Issues running baseline scans
Summary
When attempting to launch the zap-baseline.py scan against a known target, we are met with an error that prevents the execution of the scan. This appears to be consistent with all scanning scripts in the container. Furthermore, it is presently unclear the expected behavior of the container. The documentation does not provide clear insight as to the particular configuration nor does the functionality match that of the commercially available version.
Steps to reproduce
- Launch the container per the included docs
- Exec into the running container in Docker/Podman to get a shell
- Attempt to execute
zap-baseline.py -t <known target>
What is the current bug behavior?
The scan does not start with minimally relevant information/logs
What is the expected correct behavior?
The scan should execute and produce an output
Relevant logs and/or screenshots
2024-04-18 12:35:25,870 Trigger hook: cli_opts, args: 1
2024-04-18 12:35:25,871 Using port: 57003
2024-04-18 12:35:25,871 Trigger hook: start_zap, args: 2
2024-04-18 12:35:25,871 Starting ZAP
2024-04-18 12:35:25,871 Params: ['zap-x.sh', '-daemon', '-port', '57003', '-host', '0.0.0.0', '-config', 'database.recoverylog=false', '-config', 'api.disablekey=true', '-config', 'api.addrs.addr.name=.*', '-config', 'api.addrs.addr.regex=true', '-config', 'spider.maxDuration=1', '-addonupdate', '-addoninstall', 'pscanrulesBeta']
2024-04-18 12:35:25,872 Failed to start ZAP :(
Possible fixes
Uncertain at this time what the fix would be. It would appear that the manner in which the container is constructed is the result of the issue. Additionally this would be resolved if the Webswing UI was available, as this would allow the user better interaction with the software: https://www.zaproxy.org/docs/docker/webswing/
Tasks
-
Bug has been identified and corrected within the container
Please read the Iron Bank Documentation for more info