Home > Net >  Is there a way to add custom passive scans to zap's active scan?
Is there a way to add custom passive scans to zap's active scan?

Time:09-20

In zap's UI there's the scripts view where you can define self-made scripts/use community created scripts. While you can create Passive Rules, I haven't seen a way how to include these scripts in the Active Scan. When manually sending requests the Passive Scan rules create alerts but when running the Active Scan it doesn't create any alerts from the user defined scripts (if that's what you can call them).

If anyone has an idea how to do add user defined scripts to the active scan, way around, or could point me to the documentation that explains this I'd appreciate it.

CodePudding user response:

They are 2 different things. You can define both passive and custom scripts and both can raise alerts. The passive scripts will run on all requests send by or through ZAP.

For ZAP example scripts see https://github.com/zaproxy/community-scripts Also search for a tag of "scripts" on https://www.zaproxy.org/videos-list/

Page link:https//www.codepudding.com/net/550730.html

Prev:Buffer overflow exploit
Next:How to set a variable in a postgresSQL function, to a computed value from another function
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding