Skip to content

Instantly share code, notes, and snippets.

@kmcquade

kmcquade/zap-template.yaml

Last active Jun 10, 2021
Embed
What would you like to do?
--- # OWASP ZAP automation configuration file, for more details see https://www.zaproxy.com/docs/(TBA)
env: # The environment, mandatory
contexts: # List of 1 or more contexts, mandatory
- name: context 1 # Name to be used to refer to this context in other jobs, mandatory
url: http://demo.testfire.net # The top level url, mandatory, everything under this will be included
includePaths: # TBA: An optional list of regexes to include
excludePaths: # TBA: An optional list of regexes to exclude
authentication: # TBA: In time to cover all auth configs
parameters:
failOnError: true # If set exit on an error
failOnWarning: false # If set exit on a warning
progressToStdout: true # If set will write job progress to stdout
jobs:
- type: addOns # Add-on management
parameters:
updateAddOns: true # Update any add-ons that have new versions
install: # A list of non standard add-ons to install from the ZAP Marketplace
- ascanrules
- ascanrulesAlpha
- ascanrulesBeta
- pscanrulesBeta
- pscanrulesAlpha
- automation
- domxss
- graphql
- openapi
- reflect
- reports
- soap
- spiderAjax
uninstall: # A list of standard add-ons to uninstall
- type: passiveScan-config # Passive scan configuration
parameters:
maxAlertsPerRule: 10 # Int: Maximum number of alerts to raise per rule
scanOnlyInScope: true # Bool: Only scan URLs in scope (recommended)
maxBodySizeInBytesToScan: # Int: Maximum body size to scan, default: 0 - will scan all messages
rules: # A list of one or more passive scan rules and associated settings which override the defaults
- id: None
- type: spider # The traditional spider - fast but doesnt handle modern apps so well
parameters:
context: # String: Name of the context to spider, default: first context
url: # String: Url to start spidering from, default: first context URL
failIfFoundUrlsLessThan: # Int: Fail if spider finds less than the specified number of URLs, default: 0
warnIfFoundUrlsLessThan: # Int: Warn if spider finds less than the specified number of URLs, default: 0
maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
maxDepth: # Int: The maximum tree depth to explore, default 5
maxChildren: # Int: The maximum number of children to add to each node in the tree
acceptCookies: # Bool: Whether the spider will accept cookies, default: true
handleODataParametersVisited: # Bool: Whether the spider will handle OData responses, default: false
handleParameters: # Enum [ignore_completely, ignore_value, use_all]: How query string parameters are used when checking if a URI has already been visited, default: use_all
maxParseSizeBytes: # Int: The max size of a response that will be parsed, default: 2621440 - 2.5 Mb
parseComments: # Bool: Whether the spider will parse HTML comments in order to find URLs, default: true
parseGit: # Bool: Whether the spider will parse Git metadata in order to find URLs, default: false
parseRobotsTxt: # Bool: Whether the spider will parse 'robots.txt' files in order to find URLs, default: true
parseSitemapXml: # Bool: Whether the spider will parse 'sitemap.xml' files in order to find URLs, default: true
parseSVNEntries: # Bool: Whether the spider will parse SVN metadata in order to find URLs, default: false
postForm: # Bool: Whether the spider will submit POST forms, default: true
processForm: # Bool: Whether the spider will process forms, default: true
requestWaitTime: # Int: The time between the requests sent to a server in milliseconds, default: 200
sendRefererHeader: # Bool: Whether the spider will send the referer header, default: true
threadCount: # Int: The number of spider threads, default: 2
userAgent: # String: The user agent to use in requests, default: '' - use the default ZAP one
- type: passiveScan-wait # Passive scan wait for the passive scanner to finish
parameters:
maxDuration: 1 # Int: The max time to wait for the passive scanner, default: 0 unlimited
- type: activeScan # The active scanner - this actively attacks the target so should only be used with permission
parameters:
context: # String: Name of the context to attack, default: first context
policy: # String: Name of the scan policy to be used, default: Default Policy
maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
addQueryParam: # Bool: If set will add an extra query parameter to requests that do not have one, default: false
defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
delayInMs: # Int: The delay in milliseconds between each request, use to reduce the strain on the target, default 0
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
