2022-07-01 09:40:26,347 [main ] INFO Constant - Copying default configuration to /home/zap/.ZAP_D/config.xml 2022-07-01 09:40:26,538 [main ] INFO Constant - Creating directory /home/zap/.ZAP_D/session 2022-07-01 09:40:26,538 [main ] INFO Constant - Creating directory /home/zap/.ZAP_D/dirbuster 2022-07-01 09:40:26,538 [main ] INFO Constant - Creating directory /home/zap/.ZAP_D/fuzzers 2022-07-01 09:40:26,539 [main ] INFO Constant - Creating directory /home/zap/.ZAP_D/plugin 2022-07-01 09:40:26,639 [main ] INFO DaemonBootstrap - OWASP ZAP D-2022-06-20 started 01/07/2022, 09:40:26 with home /home/zap/.ZAP_D/ 2022-07-01 09:40:26,674 [main ] INFO AbstractParam - Setting config database.recoverylog = false was null 2022-07-01 09:40:26,674 [main ] INFO AbstractParam - Setting config api.disablekey = true was null 2022-07-01 09:40:26,674 [main ] INFO AbstractParam - Setting config api.addrs.addr.name = .* was null 2022-07-01 09:40:26,675 [main ] INFO AbstractParam - Setting config api.addrs.addr.regex = true was null 2022-07-01 09:40:26,675 [main ] INFO AbstractParam - Setting config spider.maxDuration = 0 was null 2022-07-01 09:40:26,675 [main ] INFO AbstractParam - Setting config connection.timeoutInSecs = 40 was null 2022-07-01 09:40:26,677 [main ] INFO AbstractParam - Setting config ajaxSpider.maxDuration = 2 was null 2022-07-01 09:40:27,024 [main ] INFO ENGINE - dataFileCache open start 2022-07-01 09:40:27,029 [main ] INFO ENGINE - dataFileCache commit start 2022-07-01 09:40:27,030 [main ] INFO ENGINE - dataFileCache commit end 2022-07-01 09:40:27,030 [main ] INFO ENGINE - dataFileCache open end 2022-07-01 09:40:28,527 [ZAP-daemon] INFO ExtensionFactory - Installed add-ons: [[id=accessControl, version=8.0.0], [id=alertFilters, version=14.0.0], [id=ascanrules, version=47.0.0], [id=ascanrulesBeta, version=42.0.0], [id=automation, version=0.16.0], [id=bruteforce, version=12.0.0], [id=callhome, version=0.4.0], [id=commonlib, version=1.10.0], [id=coreLang, version=16.0.0], [id=diff, version=12.0.0], [id=directorylistv1, version=6.0.0], [id=domxss, version=13.0.0], [id=encoder, version=0.7.0], [id=exim, version=0.2.0], [id=formhandler, version=5.0.0], [id=fuzz, version=13.7.0], [id=gettingStarted, version=14.0.0], [id=graaljs, version=0.3.0], [id=graphql, version=0.10.0], [id=help, version=15.0.0], [id=hud, version=0.14.0], [id=invoke, version=12.0.0], [id=network, version=0.3.0], [id=oast, version=0.11.0], [id=onlineMenu, version=10.0.0], [id=openapi, version=28.0.0], [id=plugnhack, version=13.0.0], [id=portscan, version=10.0.0], [id=pscanrules, version=41.0.0], [id=pscanrulesBeta, version=30.0.0], [id=quickstart, version=34.0.0], [id=replacer, version=10.0.0], [id=reports, version=0.14.0], [id=requester, version=7.0.0], [id=retest, version=0.3.0], [id=retire, version=0.13.0], [id=reveal, version=5.0.0], [id=scripts, version=31.0.0], [id=selenium, version=15.10.0], [id=sequence, version=7.0.0], [id=soap, version=14.0.0], [id=spiderAjax, version=23.8.0], [id=tips, version=10.0.0], [id=webdriverlinux, version=40.0.0], [id=webdrivermacos, version=41.0.0], [id=webdriverwindows, version=40.0.0], [id=websocket, version=27.0.0], [id=zest, version=36.0.0]] 2022-07-01 09:40:28,529 [ZAP-daemon] INFO ExtensionFactory - Loading extensions 2022-07-01 09:40:29,356 [ZAP-daemon] INFO TlsUtils - Using supported SSL/TLS protocols: [TLSv1.2, TLSv1.3] 2022-07-01 09:40:29,644 [ZAP-daemon] INFO ExtensionFactory - Extensions loaded 2022-07-01 09:40:30,103 [ZAP-daemon] INFO ExtensionLoader - Initializing Auto-update Extension - Allows ZAP to check for updates 2022-07-01 09:40:30,105 [ZAP-daemon] INFO ExtensionLoader - Initializing Options Extension - Options Extension 2022-07-01 09:40:30,105 [ZAP-daemon] INFO ExtensionLoader - Initializing Edit Menu Extension - Edit Menu Extension 2022-07-01 09:40:30,105 [ZAP-daemon] INFO ExtensionLoader - Initializing API Extension - Provides a rest based API for controlling and accessing ZAP 2022-07-01 09:40:30,117 [ZAP-daemon] INFO ExtensionLoader - Initializing History Extension - History Extension 2022-07-01 09:40:30,118 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionReveal - Show hidden fields and enable disabled fields 2022-07-01 09:40:30,119 [ZAP-daemon] INFO ExtensionLoader - Initializing Search Extension - Search messages for strings and regular expressions 2022-07-01 09:40:30,120 [ZAP-daemon] INFO ExtensionLoader - Initializing Breakpoint Extension - Allows you to intercept and modify requests and responses 2022-07-01 09:40:30,121 [ZAP-daemon] INFO ExtensionLoader - Initializing Passive Scan Extension - Passive scanner 2022-07-01 09:40:30,176 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Script Passive Scan Rules 2022-07-01 09:40:30,176 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Stats Passive Scan Rule 2022-07-01 09:40:30,177 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: WSDL File Detection 2022-07-01 09:40:30,177 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Big Redirect Detected (Potential Sensitive Information Leak) 2022-07-01 09:40:30,177 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Directory Browsing 2022-07-01 09:40:30,177 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Hash Disclosure 2022-07-01 09:40:30,177 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Heartbleed OpenSSL Vulnerability (Indicative) 2022-07-01 09:40:30,177 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: HTTP to HTTPS Insecure Transition in Form Post 2022-07-01 09:40:30,177 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: HTTPS to HTTP Insecure Transition in Form Post 2022-07-01 09:40:30,177 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Reverse Tabnabbing 2022-07-01 09:40:30,178 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Modern Web Application 2022-07-01 09:40:30,178 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: PII Disclosure 2022-07-01 09:40:30,178 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Retrieved from Cache 2022-07-01 09:40:30,178 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: HTTP Server Response Header 2022-07-01 09:40:30,178 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: HTTP Parameter Override 2022-07-01 09:40:30,178 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Strict-Transport-Security Header 2022-07-01 09:40:30,178 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: User Controllable Charset 2022-07-01 09:40:30,178 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Cookie Poisoning 2022-07-01 09:40:30,178 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: User Controllable HTML Element Attribute (Potential XSS) 2022-07-01 09:40:30,179 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: User Controllable JavaScript Event (XSS) 2022-07-01 09:40:30,179 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Open Redirect 2022-07-01 09:40:30,179 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: X-Backend-Server Header Information Leak 2022-07-01 09:40:30,179 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: X-ChromeLogger-Data (XCOLD) Header Information Leak 2022-07-01 09:40:30,179 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Vulnerable JS Library (Powered by Retire.js) 2022-07-01 09:40:30,179 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Anti-clickjacking Header 2022-07-01 09:40:30,179 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure 2022-07-01 09:40:30,180 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Re-examine Cache-control Directives 2022-07-01 09:40:30,180 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Charset Mismatch 2022-07-01 09:40:30,180 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Content Security Policy (CSP) Header Not Set 2022-07-01 09:40:30,180 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: CSP 2022-07-01 09:40:30,180 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing 2022-07-01 09:40:30,180 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag 2022-07-01 09:40:30,180 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Loosely Scoped Cookie 2022-07-01 09:40:30,180 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Cookie without SameSite Attribute 2022-07-01 09:40:30,181 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag 2022-07-01 09:40:30,181 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Cross-Domain Misconfiguration 2022-07-01 09:40:30,181 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion 2022-07-01 09:40:30,181 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Absence of Anti-CSRF Tokens 2022-07-01 09:40:30,181 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure 2022-07-01 09:40:30,181 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite 2022-07-01 09:40:30,181 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Debug Error Messages 2022-07-01 09:40:30,181 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in URL 2022-07-01 09:40:30,182 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header 2022-07-01 09:40:30,182 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Suspicious Comments 2022-07-01 09:40:30,182 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Weak Authentication Method 2022-07-01 09:40:30,182 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Insecure JSF ViewState 2022-07-01 09:40:30,182 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content 2022-07-01 09:40:30,182 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Timestamp Disclosure 2022-07-01 09:40:30,182 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Username Hash Found 2022-07-01 09:40:30,182 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Viewstate 2022-07-01 09:40:30,183 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: X-AspNet-Version Response Header 2022-07-01 09:40:30,183 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing 2022-07-01 09:40:30,183 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: X-Debug-Token Information Leak 2022-07-01 09:40:30,183 [ZAP-daemon] INFO ExtensionPassiveScan - loaded passive scan rule: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) 2022-07-01 09:40:30,203 [ZAP-daemon] INFO ExtensionLoader - Initializing Alerts Extension - Allows you to view and manage alerts 2022-07-01 09:40:30,204 [ZAP-daemon] INFO ExtensionLoader - Initializing Active Scan Extension - Active scanner, heavily based on the original Paros active scanner, but with additional tests added 2022-07-01 09:40:30,211 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionSequence - ExtensionSequence 2022-07-01 09:40:30,211 [ZAP-daemon] INFO ExtensionLoader - Initializing Spider Extension - Spider used for automatically finding URIs on a site 2022-07-01 09:40:30,216 [ZAP-daemon] INFO ExtensionLoader - Initializing Standard Menus Extension - A set of common popup menus for miscellaneous tasks 2022-07-01 09:40:30,217 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionBruteForce - Forced browsing of files and directories using code from the OWASP DirBuster tool 2022-07-01 09:40:30,217 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionPortScan - Simple but effective port scanner 2022-07-01 09:40:30,218 [ZAP-daemon] INFO ExtensionLoader - Initializing Manual Request Editor Extension - Manual Request Editor Extension 2022-07-01 09:40:30,218 [ZAP-daemon] INFO ExtensionLoader - Initializing Compare Extension - Compares 2 sessions and generates an HTML file showing the differences 2022-07-01 09:40:30,218 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionInvoke - Invoke external applications passing context related information such as URLs and parameters 2022-07-01 09:40:30,219 [ZAP-daemon] INFO ExtensionLoader - Initializing Anti-CSRF Extension - Handles anti cross site request forgery (CSRF) tokens 2022-07-01 09:40:30,222 [ZAP-daemon] INFO ExtensionLoader - Initializing Authentication Extension - Authentication Extension 2022-07-01 09:40:30,233 [ZAP-daemon] INFO ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication, JSON-based Authentication] 2022-07-01 09:40:30,235 [ZAP-daemon] INFO ExtensionLoader - Initializing Log4j Extension - Logs errors to the Output tab in development mode only 2022-07-01 09:40:30,235 [ZAP-daemon] INFO ExtensionLoader - Initializing Users Extension - Users Extension 2022-07-01 09:40:30,236 [ZAP-daemon] INFO ExtensionLoader - Initializing Parameters Extension - Summarise and analyse FORM and URL parameters as well as cookies 2022-07-01 09:40:30,237 [ZAP-daemon] INFO ExtensionLoader - Initializing Script Extension - Script integration 2022-07-01 09:40:30,239 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionScripts - Scripting console, supports all JSR 223 scripting languages 2022-07-01 09:40:30,419 [ZAP-daemon] INFO ExtensionLoader - Initializing Forced User Extension - Forced User Extension 2022-07-01 09:40:30,420 [ZAP-daemon] INFO ExtensionLoader - Initializing HTTP Sessions Extension - Extension handling HTTP sessions 2022-07-01 09:40:30,421 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionZest - Zest is a specialized scripting language, originally, from Mozilla specifically designed to be used in security tools 2022-07-01 09:40:30,573 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionDiff - ExtensionDiff 2022-07-01 09:40:30,573 [ZAP-daemon] INFO ExtensionLoader - Initializing HTTP Panel Post Table View Extension - HTTP Panel Post Table View Extension 2022-07-01 09:40:30,573 [ZAP-daemon] INFO ExtensionLoader - Initializing Encoder Addon - Adds support for scriptable encoders to ZAP. 2022-07-01 09:40:30,574 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionPlugNHack - Simple browser configuration 2022-07-01 09:40:30,574 [ZAP-daemon] INFO ExtensionLoader - Initializing Session Management Extension - Session Management Extension 2022-07-01 09:40:30,579 [ZAP-daemon] INFO ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management, Script-based Session Management] 2022-07-01 09:40:30,580 [ZAP-daemon] INFO ExtensionLoader - Initializing HTTP Panel Form Table View Extension - HTTP Panel Form Table View Extension 2022-07-01 09:40:30,580 [ZAP-daemon] INFO ExtensionLoader - Initializing WebSockets Support - Capture messages from WebSockets with the ability to set breakpoints. 2022-07-01 09:40:30,597 [ZAP-daemon] INFO ExtensionLoader - Initializing SOAP/WSDL Support - Allows you to import a WSDL file containing operations which ZAP will access, adding them to the Sites tree. 2022-07-01 09:40:30,598 [ZAP-daemon] INFO ExtensionLoader - Initializing Core UI Extension - Core UI related functionality. 2022-07-01 09:40:30,598 [ZAP-daemon] INFO ExtensionLoader - Initializing Authorization Extension - Authorization Extension 2022-07-01 09:40:30,599 [ZAP-daemon] INFO ExtensionLoader - Initializing Requester - Multi-tab manual request editor interface 2022-07-01 09:40:30,599 [ZAP-daemon] INFO ExtensionLoader - Initializing AJAX Spider - AJAX Spider, uses Crawljax 2022-07-01 09:40:30,600 [ZAP-daemon] INFO ExtensionLoader - Initializing WebDriver Provider - Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser. 2022-07-01 09:40:30,604 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionAccessControl - Add-on that adds a set of tools for testing access control in web applications. 2022-07-01 09:40:30,605 [ZAP-daemon] INFO ExtensionLoader - Initializing Global Exclude URLs Extension - Handles adding Global Excluded URLs 2022-07-01 09:40:30,605 [ZAP-daemon] INFO ExtensionLoader - Initializing Refresh Sites Tree Extension - Adds menu item to refresh the Sites tree 2022-07-01 09:40:30,605 [ZAP-daemon] INFO ExtensionLoader - Initializing Help Extension - OWASP ZAP User Guide 2022-07-01 09:40:30,605 [ZAP-daemon] INFO ExtensionLoader - Initializing Call Home - Handles all of the calls to ZAP services 2022-07-01 09:40:30,606 [ZAP-daemon] INFO ExtensionLoader - Initializing Network Extension - Provides core networking capabilities. 2022-07-01 09:40:30,625 [ZAP-daemon] INFO SSLConnector - Reading supported SSL/TLS protocols... 2022-07-01 09:40:30,626 [ZAP-daemon] INFO SSLConnector - Using a SSLEngine... 2022-07-01 09:40:30,627 [ZAP-daemon] INFO SSLConnector - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3] 2022-07-01 09:40:30,627 [ZAP-daemon] INFO ConnectionOptions - Unsafe SSL/TLS renegotiation disabled. 2022-07-01 09:40:30,628 [ZAP-daemon] INFO ExtensionLoader - Initializing Extension Configuration Extension - Allows you to configure which extensions are loaded when ZAP starts 2022-07-01 09:40:30,629 [ZAP-daemon] INFO ExtensionLoader - Initializing Combined HTTP Panels Extension - Combined HTTP Panels Extension 2022-07-01 09:40:30,629 [ZAP-daemon] INFO ExtensionLoader - Initializing HTTP Panel Hex View Extension - HTTP Panel Hex View Extension 2022-07-01 09:40:30,629 [ZAP-daemon] INFO ExtensionLoader - Initializing HTTP Panel Image View Extension - HTTP Panel Image View Extension 2022-07-01 09:40:30,629 [ZAP-daemon] INFO ExtensionLoader - Initializing HTTP Panel Query Table View Extension - HTTP Panel Query Table View Extension 2022-07-01 09:40:30,629 [ZAP-daemon] INFO ExtensionLoader - Initializing HTTP Panel Syntax Highlighter View Extension - HTTP Panel Syntax Highlighter View Extension 2022-07-01 09:40:30,629 [ZAP-daemon] INFO ExtensionLoader - Initializing Keyboard Configuration Extension - Adds support for configurable keyboard shortcuts for all of the ZAP menus. 2022-07-01 09:40:30,629 [ZAP-daemon] INFO ExtensionLoader - Initializing Scanner Rule Configuration Extension - Active and passive rule configuration 2022-07-01 09:40:30,631 [ZAP-daemon] INFO ExtensionLoader - Initializing Statistics Extension - Statistics 2022-07-01 09:40:30,631 [ZAP-daemon] INFO ExtensionStats - Start recording in memory stats 2022-07-01 09:40:30,632 [ZAP-daemon] INFO ExtensionLoader - Initializing Custom Pages Extension - Custom Pages Definition 2022-07-01 09:40:30,632 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionFormHandler - This extension allows a user to change the default values used by ZAP Spiders. 2022-07-01 09:40:30,634 [ZAP-daemon] INFO ExtensionLoader - Initializing Scripts Automation Framework Integration - Scripts Automation 2022-07-01 09:40:30,638 [ZAP-daemon] INFO ExtensionLoader - Initializing Advance Fuzzer - Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations. 2022-07-01 09:40:30,639 [ZAP-daemon] INFO ExtensionLoader - Initializing HTTP Fuzzer - Allows to fuzz HTTP messages. 2022-07-01 09:40:30,639 [ZAP-daemon] INFO ExtensionLoader - Initializing Common Library - A library of shared functionality 2022-07-01 09:40:30,640 [ZAP-daemon] INFO ExtensionLoader - Initializing SOAP Automation - SOAP Automation Framework Integration 2022-07-01 09:40:30,641 [ZAP-daemon] INFO ExtensionLoader - Initializing Passive Scan Rules - beta - Beta status passive scan rules 2022-07-01 09:40:30,641 [ZAP-daemon] INFO ExtensionLoader - Initializing Out-of-band Application Security Testing - Adds Out-of-band Application Security Testing functionality. 2022-07-01 09:40:30,644 [ZAP-daemon] INFO ExtensionLoader - Initializing OAST Scripts - Adds OAST scripts. 2022-07-01 09:40:30,644 [ZAP-daemon] INFO ExtensionLoader - Initializing Report Generator - Templated and themed report generation functionality 2022-07-01 09:40:30,645 [ZAP-daemon] INFO ExtensionLoader - Initializing Report Generation Automation Integration - Report Generation Automation Integration 2022-07-01 09:40:30,647 [ZAP-daemon] INFO ExtensionLoader - Initializing Retest - Facilitates the verification of presence/absence of certain alerts. 