在Python ZAP模块中运行AjaxSpider时，'no_implementor‘是什么意思？

Question

1.)使用的代码

如果为useAjaxSpider：

# Ajax Spider the target URL
pprint('Start Ajax Spider -> ' + ajax.scan(url=target, inscope=None))
# Give the Ajax spider a chance to start
time.sleep(10)
while (ajax.status != 'stopped'):
    print('Ajax Spider is ' + ajax.status)
    time.sleep(5)
for url in applicationURL:
    # Ajax Spider every url configured
    pprint('Ajax Spider the URL: ' + url + ' -> ' +
           ajax.scan(url=url, inscope=None))
    # Give the Ajax spider a chance to start
    time.sleep(10)
    while (ajax.status != 'stopped'):
        print('Ajax Spider is ' + ajax.status)
        time.sleep(5)
print('Ajax Spider scan completed')

2.)走进无限循环

“阿贾伊蜘蛛是no_implementor”

Answer 1

你应该看看ZAP的新API：https://www.zaproxy.org/docs/api/#using-ajax-spider

"no_implementor“"No Implementor”很可能意味着你没有安装AjaxSpider插件。(这意味着，您没有任何东西来推动您尝试使用的功能。)

#!/usr/bin/env python
import time
from zapv2 import ZAPv2

# The URL of the application to be tested
target = 'https://public-firing-range.appspot.com'
# Change to match the API key set in ZAP, or use None if the API key is disabled
apiKey = 'changeme'

# By default ZAP API client will connect to port 8080
zap = ZAPv2(apikey=apiKey)
# Use the line below if ZAP is not listening on port 8080, for example, if listening on port 8090
# zap = ZAPv2(apikey=apikey, proxies={'http': 'http://127.0.0.1:8090', 'https': 'http://127.0.0.1:8090'})

print('Ajax Spider target {}'.format(target))
scanID = zap.ajaxSpider.scan(target)

timeout = time.time() + 60*2   # 2 minutes from now
# Loop until the ajax spider has finished or the timeout has exceeded
while zap.ajaxSpider.status == 'running':
    if time.time() > timeout:
        break
    print('Ajax Spider status' + zap.ajaxSpider.status)
    time.sleep(2)

print('Ajax Spider completed')
ajaxResults = zap.ajaxSpider.results(start=0, count=10)
# If required perform additional operations with the Ajax Spider results

# TODO: Start scanning the application to find vulnerabilities