J]

Hi Everyone,

We were able to resolve this issue!! Seems like there was a volume corruption and clearing out the .zap folder and then pulling latest zap updates fixed the issue.

Cheers,

Manoj

[Simon Bennetts]

Thanks for letting us know!