def _wait_for_passive_scan(self): limit = self.config.get("passive_scan_wait_threshold", 0) status.wait_for_completion( lambda: int(self._zap_api.pscan.records_to_scan) > limit, lambda: int(self._zap_api.pscan.records_to_scan), "Passive scan queue: %d items", limit=self.config.get("passive_scan_wait_limit", None))
def _active_scan(self): log.info("Active scan against target %s", self.config.get("target")) if self.config.get("auth_script", None): scan_id = self._zap_api.ascan.scan_as_user( self.config.get("target"), self._zap_context, self._zap_user, recurse=True, scanpolicyname=self._scan_policy_name) else: scan_id = self._zap_api.ascan.scan( self.config.get("target"), scanpolicyname=self._scan_policy_name) # try: int(scan_id) except: # pylint: disable=W0702 log.warning( "ZAP failed to return scan ID (scan_id=%s). Please check that target URL is accessible from Carrier DAST container", scan_id) # pylint: disable=C0301 return # status.wait_for_completion( lambda: int(self._zap_api.ascan.status(scan_id)) < 100, lambda: int(self._zap_api.ascan.status(scan_id)), "Active scan progress: %d%%")
def _ajax_spider(self): log.info("Ajax spidering target: %s", self.config.get("target")) if self.config.get("auth_script", None): self._zap_api.ajaxSpider.scan_as_user(self._zap_context_name, "dusty_user", self.config.get("target"), subtreeonly=True) else: self._zap_api.ajaxSpider.scan(self.config.get("target")) status.wait_for_completion( lambda: self._zap_api.ajaxSpider.status == 'running', lambda: int(self._zap_api.ajaxSpider.number_of_results), "Ajax spider found: %d URLs")
def _spider(self): log.info("Spidering target: %s", self.config.get("target")) if self.config.get("auth_script", None): scan_id = self._zap_api.spider.scan_as_user( self._zap_context, self._zap_user, self.config.get("target"), recurse=True, subtreeonly=True ) else: scan_id = self._zap_api.spider.scan(self.config.get("target")) status.wait_for_completion( lambda: int(self._zap_api.spider.status(scan_id)) < 100, lambda: int(self._zap_api.spider.status(scan_id)), "Spidering progress: %d%%" )
def _active_scan(self): log.info("Active scan against target %s", self.config.get("target")) if self.config.get("auth_script", None): scan_id = self._zap_api.ascan.scan_as_user( self.config.get("target"), self._zap_context, self._zap_user, recurse=True, scanpolicyname=self._scan_policy_name ) else: scan_id = self._zap_api.ascan.scan( self.config.get("target"), scanpolicyname=self._scan_policy_name ) status.wait_for_completion( lambda: int(self._zap_api.ascan.status(scan_id)) < 100, lambda: int(self._zap_api.ascan.status(scan_id)), "Active scan progress: %d%%" )
def _spider(self): log.info("Spidering target: %s", self.config.get("target")) if self.config.get("auth_script", None): scan_id = self._zap_api.spider.scan_as_user( self._zap_context, self._zap_user, self.config.get("target"), recurse=True, subtreeonly=True) else: scan_id = self._zap_api.spider.scan(self.config.get("target")) # try: int(scan_id) except: # pylint: disable=W0702 log.warning( "ZAP failed to return scan ID (scan_id=%s). Please check that target URL is accessible from Carrier DAST container", scan_id) # pylint: disable=C0301 return # status.wait_for_completion( lambda: int(self._zap_api.spider.status(scan_id)) < 100, lambda: int(self._zap_api.spider.status(scan_id)), "Spidering progress: %d%%")
def _wait_for_passive_scan(self): status.wait_for_completion( lambda: int(self._zap_api.pscan.records_to_scan) > 0, lambda: int(self._zap_api.pscan.records_to_scan), "Passive scan queue: %d items" )