ZAP CLI报告了不同的结果

时间:2019-04-24 10:17:19

标签: owasp zap

为什么[INFO]显示发现的问题:0,而报告另有说明? 为了确保我确实重启了zap代理以及更改了API密钥并在docker中运行了所有程序。

enter image description here

这是控制台的输出:

gauntlt@724fe0361390:/working$ zap-cli --api-key=123 shutdown
[INFO]            Shutting down ZAP daemon
gauntlt@724fe0361390:/working$ zap-cli --api-key=123 status
[ERROR]           ZAP is not running
gauntlt@724fe0361390:/working$ zap-cli  start -o '-config api.key=123'
[INFO]            Starting ZAP daemon
gauntlt@724fe0361390:/working$ zap-cli --api-key=123 status
[INFO]            ZAP is running
gauntlt@724fe0361390:/working$ zap-cli --api-key=123 report -o /working/output/report.md -f md; cat output/report.md
[INFO]            Report saved to "/working/output/report.md"

# ZAP Scanning Report




## Summary of Alerts

| Risk Level | Number of Alerts |
| --- | --- |
| High | 0 |
| Medium | 0 |
| Low | 0 |
| Informational | 0 |

## Alert Detail

gauntlt@724fe0361390:/working$ zap-cli --api-key=123  quick-scan -o '-config scanner.attackOnStart=true -config view.mode=attack -config connection.dnsTtlSuccessfulQueries=-1 -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true' -s xss,sqli --spider --recursive http://127.0.0.1:9009
[INFO]            Running a quick scan for http://127.0.0.1:9009
[INFO]            Issues found: 0
gauntlt@724fe0361390:/working$ zap-cli --api-key=123 report -o /working/output/report.md -f md; head output/report.md                                                                                                                                                    [INFO]            Report saved to "/working/output/report.md"

# ZAP Scanning Report
## Summary of Alerts

| Risk Level | Number of Alerts |
| --- | --- |
gauntlt@724fe0361390:/working$ zap-cli --api-key=123 report -o /working/output/report.md -f md; head -20 output/report.md
[INFO]            Report saved to "/working/output/report.md"

# ZAP Scanning Report

## Summary of Alerts
| Risk Level | Number of Alerts |
| --- | --- |
| High | 0 |
| Medium | 1 |
| Low | 3 |
| Informational | 0 |

1 个答案:

答案 0 :(得分:0)

您解决了问题吗? 我遇到过同样的问题, 我在zap.log上做了一个猫,发现我的IP地址是不允许的,我将它添加到设置> API> allow IPs上的允许IP地址中,然后它对我有用,否则您需要检查防火墙与telnet连接...

相关问题
最新问题