运行活动扫描时,OWASP ZAP停靠程序返回“拒绝连接”。
运行活动扫描时,OWASP ZAP停靠程序返回“拒绝连接”。
提问于 2019-02-07 14:27:49
我正在尝试设置OWASP,以便使用提供的docker映像在本地运行。
docker run --name zap -u zap \
-p 8090:8090 -v "$(pwd)/reports":/zap/reports/:rw \
-i owasp/zap2docker-stable zap.sh -daemon -port 8090 -host 0.0.0.0 \
-config api.addrs.addr.name=.* -config api.addrs.addr.regex=true \
-config api.disablekey=true如果我尝试运行快速扫描,它就会成功完成。
docker exec zap zap-cli --verbose quick-scan --self-contained --start-options '-config api.disablekey=true' http://www.itsecgames.com -l Medium但是每次我尝试一次主动扫描都会得到Connection refused
docker exec zap zap-cli --verbose active-scan http://www.itsecgames.com知道为什么会这样吗?
在试图生成报告时,我也会遇到相同的错误:
docker exec zap zap-cli --verbose report -o /zap/reports/owasp-quick-scan-report.html --output-format html编辑:日志没有显示任何有用的信息:
9864 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://www.itsecgames.com | TestPersistentXSSAttack in 0.003s with 0 message(s) sent and 0 alert(s) raised.
9864 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://www.itsecgames.com | TestSQLInjection strength MEDIUM threshold MEDIUM
10350 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://www.itsecgames.com | TestSQLInjection in 0.486s with 22 message(s) sent and 0 alert(s) raised.
10350 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://www.itsecgames.com | CodeInjectionPlugin strength MEDIUM threshold MEDIUM
10522 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://www.itsecgames.com | CodeInjectionPlugin in 0.172s with 8 message(s) sent and 0 alert(s) raised.
10522 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://www.itsecgames.com | CommandInjectionPlugin strength MEDIUM threshold MEDIUM
11355 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://www.itsecgames.com | CommandInjectionPlugin in 0.833s with 32 message(s) sent and 0 alert(s) raised.
11355 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://www.itsecgames.com | TestDirectoryBrowsing strength MEDIUM threshold MEDIUM
11389 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://www.itsecgames.com | TestDirectoryBrowsing in 0.034s with 1 message(s) sent and 0 alert(s) raised.
11389 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://www.itsecgames.com | TestExternalRedirect strength MEDIUM threshold MEDIUM
11579 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://www.itsecgames.com | TestExternalRedirect in 0.19s with 9 message(s) sent and 0 alert(s) raised.
11580 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://www.itsecgames.com | BufferOverflow strength MEDIUM threshold MEDIUM
11617 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://www.itsecgames.com | BufferOverflow in 0.037s with 1 message(s) sent and 0 alert(s) raised.
11617 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://www.itsecgames.com | FormatString strength MEDIUM threshold MEDIUM
11729 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://www.itsecgames.com | FormatString in 0.112s with 3 message(s) sent and 0 alert(s) raised.
11729 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://www.itsecgames.com | TestInjectionCRLF strength MEDIUM threshold MEDIUM
11911 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://www.itsecgames.com | TestInjectionCRLF in 0.182s with 7 message(s) sent and 0 alert(s) raised.
11912 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://www.itsecgames.com | TestParameterTamper strength MEDIUM threshold MEDIUM
12106 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://www.itsecgames.com | TestParameterTamper in 0.194s with 7 message(s) sent and 0 alert(s) raised.
12106 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://www.itsecgames.com | ScriptsActiveScanner strength MEDIUM threshold MEDIUM
12107 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - skipped plugin [no scripts enabled] http://www.itsecgames.com | ScriptsActiveScanner in 0.001s with 0 message(s) sent and 0 alert(s) raised.
12107 [Thread-9] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host http://www.itsecgames.com in 6.389s
12108 [Thread-8] INFO org.parosproxy.paros.core.scanner.Scanner - scanner completed in 6.402s
16868 [Thread-27] INFO org.parosproxy.paros.core.scanner.Scanner - scanner stopped
16887 [Thread-27] INFO hsqldb.db..ENGINE - dataFileCache commit start
16891 [Thread-27] INFO hsqldb.db..ENGINE - dataFileCache commit end
16895 [Thread-27] INFO hsqldb.db..ENGINE - Database closed
16996 [Thread-27] INFO org.zaproxy.zap.extension.api.CoreAPI - OWASP ZAP 2.7.0 terminated.回答 1
Stack Overflow用户
发布于 2020-01-23 11:48:53
我自己也卷入了这个问题。我不确定它是否也发生在您身上,但是通过Python错误,我看到zap-cli试图连接到端口8080而不是8090的代理。以下是我如何把所有的事情都做好:
- 我通过将端口更改为8080来启动ZAP守护进程。
docker run --rm -u zap -p 8090:8080 -d owasp/zap2docker-stable zap.sh -daemon -port 8080 -host 0.0.0.0 -config api.disablekey=true- Ran
open-url
docker exec <CONTAINER NAME/ID> zap-cli open-url <TARGET>- 最后,我做了扫描
docker exec <CONTAINER NAME/ID> zap-cli active-scan <TARGET>页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/54575564
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号