Error installing ZAP in Ubuntu through script

739 views
Skip to first unread message

Apurva Dhoble

unread,
Dec 21, 2021, 2:03:35 AM12/21/21
to OWASP ZAP User Group
I am trying to install zap on ubuntu machine through script.
I have to automate zap. I am referring to https://www.zaproxy.org/docs/api/?shell#introduction . I have to call api's through curl and it was running properly till yesterday. But now I am facing issue while running the zap installation script.  
The script I am running to install zap is

sh '''

                #!/bin/bash

                #!/usr/bin/env python3

                pwd

               # ZAP Installation

                sudo wget -q -O - https://github.com/zaproxy/zaproxy/releases/download/v2.11.0/ZAP_2.11.0_Linux.tar.gz | sudo tar zxf - -C /opt

                sudo ln -s /opt/ZAP_2.11.0 /opt/zap

                cd /opt/zap

                ls -la

                sudo wget -q -O /etc/init.d/zap https://raw.githubusercontent.com/stelligent/zap/master/packer/roles/zap/files/zap-init.sh

                sudo chmod 755 /etc/init.d/zap

                sudo /etc/init.d/zap start

                curl http://localhost:8080

                # Fetch list of scripts before loading bearer token and httpsender authentication script

                curl 'http://localhost:8080/JSON/script/view/listScripts/?apikey=${zap_apikey}'

                    '''

I am getting error for command sudo /etc/init.d/zap start. The error says Starting Zap: /etc/init.d/zap: line 48: pushd: too many arguments

Till yesterday the same script was running fine and installation was succesful. I am attaching the screenshot for the same.
Please help me here. I am trying this  but not able to figure out the error.

Thanks


Screenshot 2021-12-21 at 12.27.45 PM.png

Simon Bennetts

unread,
Dec 21, 2021, 4:02:40 AM12/21/21
to OWASP ZAP User Group

Dont do this. Really dont!

https://github.com/stelligent/zap/ is not an official ZAP repo and has no connection with the ZAP project.
I dont know anything about it but the fact it only has 6 stars should make you _very_ wary of using it.

All of the official ZAP downloads are linked off https://www.zaproxy.org/download/

The packaged installers can be automated via command line options as per https://www.ej-technologies.com/resources/install4j/help/doc/installers/installerModes.html

Oh, and by the way the latest version of ZAP is 2.11.1 as you'll see from the official Downloads page.

Cheers,

Simon

Apurva Dhoble

unread,
Dec 21, 2021, 4:27:29 AM12/21/21
to OWASP ZAP User Group
Thanks for the response Simon.
I will install the latest version of ZAP.
I tried the other way 
sudo ln -s /opt/ZAP_2.11.0 /opt/zap
cd /opt/zap
sudo ./zap.sh -daemon -config api.key=${zap_apikey}

ZAP is running and ZAP is now listening on localhost:8080, but its still running. I mean it should run in deamon mode.
Simon, can you please help me with the commands to install zap on ubuntu in deamon mode, so that I can call zap api and execute the Active scan for all api's and UI.
Please help me out here.

Thanks

Simon Bennetts

unread,
Dec 21, 2021, 4:37:49 AM12/21/21
to OWASP ZAP User Group
You've just started it in daemon mode havnt you? Thats why its still running.

Have you used ZAP before?
If not then the API might be a step to far for you at this stage.
There are lots of videos linked off https://www.zaproxy.org/videos/ to help you learn more about ZAP.

We recommend getting used to the ZAP desktop UI before diving into automation.
When you do get to automation then the Automation Framework might meet your requirements, depending of what they are.
In any case, all of the recommended automation options are detailed on https://www.zaproxy.org/docs/automate/

Cheers,

Simon

Apurva Dhoble

unread,
Dec 21, 2021, 6:15:15 AM12/21/21
to OWASP ZAP User Group
Yes Simon.
I have used ZAP through Desktop and have used api's also.
Screenshot 2021-12-21 at 4.34.21 PM.png
It run fine for me. I have my script ready with all api's which I have to call for running Active Scan for my api's.
But as I told above, earlier the script I provided for installing ZAP was working. Now I am facing issue in that.
Once I get the steps to install zap and it listens on localhost:8080, I will be able to run all my commands. I need help in installing ZAP and allocate port 8080 to it. Thanks

Simon Bennetts

unread,
Dec 21, 2021, 6:36:52 AM12/21/21
to OWASP ZAP User Group
So what problems are you having now?
Have you managed to install ZAP?
Start it?
Successfully call the API?

I dont know what problems you are hitting.
What have you done?
Why do you think its not working?
What error messages are you getting?

Apurva Dhoble

unread,
Dec 21, 2021, 6:50:33 AM12/21/21
to OWASP ZAP User Group
ok
Earlier I used below script to install ZAP and listen port 8080

sh '''

                #!/bin/bash

                #!/usr/bin/env python3

                pwd

               # ZAP Installation

                sudo wget -q -O - https://github.com/zaproxy/zaproxy/releases/download/v2.11.0/ZAP_2.11.0_Linux.tar.gz | sudo tar zxf - -C /opt

                sudo ln -s /opt/ZAP_2.11.0 /opt/zap

                cd /opt/zap

                ls -la

                sudo wget -q -O /etc/init.d/zap https://raw.githubusercontent.com/stelligent/zap/master/packer/roles/zap/files/zap-init.sh

                sudo chmod 755 /etc/init.d/zap

                sudo /etc/init.d/zap start

                curl http://localhost:8080

                # Fetch list of scripts before loading bearer token and httpsender authentication script

                curl 'http://localhost:8080/JSON/script/view/listScripts/?apikey=${zap_apikey}'

                 curl http://0.0.0.0:8080

                 ls -la

                    '''

But the script is not working now and as you said it is not the official site from where I am using.
So now I am trying the other script to install ZAP i.e.

# ZAP Installation
sudo wget -q -O - https://github.com/zaproxy/zaproxy/releases/download/v2.11.0/ZAP_2.11.0_Linux.tar.gz | sudo tar zxf - -C /opt
sudo ln -s /opt/ZAP_2.11.0 /opt/zap
cd /opt/zap
ls -la
sudo ./zap.sh -cmd -host 0.0.0.0 -port 8080 -config api.disablekey=true -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config connection.timeoutInSecs=180
Screenshot 2021-12-21 at 5.11.34 PM.png
Here ZAP is installed but not in headless mode i.e. Its running continuously and  due to which other commands after sudo ./zap.sh -cmd -host 0.0.0.0 -port 8080 -config api.disablekey=true -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config connection.timeoutInSecs=180 are not executing.
My use case is ZAP should work in haedless mode and should listen to port 8080. So that commands after zap installation should run.


Please let  me know if you still didn't get the issue I am facing

Thanks

Simon Bennetts

unread,
Dec 21, 2021, 6:54:13 AM12/21/21
to OWASP ZAP User Group
ZAP is running in headless mode - theres no desktop being shown is there?

What I think you mean is that you want ZAP to run in the background.
In order to do that add an ampersand '&' to the end of the zap.sh line - this is a standard linux feature.

Cheers,

Simon

Apurva Dhoble

unread,
Dec 21, 2021, 7:53:04 AM12/21/21
to OWASP ZAP User Group
Thank you Simon.
Yes I meant about running ZAP in background.
And it worked for me after trying the whole day.

Thank you Simon once again. 

Reply all
Reply to author
Forward
0 new messages