Could not find custom hooks file at /home/zap/.zap_hooks.py

[Soju George]

Iam running the python files locally and also through gitlab.

But im getting error like 

14Getting source from Git repository00:03

15Fetching changes with git depth set to 50...

16Initialized empty Git repository in /builds/seguridad-de-la-informacion-corp/framework-secaas/incoming/zaproxy/.git/

17Created fresh repository.

18Checking out 489b5ed0 as deploy...

19Skipping Git submodules setup

21Executing "step_script" stage of the job script

22$ zap-baseline.py -i -t $DAST_WEBSITE

232021-09-28 12:50:25,268 Could not find custom hooks file at /home/zap/.zap_hooks.py 

[Soju George]

adding more info

This is happening when im running. zap-baseline.py and zap-full-scan.py

[Simon Bennetts]

Its not an error, its not even a warning :)

Its an info message.

You only need to supply a hook file if you want to - heres moe info about them: https://www.zaproxy.org/docs/docker/scan-hooks/

Cheers,

Simon

[Soju George]

okay thanks for the reply, but when im running  zap-baseline.py -t "target address". I believe its getting timed out. how do we have to run these 2 scripts with targets zap-baseline.py and zap-full-scan.py

[Simon Bennetts]

Can you access the target address from the ZAP docker image?

Start a bash shell in it and then try to access the target address using something like curl.

If curl cant access it then ZAP wont be able to :)

[Saad S Awan]

I am also facing the same issue in azure devops pipeline while using the bash script

chmod -R 777  ./
curl https://devpms.itsmyhealth.nz/
docker run --rm -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-stable zap-full-scan.py -t https://domain.com -g gen.conf -x OWASP-ZAP-Report.xml -r scan-report.html
true

Error I Found

Could not find custom hooks file at /home/zap/.zap_hooks.py

although before script i curl https://domain.com and its working fine

[Simon Bennetts]

Thats an informational message.

Nothing is wrong, unless you are trying to supply a hooks file.

[Saad S Awan]

but after coming this info message, my pipeline seems to stuck and nothing happened as I waited almost 20 min, my agent is running but pipeline's tasks is RUNNING running but nothing happen

[Simon Bennetts]

You're doing a full scan - that could last hours, depending on how big your site is!

Best start a new thread to talk about this - the "hooks" message has nothing to do with this ;)

[Saad S Awan]

Yes perfect, after 30 min tasks completed :) 
its just an informational message:)

[Prajwal Ghorpade]

I'm also getting the same error as Could not find the custom hooks file at /home/zap/.zap_hooks.py

Please refer below log for understanding

2022-08-05T14:12:39.1010639Z 70b7b48579db: Pull complete

2022-08-05T14:12:39.1047864Z Digest: sha256:47911f0e0fc82ab2e660bc2af54c84bae0f4b7b1f89f25b0a7d6e5baa163594a

2022-08-05T14:12:39.1061094Z Status: Downloaded newer image for owasp/zap2docker-stable:latest

2022-08-05T14:12:39.6006258Z 2022-08-05 14:12:39,599 Could not find custom hooks file at /home/zap/.zap_hooks.py 

2022-08-05T14:13:07.3875814Z 2022-08-05 14:13:07,386 Failed to access summary file /home/zap/zap_out.json

2022-08-05T14:13:07.3876326Z Using the Automation Framework

2022-08-05T14:13:07.3877019Z Downloading add-on from: https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesBeta-v29/pscanrulesBeta-beta-29.zap

2022-08-05T14:13:07.3877736Z Add-on downloaded to: /root/.ZAP/plugin/pscanrulesBeta-beta-29.zap

2022-08-05T14:13:07.3878095Z Automation plan failures:

2022-08-05T14:13:07.3878529Z    Job spider failed to access URL https://appdev02.maricoapps.biz/StockCoreCascad/:443 status code returned : 404 expected 200

2022-08-05T14:13:07.7904383Z ##[error]ENOENT: no such file or directory, open '/home/vsts/work/r1/a/owaspzap/report.json'

2022-08-05T14:13:07.7917226Z ##[section]Finishing: ZAP Scanner

[thc...@gmail.com]

Hi.

That's not an error, it's just informing that no hooks were found in the
default location.

Best regards.

On 10/08/2022 04:42, Prajwal Ghorpade wrote:
> I'm also getting the same error as Could not find the
> custom hooks file at /home/zap/.zap_hooks.py
>
> Please refer below log for understanding
> 2022-08-05T14:12:39.1010639Z 70b7b48579db: Pull complete
> 2022-08-05T14:12:39.1047864Z Digest: sha256:47911f0e0fc82ab2e660bc2af54c84bae0f4b7b1f89f25b0a7d6e5baa163594a
> 2022-08-05T14:12:39.1061094Z Status: Downloaded newer image for owasp/zap2docker-stable:latest
> 2022-08-05T14:12:39.6006258Z 2022-08-05 14:12:39,599