threadPerHost: # Int: The max number of threads per host, default: 2
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: Low # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
defaultThreshold: Off # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
rules: # A list of one or more active scan rules and associated settings which override the defaults
- id: 20012
threshold: Medium
strength: Medium
- type: report # Report generation
parameters:
template: # String: The template id, default : traditional-html
reportDir: /tmp/zap/ # String: The directory into which the report will be written
reportFile: # String: The report file name pattern, default: {yyyy-MM-dd}-ZAP-Report-[[site]]
reportTitle: # String: The report title
reportDescription: # String: The report description
displayReport: # Boolean: Display the report when generated, default: false
risks: # List: The risks to include in this report, default all
- high
- medium
- low
- info
confidences: # List: The confidences to include in this report, default all
- high
- medium
- low
- falsepositive
sections: # List: The template sections to include in this report - see the relevant template, default all
2021-06-10 15:54:01,240 [main ] INFO Constant - Copying default configuration to /tmp/zap/config.xml
2021-06-10 15:54:01,445 [main ] INFO Constant - Creating directory /tmp/zap/session
2021-06-10 15:54:01,450 [main ] INFO Constant - Creating directory /tmp/zap/dirbuster
2021-06-10 15:54:01,454 [main ] INFO Constant - Creating directory /tmp/zap/fuzzers
2021-06-10 15:54:01,458 [main ] INFO Constant - Creating directory /tmp/zap/plugin
2021-06-10 15:54:01,533 [main ] INFO CommandLineBootstrap - OWASP ZAP D-2021-05-03 started 10/06/2021, 15:54:01 with home /tmp/zap/
2021-06-10 15:54:01,594 [main ] INFO SSLConnector - Reading supported SSL/TLS protocols...
2021-06-10 15:54:01,595 [main ] INFO SSLConnector - Using a SSLEngine...
2021-06-10 15:54:01,690 [main ] INFO SSLConnector - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3]
2021-06-10 15:54:01,695 [main ] INFO OptionsParamCertificate - Unsafe SSL renegotiation disabled.
2021-06-10 15:54:02,238 [main ] INFO ENGINE - dataFileCache open start
2021-06-10 15:54:02,262 [main ] INFO ENGINE - dataFileCache commit start
2021-06-10 15:54:02,268 [main ] INFO ENGINE - dataFileCache commit end
2021-06-10 15:54:02,270 [main ] INFO ENGINE - dataFileCache open end
2021-06-10 15:54:02,343 [main ] INFO ExtensionFactory - Loading extensions
2021-06-10 15:54:55,797 [main ] INFO ExtensionFactory - Installed add-ons: [[id=accessControl, version=7.0.0], [id=alertFilters, version=11.0.0], [id=ascanrules, version=39.0.0], [id=ascanrulesBeta, version=34.0.0], [id=automation, version=0.3.0], [id=bruteforce, version=11.0.0], [id=commonlib, version=1.3.0], [id=coreLang, version=14.0.0], [id=diff, version=11.0.0], [id=directorylistv1, version=5.0.0], [id=domxss, version=11.0.0], [id=encoder, version=0.6.0], [id=formhandler, version=4.0.0], [id=fuzz, version=13.2.0], [id=gettingStarted, version=13.0.0], [id=graaljs, version=0.2.0], [id=graphql, version=0.4.0], [id=help, version=12.0.0], [id=hud, version=0.13.0], [id=importurls, version=8.0.0], [id=invoke, version=11.0.0], [id=onlineMenu, version=9.0.0], [id=openapi, version=19.0.0], [id=plugnhack, version=12.0.0], [id=portscan, version=9.0.0], [id=pscanrules, version=34.0.0], [id=pscanrulesBeta, version=25.0.0], [id=quickstart, version=30.0.0], [id=replacer, version=9.0.0], [id=reports, version=0.3.0], [id=retire, version=0.8.0], [id=reveal, version=4.0.0], [id=saverawmessage, version=6.0.0], [id=savexmlmessage, version=0.2.0], [id=scripts, version=29.0.0], [id=selenium, version=15.4.0], [id=sequence, version=6.0.0], [id=soap, version=7.0.0], [id=spiderAjax, version=23.4.0], [id=tips, version=8.0.0], [id=webdriverlinux, version=29.0.0], [id=webdrivermacos, version=29.0.0], [id=webdriverwindows, version=29.0.0], [id=websocket, version=24.0.0], [id=zest, version=35.0.0]]
2021-06-10 15:54:56,620 [main ] INFO ExtensionFactory - Extensions loaded
2021-06-10 15:54:56,934 [main ] INFO ExtensionLoader - Initializing Allows ZAP to check for updates
2021-06-10 15:54:56,939 [main ] INFO ExtensionLoader - Initializing Options Extension
2021-06-10 15:54:56,941 [main ] INFO ExtensionLoader - Initializing Edit Menu Extension
2021-06-10 15:54:56,942 [main ] INFO ExtensionLoader - Initializing Provides a rest based API for controlling and accessing ZAP
2021-06-10 15:54:56,952 [main ] INFO ExtensionLoader - Initializing Session State Extension
2021-06-10 15:54:56,954 [main ] INFO ExtensionLoader - Initializing Report Extension
2021-06-10 15:54:56,955 [main ] INFO ExtensionLoader - Initializing History Extension
