Issues running baseline scans

Summary

When attempting to launch the zap-baseline.py scan against a known target, we are met with an error that prevents the execution of the scan. This appears to be consistent with all scanning scripts in the container. Furthermore, it is presently unclear the expected behavior of the container. The documentation does not provide clear insight as to the particular configuration nor does the functionality match that of the commercially available version.

Steps to reproduce

1. Launch the container per the included docs
2. Exec into the running container in Docker/Podman to get a shell
3. Attempt to execute zap-baseline.py -t <known target>

What is the current bug behavior?

The scan does not start with minimally relevant information/logs

What is the expected correct behavior?

The scan should execute and produce an output

Relevant logs and/or screenshots

2024-04-18 12:35:25,870 Trigger hook: cli_opts, args: 1
2024-04-18 12:35:25,871 Using port: 57003
2024-04-18 12:35:25,871 Trigger hook: start_zap, args: 2
2024-04-18 12:35:25,871 Starting ZAP
2024-04-18 12:35:25,871 Params: ['zap-x.sh', '-daemon', '-port', '57003', '-host', '0.0.0.0', '-config', 'database.recoverylog=false', '-config', 'api.disablekey=true', '-config', 'api.addrs.addr.name=.*', '-config', 'api.addrs.addr.regex=true', '-config', 'spider.maxDuration=1', '-addonupdate', '-addoninstall', 'pscanrulesBeta']
2024-04-18 12:35:25,872 Failed to start ZAP :(

Possible fixes

Uncertain at this time what the fix would be. It would appear that the manner in which the container is constructed is the result of the issue. Additionally this would be resolved if the Webswing UI was available, as this would allow the user better interaction with the software: https://www.zaproxy.org/docs/docker/webswing/

Tasks

• Bug has been identified and corrected within the container

Please read the Iron Bank Documentation for more info