2022-07-01 09:40:30,648 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionAlertFilters - Context alert rules filter 2022-07-01 09:40:30,649 [ZAP-daemon] INFO ExtensionLoader - Initializing Alert Filters Automation - Alert Filters Automation Framework Integration 2022-07-01 09:40:30,650 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionGettingStarted - The ZAP Getting Started Guide 2022-07-01 09:40:30,650 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionTipsAndTricks - Tips and Tricks 2022-07-01 09:40:30,650 [ZAP-daemon] INFO ExtensionLoader - Initializing Automation Framework - Provides functionality to simplify using ZAP in an automated manner 2022-07-01 09:40:30,651 [ZAP-daemon] INFO ExtensionLoader - Initializing Quick Start panel - Adds the Quick Start panel for scanning and exploring applications 2022-07-01 09:40:30,651 [ZAP-daemon] INFO ExtensionLoader - Initializing Quick Start Ajax Spider integration - Add the option to use the Ajax Spider in the Quick Start scan 2022-07-01 09:40:30,652 [ZAP-daemon] INFO ExtensionLoader - Initializing Quick Start HUD Integration - HUD integration for the quick start panel 2022-07-01 09:40:30,652 [ZAP-daemon] INFO ExtensionLoader - Initializing Quick Start Browser Launcher - Launch browsers preset proxying through ZAP 2022-07-01 09:40:30,652 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionHUD - Heads Up Display 2022-07-01 09:40:30,806 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionHUDlaunch - ExtensionHUDlaunch 2022-07-01 09:40:30,807 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionCoreLang - Translations of the core language files 2022-07-01 09:40:30,807 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionDomXSS - DOM XSS Active Scan Rule 2022-07-01 09:40:30,858 [ZAP-daemon] INFO ExtensionLoader - Initializing Active Scan Rules - Release status active scan rules 2022-07-01 09:40:30,858 [ZAP-daemon] INFO ExtensionLoader - Initializing OpenAPI Import - Allows you to spider and import OpenAPI (Swagger) definitions 2022-07-01 09:40:30,860 [ZAP-daemon] INFO ExtensionLoader - Initializing OpenAPI Automation - OpenAPI Automation Framework Integration 2022-07-01 09:40:30,861 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionAscanRulesBeta - Beta status active scan rules 2022-07-01 09:40:30,862 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionOnlineMenu - The Online menu links 2022-07-01 09:40:30,862 [ZAP-daemon] INFO ExtensionLoader - Initializing Passive Scan Rules - Release status passive scan rules 2022-07-01 09:40:30,862 [ZAP-daemon] INFO ExtensionLoader - Initializing Match and Replace - Easy way to replace strings in requests and responses 2022-07-01 09:40:30,864 [ZAP-daemon] INFO ExtensionLoader - Initializing Ajax Spider Automation - Ajax Spider Automation Framework Integration 2022-07-01 09:40:30,866 [ZAP-daemon] INFO ExtensionLoader - Initializing ExtensionGraphQl - Allows you to inspect and attack GraphQL endpoints. 2022-07-01 09:40:30,868 [ZAP-daemon] INFO ExtensionLoader - Initializing GraphQL Automation - GraphQL Automation Framework Integration 2022-07-01 09:40:30,869 [ZAP-daemon] INFO ExtensionLoader - Initializing Import/Export - Import and Export functionality supporting multiple formats. 2022-07-01 09:40:30,870 [ZAP-daemon] INFO ExtensionLoader - Initializing Import/Export Automation - Import/Export Automation Framework Integration 2022-07-01 09:40:30,871 [ZAP-daemon] INFO ExtensionLoader - Initializing WebSocket Fuzzer - Allows to fuzz WebSocket messages. 2022-07-01 09:40:30,871 [ZAP-daemon] INFO ExtensionLoader - Initializing GraalVM JavaScript Engine Extension - Provides the GraalVM JavaScript engine for ZAP scripting. 2022-07-01 09:40:31,092 [ZAP-daemon] INFO CallbackService - Started callback service on 0.0.0.0:46353 2022-07-01 09:40:31,094 [ZAP-daemon] INFO ExtensionNetwork - Creating new root CA certificate. 2022-07-01 09:40:31,869 [ZAP-daemon] INFO ExtensionNetwork - New root CA certificate created. 2022-07-01 09:40:32,912 [ZAP-daemon] INFO CommandLine - Add-on update check complete 2022-07-01 09:40:32,915 [ZAP-daemon] INFO CommandLine - Add-on already installed: /zap/./plugin/pscanrulesBeta-beta-30.zap 2022-07-01 09:40:32,915 [ZAP-daemon] INFO CommandLine - Add-on already installed: /zap/./plugin/ascanrulesBeta-beta-42.zap 2022-07-01 09:40:32,923 [ZAP-daemon] INFO ExtensionNetwork - ZAP is now listening on 0.0.0.0:33607 2022-07-01 09:40:36,123 [ZAP-SpiderInitThread-0] INFO SpiderThread - Starting spidering scan on Context: ciri-context at 2022-07-01T09:40:36.122+0000 2022-07-01 09:40:36,125 [ZAP-SpiderInitThread-0] INFO Spider - Spider initializing... 2022-07-01 09:40:36,144 [ZAP-SpiderInitThread-0] INFO Spider - Starting spider... 2022-07-01 09:40:37,095 [ZAP-SpiderThreadPool-0-thread-2] WARN URLCanonicalizer - Host could not be reliably evaluated from: http://a@b@c/ (on base http://10.0.2.15:9000/vendor.js) 2022-07-01 09:40:37,096 [ZAP-SpiderThreadPool-0-thread-2] WARN URLCanonicalizer - Host could not be reliably evaluated from: http://0.0.0.0:0&sockPath=/sockjs-node (on base http://10.0.2.15:9000/vendor.js) 2022-07-01 09:40:37,096 [ZAP-SpiderThreadPool-0-thread-2] WARN URLCanonicalizer - Host could not be reliably evaluated from: http://0.0.0.0:0&sockPath=/sockjs-node (on base http://10.0.2.15:9000/vendor.js) 2022-07-01 09:40:37,098 [ZAP-SpiderThreadPool-0-thread-2] WARN URLCanonicalizer - Host could not be reliably evaluated from: http://0.0.0.0:8096&sockPort=8097&sockHost=localhost%60 (on base http://10.0.2.15:9000/vendor.js) 2022-07-01 09:40:38,583 [ZAP-PassiveScan-3] INFO PassiveScanTaskHelper - Disabling passive scan rule Cross-Domain Misconfiguration as it has raised more than 10 alerts. 