2021-06-10 15:54:56,958 [main ] INFO ExtensionLoader - Initializing Show hidden fields and enable disabled fields
2021-06-10 15:54:56,960 [main ] INFO ExtensionLoader - Initializing Search messages for strings and regular expressions
2021-06-10 15:54:56,962 [main ] INFO ExtensionLoader - Initializing Allows you to intercept and modify requests and responses
2021-06-10 15:54:56,965 [main ] INFO ExtensionLoader - Initializing Passive scanner
2021-06-10 15:54:57,044 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Script Passive Scan Rules
2021-06-10 15:54:57,046 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Stats Passive Scan Rule
2021-06-10 15:54:57,047 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Vulnerable JS Library
2021-06-10 15:54:57,048 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure
2021-06-10 15:54:57,049 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Incomplete or No Cache-control Header Set
2021-06-10 15:54:57,050 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Charset Mismatch
2021-06-10 15:54:57,052 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: CSP
2021-06-10 15:54:57,053 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing
2021-06-10 15:54:57,054 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag
2021-06-10 15:54:57,055 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Loosely Scoped Cookie
2021-06-10 15:54:57,056 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Cookie Without SameSite Attribute
2021-06-10 15:54:57,057 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag
2021-06-10 15:54:57,058 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Cross-Domain Misconfiguration
2021-06-10 15:54:57,058 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion
2021-06-10 15:54:57,059 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Absence of Anti-CSRF Tokens
2021-06-10 15:54:57,060 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure
2021-06-10 15:54:57,061 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite
2021-06-10 15:54:57,063 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Debug Error Messages
2021-06-10 15:54:57,063 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in URL
2021-06-10 15:54:57,064 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header
2021-06-10 15:54:57,065 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Suspicious Comments
2021-06-10 15:54:57,066 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Weak Authentication Method
2021-06-10 15:54:57,067 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Insecure JSF ViewState
2021-06-10 15:54:57,068 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content
2021-06-10 15:54:57,069 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Timestamp Disclosure
2021-06-10 15:54:57,070 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Username Hash Found
2021-06-10 15:54:57,071 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Viewstate
2021-06-10 15:54:57,072 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: X-AspNet-Version Response Header
2021-06-10 15:54:57,073 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing
2021-06-10 15:54:57,073 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: X-Debug-Token Information Leak
2021-06-10 15:54:57,074 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: X-Frame-Options Header
2021-06-10 15:54:57,075 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
2021-06-10 15:54:57,076 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: WSDL File Detection
2021-06-10 15:54:57,078 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Big Redirect Detected (Potential Sensitive Information Leak)
2021-06-10 15:54:57,079 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Content Security Policy (CSP) Header Not Set
2021-06-10 15:54:57,080 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Directory Browsing
2021-06-10 15:54:57,081 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Hash Disclosure
2021-06-10 15:54:57,081 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Heartbleed OpenSSL Vulnerability (Indicative)
2021-06-10 15:54:57,082 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: HTTP to HTTPS Insecure Transition in Form Post
2021-06-10 15:54:57,083 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: HTTPS to HTTP Insecure Transition in Form Post
2021-06-10 15:54:57,084 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Reverse Tabnabbing
2021-06-10 15:54:57,085 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Modern Web Application
2021-06-10 15:54:57,086 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: PII Disclosure
2021-06-10 15:54:57,087 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Retrieved from Cache
2021-06-10 15:54:57,088 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: HTTP Server Response Header
2021-06-10 15:54:57,089 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: HTTP Parameter Override
2021-06-10 15:54:57,090 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Strict-Transport-Security Header
2021-06-10 15:54:57,091 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: User Controllable Charset
2021-06-10 15:54:57,092 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Cookie Poisoning
2021-06-10 15:54:57,093 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: User Controllable HTML Element Attribute (Potential XSS)
2021-06-10 15:54:57,094 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: User Controllable JavaScript Event (XSS)
2021-06-10 15:54:57,095 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: Open Redirect
2021-06-10 15:54:57,096 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: X-Backend-Server Header Information Leak
2021-06-10 15:54:57,097 [main ] INFO ExtensionPassiveScan - loaded passive scan rule: X-ChromeLogger-Data (XCOLD) Header Information Leak
2021-06-10 15:54:57,127 [main ] INFO ExtensionLoader - Initializing Allows you to view and manage alerts
2021-06-10 15:54:57,130 [main ] INFO ExtensionLoader - Initializing Active scanner, heavily based on the original Paros active scanner, but with additional tests added
2021-06-10 15:54:57,138 [main ] INFO ExtensionLoader - Initializing ExtensionSequence
2021-06-10 15:54:57,140 [main ] INFO ExtensionLoader - Initializing Spider used for automatically finding URIs on a site
2021-06-10 15:54:57,146 [main ] INFO ExtensionLoader - Initializing A set of common popup menus for miscellaneous tasks
2021-06-10 15:54:57,148 [main ] INFO ExtensionLoader - Initializing Forced browsing of files and directories using code from the OWASP DirBuster tool
2021-06-10 15:54:57,152 [main ] INFO ExtensionLoader - Initializing Simple but effective port scanner
2021-06-10 15:54:57,155 [main ] INFO ExtensionLoader - Initializing Manual Request Editor Extension
2021-06-10 15:54:57,156 [main ] INFO ExtensionLoader - Initializing Compares 2 sessions and generates an HTML file showing the differences
2021-06-10 15:54:57,160 [main ] INFO ExtensionLoader - Initializing Invoke external applications passing context related information such as URLs and parameters
2021-06-10 15:54:57,164 [main ] INFO ExtensionLoader - Initializing Handles anti cross site request forgery (CSRF) tokens
2021-06-10 15:54:57,174 [main ] INFO ExtensionLoader - Initializing Authentication Extension
2021-06-10 15:54:57,203 [main ] INFO ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication, JSON-based Authentication]
2021-06-10 15:54:57,238 [main ] INFO ExtensionLoader - Initializing Creates a dynamic SSL certificate to allow SSL communications to be intercepted without warnings being generated by the browser
2021-06-10 15:54:57,240 [main ] INFO ExtensionLoader - Initializing Logs errors to the Output tab in development mode only
2021-06-10 15:54:57,241 [main ] INFO ExtensionLoader - Initializing Users Extension
2021-06-10 15:54:57,246 [main ] INFO ExtensionLoader - Initializing Summarise and analyse FORM and URL parameters as well as cookies
2021-06-10 15:54:57,248 [main ] INFO ExtensionLoader - Initializing Script integration
2021-06-10 15:54:57,255 [main ] INFO ExtensionLoader - Initializing Scripting console, supports all JSR 223 scripting languages
2021-06-10 15:54:57,425 [main ] INFO ExtensionLoader - Initializing Forced User Extension
2021-06-10 15:54:57,427 [main ] INFO ExtensionLoader - Initializing Extension handling HTTP sessions
2021-06-10 15:54:57,430 [main ] INFO ExtensionLoader - Initializing Zest is a specialized scripting language, originally, from Mozilla specifically designed to be used in security tools
2021-06-10 15:54:57,870 [main ] INFO ExtensionLoader - Initializing ExtensionDiff
2021-06-10 15:54:57,871 [main ] INFO ExtensionLoader - Initializing HTTP Panel Post Table View Extension
2021-06-10 15:54:57,873 [main ] INFO ExtensionLoader - Initializing Adds support for scriptable encoders to ZAP.
2021-06-10 15:54:57,875 [main ] INFO ExtensionLoader - Initializing Simple browser configuration
2021-06-10 15:54:57,876 [main ] INFO ExtensionLoader - Initializing Session Management Extension
2021-06-10 15:54:57,902 [main ] INFO ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management, Script-based Session Management]
2021-06-10 15:54:57,907 [main ] INFO ExtensionLoader - Initializing HTTP Panel Form Table View Extension
2021-06-10 15:54:57,909 [main ] INFO ExtensionLoader - Initializing Capture messages from WebSockets with the ability to set breakpoints.
