just load url in site tree without scan and save the session and exit.
Closed this issue · 3 comments
Hi I am looking out for some help with the zap-cli where I need to just add a url into site tree and donot perform any scan and exit by saving the session. I want this because I want to automate scanning for different urls via Jenkins and for that I need zap session for every url. Please I need way via zapcli to just add url to site tree and not scan it and exit by saving.
Thank You...
Hi @prem9753! You can do this pretty easily, the sequence of commands would just be:
# Start ZAP
zap-cli start
# Open a URL through the proxy to add it to the site tree
zap-cli -v open-url http://127.0.0.1/index.php?foo=bar
# Save the session to a file
zap-cli -v session save /path/to/file/some-session-name.session
# Shutdown ZAP
zap-cli -v shutdown
This will save the session to the file located at /path/to/file/some-session-name.session. Then if you want to use that session later, you can simply load it into ZAP (if ZAP is running) using:
zap-cli -v session load /path/to/file/some-session-name.session
I hope that helps!
Thank you very much you are my savior it worked for me i put them across the batch file and executing them and its working fine for me.
But it working fine for me when i do spider (zap-cli -v spider https://127.0.0.1/index.php?foo=bar)
but when i give open-url with https it throws the error as below(zap-cli -v open-url https://127.0.0.1/index.php?foo=bar).
Is it something related to certificates i need to disable...? does open-url cannot work with https requests? Please could you provide some help in this regards. Thank you...
=============================ERROR======================
C:\Python27>python.exe Scripts\zap-cli-script.py open-url https://xx.xxx.x.xx/
←[1m←[36m[INFO] ←[0mAccessing URL https://xx.xxx.x.xx/
C:\Python27\lib\site-packages\requests\packages\urllib3\util\ssl_.py:334: SNIMis
singWarning: An HTTPS request has been made, but the SNI (Subject Name Indicatio
n) extension to TLS is not available on this platform. This may cause the server
to present an incorrect TLS certificate, which can cause validation failures. Y
ou can upgrade to a newer version of Python to solve this. For more information,
see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
SNIMissingWarning
C:\Python27\lib\site-packages\requests\packages\urllib3\util\ssl_.py:132: Insecu
rePlatformWarning: A true SSLContext object is not available. This prevents urll
ib3 from configuring SSL appropriately and may cause certain SSL connections to
fail. You can upgrade to a newer version of Python to solve this. For more infor
mation, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-war
nings
InsecurePlatformWarning
Traceback (most recent call last):
File "Scripts\zap-cli-script.py", line 11, in
load_entry_point('zapcli==0.9.0', 'console_scripts', 'zap-cli')()
File "C:\Python27\lib\site-packages\click\core.py", line 664, in call
return self.main(*args, **kwargs)
File "C:\Python27\lib\site-packages\click\core.py", line 644, in main
rv = self.invoke(ctx)
File "C:\Python27\lib\site-packages\click\core.py", line 991, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "C:\Python27\lib\site-packages\click\core.py", line 837, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "C:\Python27\lib\site-packages\click\core.py", line 464, in invoke
return callback(*args, **kwargs)
File "C:\Python27\lib\site-packages\click\decorators.py", line 26, in new_func
return ctx.invoke(f, ctx.obj, *args[1:], **kwargs)
File "C:\Python27\lib\site-packages\click\core.py", line 464, in invoke
return callback(*args, **kwargs)
File "C:\Python27\lib\site-packages\zapcli\cli.py", line 102, in open_url
zap_helper.open_url(url)
File "C:\Python27\lib\site-packages\zapcli\zap_helper.py", line 132, in open_url
self.zap.urlopen(url)
File "C:\Python27\lib\site-packages\zapv2_init_.py", line 124, in urlopen
return requests.get(url, proxies=self.__proxies, verify=False, *args, **kwar
gs).text
File "C:\Python27\lib\site-packages\requests\api.py", line 70, in get
return request('get', url, params=params, **kwargs)
File "C:\Python27\lib\site-packages\requests\api.py", line 56, in request
return session.request(method=method, url=url, **kwargs)
File "C:\Python27\lib\site-packages\requests\sessions.py", line 488, in reques
t
resp = self.send(prep, **send_kwargs)
File "C:\Python27\lib\site-packages\requests\sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "C:\Python27\lib\site-packages\requests\adapters.py", line 497, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: [Errno 8] _ssl.c:499: EOF occurred in violation of
protocol
That looks like an SSL issue on either your machine or your site. I'd suggest upgrading Python 2.7 to the latest version on your machine if it's not already, and seeing if that fixes it.