Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Passive Scan in OWASP ZAP

Tags:

owasp

zap

I have started learning OWASP ZAP and I am confused about passive scanning in OWASP ZAP.

On right clicking the node in Site tree I do not see any passive scanning option, however under Tools | Options I am able to see Passive Scan Rules.

  1. How Can I run Passive Scan in OWASP ZAP?
  2. Is the "URL to attack" in the Quick Start same as Active Scan after Spidering

Thanks

like image 295
NewBee Avatar asked Mar 12 '23 23:03

NewBee

1 Answers

They run by default, so you have to actually choose to disable them :) ZAP will run the (enabled) passive scan rules against all URLs that are either proxied through ZAP or visited by either of the spiders. https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsPscan

Cheers,

Simon (ZAP Project Lead)

like image 104
Simon Bennetts Avatar answered Apr 01 '23 20:04

Simon Bennetts
Sign in to Comment

Related questions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!