2021-06-10 15:54:57,948 [main ] INFO ExtensionLoader - Initializing Allows you to import a file containing URLs which ZAP will access, adding them to the Sites tree
2021-06-10 15:54:57,953 [main ] INFO ExtensionLoader - Initializing Allows you to import a WSDL file containing operations which ZAP will access, adding them to the Sites tree.
2021-06-10 15:54:57,961 [main ] INFO ExtensionLoader - Initializing Core UI related functionality.
2021-06-10 15:54:57,962 [main ] INFO ExtensionLoader - Initializing Authorization Extension
2021-06-10 15:54:57,964 [main ] INFO ExtensionLoader - Initializing AJAX Spider, uses Crawljax
2021-06-10 15:54:57,970 [main ] INFO ExtensionLoader - Initializing Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.
2021-06-10 15:54:57,993 [main ] INFO ExtensionLoader - Initializing Manages the local proxy configurations
2021-06-10 15:54:57,996 [main ] INFO ExtensionLoader - Initializing Add-on that adds a set of tools for testing access control in web applications.
2021-06-10 15:54:58,000 [main ] INFO ExtensionLoader - Initializing Handles adding Global Excluded URLs
2021-06-10 15:54:58,002 [main ] INFO ExtensionLoader - Initializing Adds menu item to refresh the Sites tree
2021-06-10 15:54:58,003 [main ] INFO ExtensionLoader - Initializing OWASP ZAP User Guide
2021-06-10 15:54:58,005 [main ] INFO ExtensionLoader - Initializing Provides a URL suitable for calling from target sites
2021-06-10 15:54:58,009 [main ] INFO ExtensionLoader - Initializing Allows you to configure which extensions are loaded when ZAP starts
2021-06-10 15:54:58,010 [main ] INFO ExtensionLoader - Initializing Combined HTTP Panels Extension
2021-06-10 15:54:58,011 [main ] INFO ExtensionLoader - Initializing HTTP Panel Hex View Extension
2021-06-10 15:54:58,012 [main ] INFO ExtensionLoader - Initializing HTTP Panel Image View Extension
2021-06-10 15:54:58,013 [main ] INFO ExtensionLoader - Initializing HTTP Panel Large Request View Extension
2021-06-10 15:54:58,016 [main ] INFO ExtensionLoader - Initializing HTTP Panel Large Response View Extension
2021-06-10 15:54:58,017 [main ] INFO ExtensionLoader - Initializing HTTP Panel Query Table View Extension
2021-06-10 15:54:58,018 [main ] INFO ExtensionLoader - Initializing HTTP Panel Syntax Highlighter View Extension
2021-06-10 15:54:58,019 [main ] INFO ExtensionLoader - Initializing Adds support for configurable keyboard shortcuts for all of the ZAP menus.
2021-06-10 15:54:58,020 [main ] INFO ExtensionLoader - Initializing Active and passive rule configuration
2021-06-10 15:54:58,027 [main ] INFO ExtensionLoader - Initializing Statistics
2021-06-10 15:54:58,029 [main ] INFO ExtensionStats - Start recording in memory stats
2021-06-10 15:54:58,032 [main ] INFO ExtensionLoader - Initializing Custom Pages Definition
2021-06-10 15:54:58,034 [main ] INFO ExtensionLoader - Initializing Allows you to inspect and attack GraphQL endpoints.
2021-06-10 15:54:58,042 [main ] INFO ExtensionLoader - Initializing GraphQL Automation Framework Integration
2021-06-10 15:54:58,046 [main ] INFO ExtensionLoader - Initializing Easy way to replace strings in requests and responses
2021-06-10 15:54:58,056 [main ] INFO ExtensionLoader - Initializing Context alert rules filter
2021-06-10 15:54:58,061 [main ] INFO ExtensionLoader - Initializing Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.
2021-06-10 15:54:58,067 [main ] INFO ExtensionLoader - Initializing Allows to fuzz HTTP messages.
2021-06-10 15:54:58,070 [main ] INFO ExtensionLoader - Initializing Allows to fuzz WebSocket messages.
