1

I'm trying to compile a list of vulnerabilities that ZAP tries to find when you run the "Active Scan" in ATTACK mode on a webapp. Does this list exist in the documentation anywhere? If it also has a list of all the inputs that it tries that would be very helpful.

trallgorm
  • 875
  • 7
  • 19

1 Answers1

3

We have a FAQ for that :) https://github.com/zaproxy/zaproxy/wiki/FAQzaptests

ZAP has a built in set of 'input vectors' https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsAscaninput but you can also define your own via script input vectors: https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsScriptsScripts

Simon Bennetts
  • 1,390
  • 7
  • 10
  • Perfect, thank you! However, still can't find the list of inputs it actually tries. For example, which queries specifically it tries to test for code injection. – trallgorm Feb 15 '18 at 15:33
  • 1
    Thats defined in the code :) e.g. https://github.com/zaproxy/zap-extensions/blob/master/src/org/zaproxy/zap/extension/ascanrules/CodeInjectionPlugin.java – Simon Bennetts Feb 16 '18 at 16:56