automated scan flagging the host subdomain as out of scop

12 views

Skip to first unread message

proctor smith

unread,

12:52 AM (15 hours ago) 12:52 AM

to ZAP User Group

Hi, how can i make the scan to test all subdomain zap found in automated scan. i tried setting some regex patterns in contexts setting but it does not work

Simon Bennetts

unread,

12:24 PM (3 hours ago) 12:24 PM

to ZAP User Group

Define a context including all of the subdomains, e.g.

https://www.example.*

then, for example, when you crawl https://www.example.com and get some content from https://www.example.api then active scanning that context will attack both domains.

Cheers,

Simon

Simon Bennetts

unread,

12:38 PM (3 hours ago) 12:38 PM

to ZAP User Group

Sorry, for subdomains it should be:

https://.*.example.com

but hopefully you got the general idea :)

Cheers,

Simon

Reply all

Reply to author

Forward

0 new messages