admin管理员组

文章数量:1287577

I'm trying to automate a ZAP scan using a YAML file, but I'm encountering issues with the spiderAjax job. Here is my YAML configuration:

env:
  contexts:
  - name: "example"
    urls:
    - "example"
    includePaths:
    - "example.*"
    excludePaths: []
    sessionManagement:
      method: "cookie"
      parameters: {}

  parameters:
    failOnError: true
    failOnWarning: false
    progressToStdout: true

jobs:
- parameters:
    context: "example"
    url: "example"
    maxDuration: 0
  tests:
    - onFail: "INFO"
      statistic: "automation.spider.urls.added"
      site: ""
      operator: ">="
      value: 1
      type: "stats"
      name: "At least 1 URL found"
  name: "spider"
  type: "spider"
- parameters: #This Part dont work
    context: "example"
    maxDuration: 0
    numberOfBrowsers: 2 
  name: "spiderAjax"
  type: "spiderAjax"

When I run this YAML file, the spiderAjax job doesn't seem to work as expected. It starts but finds 0 URLs and finishes almost immediately. Additionally, I receive warnings about unrecognized parameters for the spiderAjax job:

Unrecognised parameter for job spiderAjax : maxDepth
Unrecognised parameter for job spiderAjax : maxChildren

I tried running the scan manually in ZAP, and it correctly identifies vulnerabilities, including a high warning for vulnerable JS. However, the automated scan using the YAML file does not produce the same results.

Questions:

  1. How can I correctly configure the spiderAjax job in the YAML file to work as expected?
  2. Are there any additional parameters or settings I need to include to ensure the AJAX Spider works correctly?
  3. Are there any examples or resources that demonstrate the correct usage of the spiderAjax job in a YAML file?

Additional Context:

I'm running ZAP on a Windows machine. The manual scan in ZAP identifies vulnerabilities correctly. The goal is to automate the scan and generate a report using the YAML file.

Any help or examples would be greatly appreciated!

I'm trying to automate a ZAP scan using a YAML file, but I'm encountering issues with the spiderAjax job. Here is my YAML configuration:

env:
  contexts:
  - name: "example"
    urls:
    - "example"
    includePaths:
    - "example.*"
    excludePaths: []
    sessionManagement:
      method: "cookie"
      parameters: {}

  parameters:
    failOnError: true
    failOnWarning: false
    progressToStdout: true

jobs:
- parameters:
    context: "example"
    url: "example"
    maxDuration: 0
  tests:
    - onFail: "INFO"
      statistic: "automation.spider.urls.added"
      site: ""
      operator: ">="
      value: 1
      type: "stats"
      name: "At least 1 URL found"
  name: "spider"
  type: "spider"
- parameters: #This Part dont work
    context: "example"
    maxDuration: 0
    numberOfBrowsers: 2 
  name: "spiderAjax"
  type: "spiderAjax"

When I run this YAML file, the spiderAjax job doesn't seem to work as expected. It starts but finds 0 URLs and finishes almost immediately. Additionally, I receive warnings about unrecognized parameters for the spiderAjax job:

Unrecognised parameter for job spiderAjax : maxDepth
Unrecognised parameter for job spiderAjax : maxChildren

I tried running the scan manually in ZAP, and it correctly identifies vulnerabilities, including a high warning for vulnerable JS. However, the automated scan using the YAML file does not produce the same results.

Questions:

  1. How can I correctly configure the spiderAjax job in the YAML file to work as expected?
  2. Are there any additional parameters or settings I need to include to ensure the AJAX Spider works correctly?
  3. Are there any examples or resources that demonstrate the correct usage of the spiderAjax job in a YAML file?

Additional Context:

I'm running ZAP on a Windows machine. The manual scan in ZAP identifies vulnerabilities correctly. The goal is to automate the scan and generate a report using the YAML file.

Any help or examples would be greatly appreciated!

  • yaml
  • zap
  • zapproxy
Share Improve this question asked Feb 24 at 19:22 merts1004merts1004 12 bronze badges 1
  • It seems like your yaml might be wrong, it seems like - parameters is a "higher" level than the job it applies to (based on the indent or lack thereof). – kingthorin Commented Feb 25 at 17:27
Add a comment  | 

1 Answer 1

Reset to default 0

Is "example" actually a valid URL? It should be of the form "https://www.example". If it is then check the zap.log file for errors, everything else looks fine. However the errors you've mentioned imply that you havnt included the full yaml file, so its difficult to be sure.

本文标签: zapCan i use Ajax Spider in a Yaml FileStack Overflow

版权声明:本文标题:zap - Can i use Ajax Spider in a Yaml File - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741245613a2364815.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。