Passive Scan in OWASP ZAP

About

Asked 11/3, 2016 at 14:10 Answered 11/3, 2016 at 15:39

I have started learning OWASP ZAP and I am confused about passive scanning in OWASP ZAP.

On right clicking the node in Site tree I do not see any passive scanning option, however under Tools | Options I am able to see Passive Scan Rules.

How Can I run Passive Scan in OWASP ZAP?
Is the "URL to attack" in the Quick Start same as Active Scan after Spidering

Thanks

Ology answered 11/3, 2016 at 14:10 Comment(0)

They run by default, so you have to actually choose to disable them :) ZAP will run the (enabled) passive scan rules against all URLs that are either proxied through ZAP or visited by either of the spiders. https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsPscan

Cheers,

Simon (ZAP Project Lead)

Portwin answered 11/3, 2016 at 15:39 Comment(1)

Hi, Thanks for your help. And I can see the answer for my second question at github.com/zaproxy/zap-core-help/wiki/… – Ology 14/3, 2016 at 6:37

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags