How can I make ZAP to scan all the URLs of the application which are in the Context in Active Scan?
5,082 views
Skip to first unread message
ellenxi...@gmail.com
Aug 2, 2016, 5:47:31 AM8/2/16
to OWASP ZAP User Group
I've created a authentication script and ZAP can success fully login the application which I need to scan vulnerabilities. I used Active Scan to scan and expected ZAP can scan all the URLs in the context. The actual result was that it didn't scan all of the URLs in the Context but part of them. Some important pages are not scanned.
How can I make ZAP to scan all the URLs of the application
which are in the Context in Active Scan? Thank you.
BTW, there is only Active Scan option but not Active Scan Site/Active Scan Node options in the ZAP I use. Version is 2.5.0
Simon Bennetts
Aug 2, 2016, 7:03:39 AM8/2/16
to OWASP ZAP User Group
The active scanner will only scan the urls / nodes that have been recorded in ZAP - it does not explore anything new.
How are you currently exploring your application?
The current options include:
How are you currently exploring your application?
The current options include:
- Proxying your browser and exploring manually
- Proxying regression tests
- The 'traditional' spider
- The Ajax spider
For recent versions of ZAP the 'Scan Node option has been replaced with the 'Recurse' checkbox in the Active Scan dialog.
If you check the 'Show advanced options' box then you'll also be shown extra tabs that give you even greater control.
Cheers,
Simon
ellenxi...@gmail.com
Aug 2, 2016, 9:42:42 PM8/2/16
to OWASP ZAP User Group
Hi Simon,
Thanks for your reply. The problem I met is that active scanner doesn't scan all the urls/nodes that have been recorded in ZAP. It scan part of them.
I used below options to explore the application
- Proxying your browser and exploring manually
- The 'traditional' spider
Best regards,
Ellen
Simon Bennetts
Aug 3, 2016, 3:08:43 AM8/3/16
to OWASP ZAP User Group
How do you know that its not scanning all of the nodes?
What options are you using when active scanning?
Can you see anything that is common to the nodes that are not scanned vs the ones that are?
Cheers,
Simon
What options are you using when active scanning?
Can you see anything that is common to the nodes that are not scanned vs the ones that are?
Cheers,
Simon
ellenxi...@gmail.com
Aug 3, 2016, 6:24:40 AM8/3/16
to OWASP ZAP User Group
Hi Simon,
I checked the URLs under the Active Scan tab. Some of the URLs under Sites(which I've added to the Context) don't appear in the URL column under Active Scan tab.
I selected the top node and right click then click Attack>>Active Scan to scan.
They are similar but just different sub links of the application.
Best regards,
Ellen
thc...@gmail.com
Aug 3, 2016, 6:31:12 AM8/3/16
to zaprox...@googlegroups.com
Hi.
That panel might not show all URLs being attacked, it depends on the
option "Max results to list". [1]
[1]
https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsAscan#max-results-to-list
Best regard.
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/zaproxy-users/c7b9ce9a-24e3-4726-8b84-624575768812%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/c7b9ce9a-24e3-4726-8b84-624575768812%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
That panel might not show all URLs being attacked, it depends on the
option "Max results to list". [1]
[1]
https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsAscan#max-results-to-list
Best regard.
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/zaproxy-users/c7b9ce9a-24e3-4726-8b84-624575768812%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/c7b9ce9a-24e3-4726-8b84-624575768812%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
Simon Bennetts
Aug 3, 2016, 6:31:42 AM8/3/16
to OWASP ZAP User Group
Hi Ellen,
By default the Active Scan tab only shows the first 1000 requests.
You can change this via the Options / Active Scan tab: https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsAscan#max-results-to-list
Cheers,
Simon
By default the Active Scan tab only shows the first 1000 requests.
You can change this via the Options / Active Scan tab: https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsAscan#max-results-to-list
Cheers,
Simon
ellenxi...@gmail.com
Aug 4, 2016, 2:05:53 AM8/4/16
to OWASP ZAP User Group
Thank you, Simon. You are right it actually scanned all in Context.
Reply all
Reply to author
Forward
0 new messages