2022-07-01 09:40:38,603 [ZAP-PassiveScan-3] INFO PassiveScanTaskHelper - Disabling passive scan rule Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) as it has raised more than 10 alerts. 2022-07-01 09:40:38,895 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Cookie without SameSite Attribute as it has raised more than 10 alerts. 2022-07-01 09:40:39,089 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Cookie No HttpOnly Flag as it has raised more than 10 alerts. 2022-07-01 09:40:39,804 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,814 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,819 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,820 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,821 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,821 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,830 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,832 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,837 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,838 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,839 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,840 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,841 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,841 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,842 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,843 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,843 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,844 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,845 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,864 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,865 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,866 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,867 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,867 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,878 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,881 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,883 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,884 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,889 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,894 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,895 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,896 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,897 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,897 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,898 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,899 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,899 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,900 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,901 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,932 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,934 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,935 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,943 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,944 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,964 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,966 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,967 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,968 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,987 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,989 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,990 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,990 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,991 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,992 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,993 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:39,994 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,011 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,019 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,020 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,020 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,021 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,021 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,022 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,040 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,041 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,042 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,043 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,043 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,044 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,044 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,045 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,045 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,066 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,068 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,068 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,069 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,069 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,070 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,071 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,071 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,072 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,072 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,073 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,073 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,094 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,095 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:40,096 [ZAP-PassiveScan-2] INFO PassiveScanTaskHelper - Disabling passive scan rule Timestamp Disclosure as it has raised more than 10 alerts. 