我正在尝试使用zap-java-api为目标网址运行蜘蛛扫描。请找到我上网的以下代码。
import org.zaproxy.clientapi.core.ApiResponse;
import org.zaproxy.clientapi.core.ApiResponseElement;
import org.zaproxy.clientapi.core.ClientApi;
public class SimpleExample {
private static final String ZAP_ADDRESS = "localhost";
private static final int ZAP_PORT = 8500;
private static final String ZAP_API_KEY =
"q0tgadu0fperhi21q0870gc37"; // Change this if you have set the apikey in ZAP via Options / API
private static final String TARGET = "https://demo.testfire.net/";
public static void main(String[] args) {
ClientApi api = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);
try {
// Start spidering the target
System.out.println("Spider : " + TARGET);
// It's not necessary to pass the ZAP API key again, already set when creating the
// ClientApi.
ApiResponse resp = api.spider.scan(TARGET, null, null, null, null);
String scanid;
int progress;
// The scan now returns a scan id to support concurrent scanning
scanid = ((ApiResponseElement) resp).getValue();
// Poll the status until it completes
while (true) {
Thread.sleep(1000);
progress =
Integer.parseInt(
((ApiResponseElement) api.spider.status(scanid)).getValue());
System.out.println("Spider progress : " + progress + "%");
if (progress >= 100) {
break;
}
}
System.out.println("Spider complete");
// Give the passive scanner a chance to complete
Thread.sleep(2000);
System.out.println("Active scan : " + TARGET);
resp = api.ascan.scan(TARGET, "True", "False", null, null, null);
// The scan now returns a scan id to support concurrent scanning
scanid = ((ApiResponseElement) resp).getValue();
// Poll the status until it completes
while (true) {
Thread.sleep(5000);
progress =
Integer.parseInt(
((ApiResponseElement) api.ascan.status(scanid)).getValue());
System.out.println("Active Scan progress : " + progress + "%");
if (progress >= 100) {
break;
}
}
System.out.println("Active Scan complete");
System.out.println("Alerts:");
System.out.println(new String(api.core.xmlreport()));
} catch (Exception e) {
System.out.println("Exception : " + e.getMessage());
e.printStackTrace();
}
}
}
我一直在以下例外:
Spider : https://demo.testfire.net/
Exception : java.net.SocketException: Unexpected end of file from server
org.zaproxy.clientapi.core.ClientApiException: java.net.SocketException: Unexpected end of file from server
at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:350)
at org.zaproxy.clientapi.core.ClientApi.callApi(ClientApi.java:331)
at org.zaproxy.clientapi.gen.Spider.scan(Spider.java:239)
at com_test.SimpleExample.main(SimpleExample.java:24)
Caused by: java.net.SocketException: Unexpected end of file from server
at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at org.zaproxy.clientapi.core.ClientApi.getConnectionInputStream(ClientApi.java:361)
at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:348)
... 3 more
除了目标网址之外,我不确定蜘蛛扫描内还能传递什么。因此将其传递为null。
ApiResponse resp = api.spider.scan(TARGET, null, null, null, null);
我要做的就是为目标网址运行蜘蛛扫描并生成html& xml报告通过zap-java-api。任何有关这方面的工作示例都会非常有用。提前谢谢。
答案 0 :(得分:0)
表明ZAP阻止了您的API调用。 是否在ZAP中启用了API? 您使用的是正确的API密钥吗?
您可以查看zap.log文件,该文件可能包含更多信息:https://github.com/zaproxy/zaproxy/wiki/FAQlogging
答案 1 :(得分:0)
此错误消息...
// Function Declarations
int isalpha(int c);
int main(void) {
char letter = get_char("Letter:");
bool yesno = isalpha(letter);
if (yesno == true) {
printf("True\n");
} else {
printf("False\n");
}
}
...表示远程服务器虽然接受了连接但关闭了连接但未发送响应。
此错误的背后可能有很多原因,其中一些原因如下:
我在您的代码块中没有看到任何此类问题。但是我怀疑所有API设置均未正确启用。
确保在zap工具(ZAP->工具->选项-> API)中启用了所有API设置: