Error just running zap-cli
Closed this issue · 7 comments
Environment: Amazon Linux 64bit
Installed zap-cli via pip.
Set ZAP_PATH=/opt/zap (this is where zap.sh and the zap jars are)
# At the command line
$: zap-cli
Traceback (most recent call last):
File "/usr/local/bin/zap-cli", line 9, in <module>
load_entry_point('zapcli==0.1.1', 'console_scripts', 'zap-cli')()
File "/usr/lib/python2.6/dist-packages/pkg_resources/__init__.py", line 521, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.6/dist-packages/pkg_resources/__init__.py", line 2632, in load_entry_point
return ep.load()
File "/usr/lib/python2.6/dist-packages/pkg_resources/__init__.py", line 2312, in load
return self.resolve()
File "/usr/lib/python2.6/dist-packages/pkg_resources/__init__.py", line 2318, in resolve
module = __import__(self.module_name, fromlist=['__name__'], level=0)
File "/usr/local/lib/python2.6/site-packages/zapcli/cli.py", line 14, in <module>
from zapcli.log import console
File "/usr/local/lib/python2.6/site-packages/zapcli/log.py", line 60, in <module>
console = logging.getLogger('zap')
File "/usr/lib64/python2.6/logging/__init__.py", line 1427, in getLogger
return Logger.manager.getLogger(name)
File "/usr/lib64/python2.6/logging/__init__.py", line 951, in getLogger
rv = _loggerClass(name)
File "/usr/local/lib/python2.6/site-packages/zapcli/log.py", line 51, in __init__
super(ConsoleLogger, self).__init__(name)
TypeError: super() argument 1 must be type, not classobj
Also did a: pip install logging
Just in case that was an issue.
Still same error. Would be awesome if I could get this working :)
Ah, it's because of the use of old-style classes in the logging library on Python 2.6. It will work fine on Python 2.7, do you have the option of upgrading Python from 2.6 -> 2.7 on the instance? I'll look at a quick fix for backwards compatibility tomorrow. :) I think it should work if the super is changed to something like logging.Logger.__int__(self, name) in log.py, but there are possibly other Python 2.6 incompatibilities elsewhere in the code.
Backwards compatibility would be great, however in the meantime I fixed it by:
sudo yum install python27 python27-pip
sudo python27 -m pip install --upgrade git+https://github.com/Grunny/zap-cli.git
# Example Run
zap-cli --api-key 12345 quick-scan --self-contained -o '-config api.key=12345' -s xss http://127.0.0.1/
Thanks for the quick response sir!
No problem, glad it's working now. :)
Hi,
Is it possible to provide some more documentation for other commands? I tried one active scan and got error. The issue is described below.
I tried
zap-cli --zap-path <path> start --start-options 'config api.key = 80908090'
ZAP proxy started fine.
Then i tried:
zap-cli --zap-path <path> --api-key 80908090 active-scan -s all <url>
I recieve a ValueError: No JSON object could be decoded.
This error seems to from zap api if api-key is not passed properly or no api-key is passed at all.
A help would be appreciated.
Hi there, I definitely need to add more documentation, but for the issue you mention, the format for setting the API key from the start command so it will work at the moment would be:
zap-cli --zap-path <path> start --start-options '-config api.key=80908090'
So, missing the - before config and remove the spaces around the equals.
Then you should be able to open a URL to add it to the sites tree and attack it:
zap-cli open-url <url>
zap-cli --api-key 80908090 active-scan -s all <url>Does that work for you? :)
Hello. When do you do more MAN information on githab?
Hi. We definitely need more docs, but was there particular info you were looking for (i.e. how to do something specific) that I can help point to or prioritise producing docs for? :)