2021-06-10 15:54:58,073 [main ] INFO ExtensionLoader - Initializing Ajax Spider Automation Framework Integration
2021-06-10 15:54:58,076 [main ] INFO ExtensionLoader - Initializing Passive Scan Rules
2021-06-10 15:54:58,077 [main ] INFO ExtensionLoader - Initializing SOAP Automation Framework Integration
2021-06-10 15:54:58,080 [main ] INFO ExtensionLoader - Initializing Adds the Quick Start panel for scanning and exploring applications
2021-06-10 15:54:58,085 [main ] INFO ExtensionLoader - Initializing Add the option to use the Ajax Spider in the Quick Start scan
2021-06-10 15:54:58,097 [main ] INFO ExtensionLoader - Initializing Launch browsers proxying through ZAP
2021-06-10 15:54:58,104 [main ] INFO ExtensionLoader - Initializing Launch browsers proxying through ZAP
2021-06-10 15:54:58,112 [main ] INFO ExtensionLoader - Initializing Active Scan Rules
2021-06-10 15:54:58,115 [main ] INFO ExtensionLoader - Initializing The ZAP Getting Started Guide
2021-06-10 15:54:58,117 [main ] INFO ExtensionLoader - Initializing This extension allows a user to change the default values used by ZAP Spiders.
2021-06-10 15:54:58,124 [main ] INFO ExtensionLoader - Initializing Automation Framework
2021-06-10 15:54:58,126 [main ] INFO ExtensionLoader - Initializing Allows you to spider and import OpenAPI (Swagger) definitions
2021-06-10 15:54:58,145 [main ] INFO ExtensionLoader - Initializing OpenAPI Automation Framework Integration
2021-06-10 15:54:58,148 [main ] INFO ExtensionLoader - Initializing The Online menu links
2021-06-10 15:54:58,149 [main ] INFO ExtensionLoader - Initializing Report Generation
2021-06-10 15:54:58,153 [main ] INFO ExtensionLoader - Initializing Report Generation Automation Integration
2021-06-10 15:54:58,157 [main ] INFO ExtensionLoader - Initializing ExtensionSaveXMLHttpMessage
2021-06-10 15:54:58,159 [main ] INFO ExtensionLoader - Initializing Heads Up Display
2021-06-10 15:54:58,584 [main ] INFO ExtensionLoader - Initializing ExtensionHUDlaunch
2021-06-10 15:54:58,587 [main ] INFO ExtensionLoader - Initializing ExtensionSaveRawHttpMessage
2021-06-10 15:54:58,588 [main ] INFO ExtensionLoader - Initializing Provides the GraalVM JavaScript engine for ZAP scripting.
2021-06-10 15:54:59,737 [main ] INFO ExtensionLoader - Initializing Translations of the core language files
2021-06-10 15:54:59,739 [main ] INFO ExtensionLoader - Initializing Passive Scan Rules - beta
2021-06-10 15:54:59,741 [main ] INFO ExtensionLoader - Initializing DOM XSS Active Scan Rule
2021-06-10 15:54:59,878 [main ] INFO ExtensionLoader - Initializing Active Scan Rules - beta
2021-06-10 15:54:59,880 [main ] INFO ExtensionLoader - Initializing Tips and Tricks
2021-06-10 15:55:00,029 [main ] INFO ExtensionCallback - Started callback server on 0.0.0.0:37069
2021-06-10 15:55:00,037 [main ] INFO ExtensionDynSSL - Creating new root CA certificate
2021-06-10 15:55:01,309 [main ] INFO ExtensionDynSSL - New root CA certificate created