2022-07-01 09:40:41,532 [ZAP-PassiveScan-4] INFO PassiveScanTaskHelper - Disabling passive scan rule Information Disclosure - Suspicious Comments as it has raised more than 10 alerts. 2022-07-01 09:40:41,533 [ZAP-PassiveScan-4] INFO PassiveScanTaskHelper - Disabling passive scan rule Information Disclosure - Suspicious Comments as it has raised more than 10 alerts. 2022-07-01 09:40:41,534 [ZAP-PassiveScan-4] INFO PassiveScanTaskHelper - Disabling passive scan rule Information Disclosure - Suspicious Comments as it has raised more than 10 alerts. 2022-07-01 09:40:41,535 [ZAP-PassiveScan-4] INFO PassiveScanTaskHelper - Disabling passive scan rule Information Disclosure - Suspicious Comments as it has raised more than 10 alerts. 2022-07-01 09:40:41,536 [ZAP-PassiveScan-4] INFO PassiveScanTaskHelper - Disabling passive scan rule Information Disclosure - Suspicious Comments as it has raised more than 10 alerts. 2022-07-01 09:40:41,538 [ZAP-PassiveScan-4] INFO PassiveScanTaskHelper - Disabling passive scan rule Information Disclosure - Suspicious Comments as it has raised more than 10 alerts. 2022-07-01 09:40:47,043 [ZAP-SpiderThreadPool-0-thread-2] ERROR SpiderThread - java.sql.SQLException: The actual Response Body length 31989168 is greater than the configured response body length 16777216 org.parosproxy.paros.db.DatabaseException: java.sql.SQLException: The actual Response Body length 31989168 is greater than the configured response body length 16777216 at org.parosproxy.paros.db.paros.ParosTableHistory.write(ParosTableHistory.java:446) ~[zap-D-2022-06-20.jar:D-2022-06-20] at org.parosproxy.paros.model.HistoryReference.(HistoryReference.java:373) ~[zap-D-2022-06-20.jar:D-2022-06-20] at org.zaproxy.zap.extension.spider.SpiderThread.notifySpiderTaskResult(SpiderThread.java:507) ~[zap-D-2022-06-20.jar:D-2022-06-20] at org.zaproxy.zap.spider.Spider.notifyListenersSpiderTaskResult(Spider.java:834) ~[zap-D-2022-06-20.jar:D-2022-06-20] at org.zaproxy.zap.spider.SpiderTask.runImpl(SpiderTask.java:217) ~[zap-D-2022-06-20.jar:D-2022-06-20] at org.zaproxy.zap.spider.SpiderTask.run(SpiderTask.java:150) ~[zap-D-2022-06-20.jar:D-2022-06-20] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?] at java.lang.Thread.run(Thread.java:829) ~[?:?] Caused by: java.sql.SQLException: The actual Response Body length 31989168 is greater than the configured response body length 16777216 at org.parosproxy.paros.db.paros.ParosTableHistory.write(ParosTableHistory.java:476) ~[zap-D-2022-06-20.jar:D-2022-06-20] at org.parosproxy.paros.db.paros.ParosTableHistory.write(ParosTableHistory.java:430) ~[zap-D-2022-06-20.jar:D-2022-06-20] ... 8 more 2022-07-01 09:40:47,047 [ZAP-SpiderThreadPool-0-thread-2] INFO Spider - Spidering process is complete. Shutting down... 2022-07-01 09:40:47,048 [ZAP-SpiderShutdownThread-0] INFO SpiderThread - Spider scanning complete: true on Context: ciri-context at 2022-07-01T09:40:47.048+0000 2022-07-01 09:40:51,241 [ZAP-AjaxSpiderApi] INFO SpiderThread - Running Crawljax (with firefox-headless): API - Context: ciri-context 2022-07-01 09:40:51,242 [ZAP-AjaxSpiderApi] INFO SpiderThread - Starting proxy... 2022-07-01 09:40:51,243 [ZAP-AjaxSpiderApi] INFO SpiderThread - Proxy started, listening at port [37827]. 2022-07-01 09:40:51,437 [ZAP-AjaxSpiderApi] INFO Plugins - Loaded org.zaproxy.zap.extension.spiderAjax.SpiderThread$DummyPlugin@4b820f47 as a OnBrowserCreatedPlugin 2022-07-01 09:40:53,456 [Forwarding newSession on session null to remote] INFO ProtocolHandshake - Detected dialect: W3C 2022-07-01 09:40:54,505 [ZAP-PassiveScan-4] INFO PassiveScanTaskHelper - Disabling passive scan rule X-Content-Type-Options Header Missing as it has raised more than 10 alerts. 2022-07-01 09:40:55,103 [ZAP-IO-EventExecutor-3-4] INFO ZapHttpRequestRetryExec - Recoverable I/O exception (org.apache.hc.core5.http.NoHttpResponseException) caught when processing request to {}->http://10.0.2.15:9000 2022-07-01 09:40:56,105 [ZAP-IO-EventExecutor-3-4] INFO ZapHttpRequestRetryExec - Recoverable I/O exception (org.apache.hc.core5.http.NoHttpResponseException) caught when processing request to {}->http://10.0.2.15:9000 2022-07-01 09:40:56,470 [ZAP-PassiveScan-4] INFO PassiveScanTaskHelper - Disabling passive scan rule Modern Web Application as it has raised more than 10 alerts. 