是否可以为被动扫描创建扫描策略?我知道您可以为主动/攻击扫描创建和修改扫描策略,但是我想知道您是否可以对被动扫描规则执行相同的操作,或者是否必须在每台计算机上分别进行修改?
答案 0 :(得分:0)
已打开一个现有凭单,以在单个策略类型界面:https://github.com/zaproxy/zaproxy/issues/3870中统一主动/被动扫描处理。 如果您真的对此感兴趣,可以在BountySource(https://www.bountysource.com/issues/49047644-improved-active-passive-rules-management)上提供支持,看看是否引起关注/采取行动。
您可以使用的另一个选项是创建一个快速脚本,该脚本使用ZAP的Web API来应用“被动扫描”规则“策略”。相关端点包括:pscan / view / scanners /,pscan / action / disableAllScanners /,pscan / action / enableScanners /。这是一个python示例:
from zapv2 import ZAPv2 as zap
import time
apikey = "apikey12345" #Your apikey
z = zap(apikey=apikey, proxies={"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"})
time.sleep(2) #Might need to be longer depending on your machine and if ZAP is already running or not
print "Disabling all passive scan rules.."
z.pscan.disable_all_scanners()
scanners = z.pscan.scanners
for scanner in scanners:
print scanner.get("id") + " : " + scanner.get("enabled") + " : " + scanner.get("name")
to_enable = "10020,10021,10062" #Customize as you see fit
print "\nEnabling specific passive scan rules..[" + to_enable +"]"
z.pscan.enable_scanners(to_enable)
print "\nListing enabled passive scan rules.."
scanners2 = z.pscan.scanners
for scanner in scanners2:
if (scanner.get("enabled") == "true"):
print scanner.get("id") + " : " + scanner.get("enabled") + " : " + scanner.get("name")
最后,您可以在一个系统上配置ZAP,然后根据需要将config.xml复制到其他系统。