docker-zap icon indicating copy to clipboard operation
docker-zap copied to clipboard

Published 20 hours ago verified publisher icon stephendonner

Make active-scan more aggressive (later, separately, make it configurable)

Open stephendonner opened this issue 9 years ago • 7 comments
trafficstars

For now, until it's configurable, need to make the active-scan (https://github.com/stephendonner/docker-zap/blob/69c8d4853cc7ef604b811921635a10d0aa5a8ae5/run-docker.sh#L10) more aggressive against its target.

stephendonner avatar May 10 '16 22:05 stephendonner

@psiinon - any immediate suggestions? I tried reverse-engineering https://github.com/mozilla/cloudsec-zap/blob/master/amo/zap-amo-tests.sh but to little/no avail.

stephendonner avatar May 11 '16 04:05 stephendonner

Might be better to chat about this on vidyo - ping me on irc and we can chat about it :)

psiinon avatar May 11 '16 10:05 psiinon

If you have recommendations for which options you want, I'm happy to help add them to the zap-cli active-scan command as parameters (or PRs welcome!) as I'm sure other users of the docker image would find them useful. :)

Grunny avatar Jun 27 '16 17:06 Grunny

At the least, I should be using the recursive -r, right, @Grunny? Per https://github.com/Grunny/zap-cli/issues/15#issuecomment-237852475

stephendonner avatar Sep 02 '16 17:09 stephendonner

Spoke with thc202 in #websectools (irc.mozilla.org), and added -r in with https://github.com/stephendonner/docker-zap/commit/f6068a03b31c72d8cb573804d038af06a88da65f

stephendonner avatar Sep 02 '16 18:09 stephendonner

Yep. I wonder if I should make that default and have an additional flag to not scan recursively instead.

Grunny avatar Sep 05 '16 12:09 Grunny

@Grunny +1 for that! :-)

stephendonner avatar Sep 07 '16 06:09 stephendonner