> * Could not find custom hooks file at /home/zap/.zap_hooks.py *

> 2022-08-05T14:13:07.3875814Z 2022-08-05 14:13:07,386

> * Failed to access summary file /home/zap/zap_out.json*

> 2022-08-05T14:13:07.3876326Z Using the Automation Framework
> 2022-08-05T14:13:07.3877019Z Downloading add-on from: https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesBeta-v29/pscanrulesBeta-beta-29.zap
> 2022-08-05T14:13:07.3877736Z Add-on downloaded to: /root/.ZAP/plugin/pscanrulesBeta-beta-29.zap
> 2022-08-05T14:13:07.3878095Z Automation plan failures:
> 2022-08-05T14:13:07.3878529Z Job spider failed to access URL https://appdev02.maricoapps.biz/StockCoreCascad/:443 status code returned : 404 expected 200

> *2022-08-05T14:13:07.7904383Z ##[error]ENOENT: no such file or directory, open '/home/vsts/work/r1/a/owaspzap/report.json'*

>>>>>>>>>>> <https://gitlab.falabella.com/seguridad-de-la-informacion-corp/framework-secaas/incoming/zaproxy/-/jobs/3789669#L14>Getting

>>>>>>>>>>> source from Git repository00:03
>>>>>>>>>>> 15

>>>>>>>>>>> <https://gitlab.falabella.com/seguridad-de-la-informacion-corp/framework-secaas/incoming/zaproxy/-/jobs/3789669#L15>Fetching

>>>>>>>>>>> changes with git depth set to 50...
>>>>>>>>>>> 16

>>>>>>>>>>> <https://gitlab.falabella.com/seguridad-de-la-informacion-corp/framework-secaas/incoming/zaproxy/-/jobs/3789669#L16>Initialized

>>>>>>>>>>> empty Git repository in
>>>>>>>>>>> /builds/seguridad-de-la-informacion-corp/framework-secaas/incoming/zaproxy/.git/
>>>>>>>>>>> 17

>>>>>>>>>>> <https://gitlab.falabella.com/seguridad-de-la-informacion-corp/framework-secaas/incoming/zaproxy/-/jobs/3789669#L17>Created
>>>>>>>>>>> fresh repository.
>>>>>>>>>>> 18
>>>>>>>>>>> <https://gitlab.falabella.com/seguridad-de-la-informacion-corp/framework-secaas/incoming/zaproxy/-/jobs/3789669#L18>Checking
>>>>>>>>>>> out 489b5ed0 as deploy...
>>>>>>>>>>> 19
>>>>>>>>>>> <https://gitlab.falabella.com/seguridad-de-la-informacion-corp/framework-secaas/incoming/zaproxy/-/jobs/3789669#L19>Skipping
>>>>>>>>>>> Git submodules setup
>>>>>>>>>>> 21
>>>>>>>>>>> <https://gitlab.falabella.com/seguridad-de-la-informacion-corp/framework-secaas/incoming/zaproxy/-/jobs/3789669#L21>Executing

>>>>>>>>>>> "step_script" stage of the job script
>>>>>>>>>>> 22

>>>>>>>>>>> <https://gitlab.falabella.com/seguridad-de-la-informacion-corp/framework-secaas/incoming/zaproxy/-/jobs/3789669#L22>$
>>>>>>>>>>> zap-baseline.py -i -t $DAST_WEBSITE
>>>>>>>>>>> 23
>>>>>>>>>>> <https://gitlab.falabella.com/seguridad-de-la-informacion-corp/framework-secaas/incoming/zaproxy/-/jobs/3789669#L23>2021-09-28

[Prajwal Ghorpade]

Okay

Thank you for the update.

But when I refer to logs the error looks like this Job spider failed to access URL https://appdev02.maricoapps.biz/StockCoreCascad/:443 status code returned : 404 Expected 200

Can I get a suggestion or solution to what I can do now?

Best Regards,

Prajwal Ghorpade | DevOps Engineer

Mobility | Full stack Development | ERPNext

M: +91 9765875787

--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/sgpBxV1MTQ0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/dec56772-ab65-a0a3-6423-240c3608feae%40gmail.com.

[thc...@gmail.com]

Please create a new thread, that's unrelated to the subject of this one.

Also, provide the command you are using to initiate the scan.

Best regards.

On 10/08/2022 13:30, Prajwal Ghorpade wrote:
> Okay
>
> Thank you for the update.

> But when I refer to logs the error looks like this* Job spider failed to

> access URL https://appdev02.maricoapps.biz/StockCoreCascad/:443
> <https://appdev02.maricoapps.biz/StockCoreCascad/:443> status code returned

> : 404 Expected 200*

> Can I get a suggestion or solution to what I can do now?
> Best Regards,
> Prajwal Ghorpade | DevOps Engineer

> *Mobility | Full stack Development | ERPNext*

[Prajwal Ghorpade]

I'm using Zap scanner in our Azure DevOps Pipeline, it will perform all the scans from a Docker image on the server.

So how can I create a new thread?

Best Regards,

Prajwal Ghorpade | DevOps Engineer

Mobility | Full stack Development | ERPNext

M: +91 9765875787

To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/4e45cd53-798d-f239-4f6d-a7011b613fbf%40gmail.com.

[Simon Bennetts]

A new thread on the ZAP User Group - if you are using the web UI then theres a "New conversation" button on the top left.