I'm trying to compile a list of vulnerabilities that ZAP tries to find when you run the "Active Scan" in ATTACK mode on a webapp. Does this list exist in the documentation anywhere? If it also has a list of all the inputs that it tries that would be very helpful.
Asked
Active
Viewed 1,894 times
1 Answers
3
We have a FAQ for that :) https://github.com/zaproxy/zaproxy/wiki/FAQzaptests
ZAP has a built in set of 'input vectors' https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsAscaninput but you can also define your own via script input vectors: https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsScriptsScripts
Simon Bennetts
- 1,390
- 7
- 10
-
Perfect, thank you! However, still can't find the list of inputs it actually tries. For example, which queries specifically it tries to test for code injection. – trallgorm Feb 15 '18 at 15:33
-
1Thats defined in the code :) e.g. https://github.com/zaproxy/zap-extensions/blob/master/src/org/zaproxy/zap/extension/ascanrules/CodeInjectionPlugin.java – Simon Bennetts Feb 16 '18 at 16:56