Baseline scan on localhost

707 views
Skip to first unread message

helloworld

unread,
Mar 3, 2021, 7:39:32 AM3/3/21
to OWASP ZAP User Group
Hi 

Does anybody know how to run the baseline scan on a localhost app?

I have OWASP Juice Shop running on https://localhost:3000

when I use the following command:

docker run -t owasp/zap2docker-stable zap-baseline.py -t https://localhost:3000

I get this error:

ERROR [Errno 5] ZAP failed to access: https://localhost:3000
2021-03-03 12:38:11,536 I/O error: [Errno 5] ZAP failed to access: https://localhost:3000
Traceback (most recent call last):
  File "/zap/zap-baseline.py", line 331, in main
    zap_access_target(zap, target)
  File "/zap/zap_common.py", line 104, in _wrap
    return_data = func(*args_list, **kwargs)
  File "/zap/zap_common.py", line 387, in zap_access_target
    raise IOError(errno.EIO, 'ZAP failed to access: {0}'.format(target))
OSError: [Errno 5] ZAP failed to access: https://localhost:3000

Any idea how to fix?

Thanks

Simon Bennetts

unread,
Mar 3, 2021, 8:09:35 AM3/3/21
to OWASP ZAP User Group
Yes, I cover that in this video: https://www.youtube.com/watch?v=BOlalxfdLbU
Basically https://localhost:3000 is not accessible from docker by default.

Cheers,

Simon

helloworld

unread,
Mar 3, 2021, 12:29:05 PM3/3/21
to OWASP ZAP User Group
Thank you. Substituting the IP address for localhost fixed the issue.
Reply all
Reply to author
Forward
0 new messages