2021-06-10 15:55:01,493 [main ] INFO CommandLine - Job addOns set updateAddOns = true
2021-06-10 15:55:01,495 [main ] INFO CommandLine - Job addOns started
2021-06-10 15:55:02,527 [main ] INFO ExtensionAutoUpdate - There is/are 1 newer addons
2021-06-10 15:55:12,934 [ZAP-DownloadInstaller] INFO ExtensionAutoUpdate - Installing new addon reports v0.3.0
2021-06-10 15:55:13,332 [ZAP-DownloadInstaller] INFO ExtensionAutoUpdate - Finished installing new addon reports v0.3.0
2021-06-10 15:55:13,397 [main ] INFO CommandLine - Add-on downloaded to: /tmp/zap/plugin/reports-beta-0.3.0.zap
2021-06-10 15:55:13,399 [main ] INFO CommandLine - Add-on already installed: /zap/./plugin/ascanrules-release-39.zap
2021-06-10 15:55:13,405 [main ] INFO CommandLine - Downloading add-on from: https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesAlpha-v30/ascanrulesAlpha-alpha-30.zap
2021-06-10 15:55:13,408 [main ] INFO CommandLine - Add-on already installed: /zap/./plugin/ascanrulesBeta-beta-34.zap
2021-06-10 15:55:13,410 [main ] INFO CommandLine - Add-on already installed: /zap/./plugin/pscanrulesBeta-beta-25.zap
2021-06-10 15:55:13,415 [main ] INFO CommandLine - Downloading add-on from: https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesAlpha-v30/pscanrulesAlpha-alpha-30.zap
2021-06-10 15:55:13,417 [main ] INFO CommandLine - Add-on already installed: /zap/./plugin/automation-alpha-0.3.0.zap
2021-06-10 15:55:13,419 [main ] INFO CommandLine - Add-on already installed: /zap/./plugin/domxss-beta-11.zap
2021-06-10 15:55:13,421 [main ] INFO CommandLine - Add-on already installed: /zap/./plugin/graphql-alpha-0.4.0.zap
2021-06-10 15:55:13,423 [main ] INFO CommandLine - Add-on already installed: /zap/./plugin/openapi-beta-19.zap
2021-06-10 15:55:13,426 [main ] INFO CommandLine - Downloading add-on from: https://github.com/zaproxy/zap-extensions/releases/download/2.7/reflect-alpha-0.0.11.zap
2021-06-10 15:55:13,428 [main ] INFO CommandLine - Add-on already installed: /tmp/zap/plugin/reports-beta-0.3.0.zap
2021-06-10 15:55:13,430 [main ] INFO CommandLine - Add-on already installed: /zap/./plugin/soap-alpha-7.zap
2021-06-10 15:55:13,431 [main ] INFO CommandLine - Add-on already installed: /zap/./plugin/spiderAjax-release-23.4.0.zap
2021-06-10 15:55:16,126 [ZAP-DownloadInstaller] INFO ExtensionAutoUpdate - Installing new addon ascanrulesAlpha v30.0.0
2021-06-10 15:55:16,222 [ZAP-DownloadInstaller] INFO ExtensionAutoUpdate - Finished installing new addon ascanrulesAlpha v30.0.0
2021-06-10 15:55:16,227 [ZAP-DownloadInstaller] INFO ExtensionAutoUpdate - Installing new addon pscanrulesAlpha v30.0.0
2021-06-10 15:55:16,251 [ZAP-DownloadInstaller] INFO ExtensionPassiveScan - loaded passive scan rule: Base64 Disclosure
2021-06-10 15:55:16,253 [ZAP-DownloadInstaller] INFO ExtensionPassiveScan - loaded passive scan rule: Content Cacheability
2021-06-10 15:55:16,255 [ZAP-DownloadInstaller] INFO ExtensionPassiveScan - loaded passive scan rule: An example passive scan rule which loads data from a file.