2022-07-01 09:40:57,108 [ZAP-IO-EventExecutor-3-4] INFO ZapHttpRequestRetryExec - Recoverable I/O exception (org.apache.hc.core5.http.NoHttpResponseException) caught when processing request to {}->http://10.0.2.15:9000 2022-07-01 09:41:02,478 [ZAP-PassiveScan-3] INFO PassiveScanTaskHelper - Disabling passive scan rule Anti-clickjacking Header as it has raised more than 10 alerts. 2022-07-01 09:41:02,485 [ZAP-PassiveScan-4] INFO PassiveScanTaskHelper - Disabling passive scan rule Content Security Policy (CSP) Header Not Set as it has raised more than 10 alerts. 2022-07-01 09:41:04,251 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Vulnerable JS Library (Powered by Retire.js) took 8 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:10,307 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Application Error Disclosure took 15 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:10,307 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Re-examine Cache-control Directives took 15 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:10,335 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Charset Mismatch took 15 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:10,336 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule CSP took 15 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:10,336 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Content-Type Header Missing took 15 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:10,336 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Loosely Scoped Cookie took 15 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:10,336 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Cookie Without Secure Flag took 15 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:10,336 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Cross-Domain JavaScript Source File Inclusion took 15 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:10,350 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Absence of Anti-CSRF Tokens took 15 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:14,536 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Private IP Disclosure took 19 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:14,536 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Session ID in URL Rewrite took 19 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:14,536 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Information Disclosure - Debug Error Messages took 19 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:14,536 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Information Disclosure - Sensitive Information in URL took 19 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:14,536 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Information Disclosure - Sensitive Information in HTTP Referrer Header took 19 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:14,536 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Weak Authentication Method took 19 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:14,537 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Insecure JSF ViewState took 19 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:14,537 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Secure Pages Include Mixed Content took 19 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:16,406 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Username Hash Found took 21 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:16,407 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Viewstate took 21 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:16,407 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule X-AspNet-Version Response Header took 21 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:16,407 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule X-Debug-Token Information Leak took 21 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:16,407 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Anti CSRF Token Detection took 21 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:16,408 [ZAP-PassiveScan-2] WARN PassiveScanTask - Passive Scan rule Parameter Scanner took 21 seconds to scan http://10.0.2.15:9000/src_main_webapp_bootstrap_ts.js application/javascript; charset=UTF-8 9561234 2022-07-01 09:41:34,145 [ZAP-IO-EventExecutor-3-1] WARN HttpSenderHandler - Failed to read http://10.0.2.15:9000/browser-sync/socket.io/?EIO=3&transport=polling&t=O6v8dp6.0&sid=0H4rRGK1ehGCKDoqAAAl within 40 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel. 2022-07-01 09:42:51,480 [pool-2-thread-1] INFO CrawlController - Time is up! Shutting down... 2022-07-01 09:46:07,362 [ZAP-AjaxSpiderApi] INFO CrawlController - Received shutdown notice. Reason is Maximum time passed 2022-07-01 09:46:07,692 [ZAP-AjaxSpiderApi] INFO CrawlController - Shutdown process complete 2022-07-01 09:46:07,692 [ZAP-AjaxSpiderApi] INFO SpiderThread - Stopping proxy... 2022-07-01 09:46:07,696 [ZAP-AjaxSpiderApi] INFO SpiderThread - Proxy stopped. 2022-07-01 09:46:07,697 [ZAP-AjaxSpiderApi] INFO SpiderThread - Finished Crawljax: API - Context: ciri-context