error fetching srver API version

475 views
Skip to first unread message

rebecca acheampong

unread,
May 2, 2021, 11:55:22 AM5/2/21
to OWASP ZAP User Group
I am running ZAP Baseline scan against DVWS (0.0.0.0:80), but I have this error below:
Please I need help since this is very new to me.

TASK [adding write permissions to reports directory] ***************************************
ok: [my_vm_06]

TASK [running owasp zap full scan container against "0.0.0.0:80"]

fatal: [my_vm_06]: FAILED! => {"changed": false, "msg": "Error connecting: Error while fetching server API version: ('Connection aborted.', PermissionError(13, 'Permission denied'))"}

Below is the Playbook i used:
---
- name: Running OWASP ZAP Baseline Scan
  hosts: localhost
  gather_facts: no
  become: yes
  vars_files:
    - var_zapbaseline.yml
  tasks:
    - vmware_guest:
        hostname: "{{ VMWARE_HOST }}"
        username: "{{ VMWARE_USER }}"
        password: "{{ VMWARE_PASSWORD }}"
        validate_certs: no
        folder: /ha-datacenter/vm/
        name: my_vm_06
- name: run zap baseline
  hosts: my_vm_06
  remote_user: "{{ remote_user_name }}"
  gather_facts: no
  vars:
    remote_user_name: kali-user
    owasp_zap_image_name: owasp/zap2docker-weekly
    website_url: http://0.0.0.0:80
    reports_location: /zapdata  
    scan_name: owasp-zap-full-scan-dvws
  tasks:
    - name: adding write permissions to reports directory
      file:
        path: "{{ reports_location }}"
        state: directory
        owner: root
        group: root
        recurse: yes
        mode: 0777
    - name: running owasp zap full scan container against "{{ website_url }}"
      docker_container:
        name: "{{ scan_name }}"
        image: "{{ owasp_zap_image_name }}"
        interactive: yes
        auto_remove: yes
        state: started
        volumes: "{{ reports_location }}:/zap/wrk:rw"
        command: "zap-full-scan.py -t {{ website_url }} -r {{ scan_name }}_report.html"
    - name: getting raw output of the scan
      command: "docker logs -f {{ scan_name }}"
      register: scan_output
    - debug:
        msg: "{{ scan_output }}"

Simon Bennetts

unread,
May 4, 2021, 4:27:36 AM5/4/21
to OWASP ZAP User Group
That doesnt look like a ZAP error to me.
You'll probably need to go back to basics, eg can you connect to the target from the ZAP docker container, eg using curl?
Reply all
Reply to author
Forward
0 new messages