2021-06-10 15:55:16,257 [ZAP-DownloadInstaller] INFO ExtensionPassiveScan - loaded passive scan rule: Example Passive Scan Rule: Denial of Service
2021-06-10 15:55:16,258 [ZAP-DownloadInstaller] INFO ExtensionPassiveScan - loaded passive scan rule: Feature Policy Header Not Set
2021-06-10 15:55:16,260 [ZAP-DownloadInstaller] INFO ExtensionPassiveScan - loaded passive scan rule: In Page Banner Information Leak
2021-06-10 15:55:16,261 [ZAP-DownloadInstaller] INFO ExtensionPassiveScan - loaded passive scan rule: Dangerous JS Functions
2021-06-10 15:55:16,262 [ZAP-DownloadInstaller] INFO ExtensionPassiveScan - loaded passive scan rule: Java Serialization Object
2021-06-10 15:55:16,264 [ZAP-DownloadInstaller] INFO ExtensionPassiveScan - loaded passive scan rule: Insufficient Site Isolation Against Spectre Vulnerability
2021-06-10 15:55:16,266 [ZAP-DownloadInstaller] INFO ExtensionPassiveScan - loaded passive scan rule: Source Code Disclosure
2021-06-10 15:55:16,267 [ZAP-DownloadInstaller] INFO ExtensionPassiveScan - loaded passive scan rule: Sub Resource Integrity Attribute Missing
2021-06-10 15:55:16,283 [ZAP-DownloadInstaller] INFO ExtensionAutoUpdate - Finished installing new addon pscanrulesAlpha v30.0.0
2021-06-10 15:55:16,293 [ZAP-DownloadInstaller] INFO ExtensionAutoUpdate - Installing new addon reflect v0.0.11
2021-06-10 15:55:16,316 [ZAP-DownloadInstaller] INFO ExtensionAutoUpdate - Finished installing new addon reflect v0.0.11
2021-06-10 15:55:16,405 [main ] INFO CommandLine - Add-on downloaded to: /tmp/zap/plugin/reports-beta-0.3.0.zap
2021-06-10 15:55:16,407 [main ] INFO CommandLine - Add-on downloaded to: /tmp/zap/plugin/ascanrulesAlpha-alpha-30.zap
2021-06-10 15:55:16,408 [main ] INFO CommandLine - Add-on downloaded to: /tmp/zap/plugin/pscanrulesAlpha-alpha-30.zap
2021-06-10 15:55:16,410 [main ] INFO CommandLine - Add-on downloaded to: /tmp/zap/plugin/reflect-alpha-0.0.11.zap
2021-06-10 15:55:16,411 [main ] INFO CommandLine - Job addOns finished
2021-06-10 15:55:16,413 [main ] INFO CommandLine - Job passiveScan-config set maxAlertsPerRule = 10
2021-06-10 15:55:16,415 [main ] INFO CommandLine - Job passiveScan-config set scanOnlyInScope = true
2021-06-10 15:55:16,416 [main ] INFO CommandLine - Job passiveScan-config started
2021-06-10 15:55:16,419 [main ] ERROR ExtensionAutomation - class java.lang.String cannot be cast to class java.lang.Integer (java.lang.String and java.lang.Integer are in module java.base of loader 'bootstrap')
java.lang.ClassCastException: class java.lang.String cannot be cast to class java.lang.Integer (java.lang.String and java.lang.Integer are in module java.base of loader 'bootstrap')
at org.zaproxy.addon.automation.jobs.PassiveScanConfigJob.runJob(PassiveScanConfigJob.java:62) ~[automation-alpha-0.3.0.zap:?]
at org.zaproxy.addon.automation.ExtensionAutomation.runPlan(ExtensionAutomation.java:218) ~[automation-alpha-0.3.0.zap:?]
at org.zaproxy.addon.automation.ExtensionAutomation.runAutomation(ExtensionAutomation.java:233) ~[automation-alpha-0.3.0.zap:?]
at org.zaproxy.addon.automation.ExtensionAutomation.runAutomationFile(ExtensionAutomation.java:244) [automation-alpha-0.3.0.zap:?]
at org.zaproxy.addon.automation.ExtensionAutomation.execute(ExtensionAutomation.java:345) [automation-alpha-0.3.0.zap:?]
at org.parosproxy.paros.extension.ExtensionLoader.runCommandLine(ExtensionLoader.java:552) [zap-D-2021-05-03.jar:D-2021-05-03]
at org.parosproxy.paros.control.Control.runCommandLine(Control.java:399) [zap-D-2021-05-03.jar:D-2021-05-03]
at org.zaproxy.zap.CommandLineBootstrap.start(CommandLineBootstrap.java:85) [zap-D-2021-05-03.jar:D-2021-05-03]
at org.zaproxy.zap.ZAP.main(ZAP.java:131) [zap-D-2021-05-03.jar:D-2021-05-03]
2021-06-10 15:55:16,428 [main ] ERROR CommandLine - Unexpected error accessing file /tmp/zap/zap-template.yaml : class java.lang.String cannot be cast to class java.lang.Integer (java.lang.String and java.lang.Integer are in module java.base of loader 'bootstrap') - see log for details
2021-06-10 15:55:17,457 [main ] INFO ENGINE - dataFileCache commit start
2021-06-10 15:55:17,463 [main ] INFO ENGINE - dataFileCache commit end
2021-06-10 15:55:17,492 [main ] INFO ENGINE - Database closed
2021-06-10 15:55:17,621 [main ] INFO CommandLineBootstrap - OWASP ZAP D-2021-05-03 terminated.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment