|
49 | 49 | <guid>/docs/desktop/addons/automation-framework/job-ascanconfig/</guid> |
50 | 50 | <description><h1 id="automation-framework---activescan-config-job">Automation Framework - activeScan-config Job</h1>
<p>This job configures the active scanner, for custom active scans (e.g. Sequence).</p>

<h2 id="yaml">YAML <a class="header-link" href="#yaml"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2>
<pre tabindex="0"><code> - type: activeScan-config # Configures the settings of the active scanner.
 parameters:
 maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
 maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
 maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
 defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
 handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
 injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
 threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
 inputVectors: # The input vectors used during the active scan.
 urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
 enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
 addParam: # Bool: If a query parameter should be added if none present. Default: false
 odata: # Bool: If OData query filters should be scanned. Default: true
 postData: # Configures the scanning of request bodies.
 enabled: # Bool: If enabled. Default: true
 multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
 xml: # Bool: If XML bodies should be scanned. Default: true
 json: # Configures the scanning of JSON bodies.
 enabled: # Bool: If JSON scanning should be enabled. Default: true
 scanNullValues: # Bool: If null values should be scanned. Default: false
 googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
 directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
 urlPath: # Bool: If URL path segments should be scanned. Default: false
 httpHeaders: # Configures the scanning of HTTP headers.
 enabled: # Bool: If HTTP header scanning should be enabled. Default: false
 allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
 cookieData: # Configures the scanning of cookies.
 enabled: # Bool: If enabled. Default: false
 encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
 scripts: # Bool: If Input Vector scripts should be used. Default: true
 excludePaths: # An optional list of regexes to exclude
 enabled: # Bool: If set to false the job will not be run, default: true
 alwaysRun: # Bool: If set and the job is enabled then it will run even if the plan exits early, default: false
</code></pre><p>Note that the &rsquo;excludePaths&rsquo; will overwrite any existing session &ldquo;Exclude from Scanner&rdquo; paths.</p></description> |
51 | 51 | </item> |
52 | | - <item> |
53 | | - <title>Automation Framework - passiveScan-config Job</title> |
54 | | - <link>/docs/desktop/addons/automation-framework/job-pscanconf/</link> |
55 | | - <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate> |
56 | | - <guid>/docs/desktop/addons/automation-framework/job-pscanconf/</guid> |
57 | | - <description><h1 id="automation-framework---passivescan-config-job">Automation Framework - passiveScan-config Job</h1>
<p>This job allows you to manage the passive scan configuration.</p>
<p>It is covered in the video: <a href="https://youtu.be/1fcpU54N-mA">ZAP Chat 08 Automation Framework Part 2 - Environment</a>.</p>
<p>The passive scanner runs against all requests and responses that are generated by ZAP or are proxied through it.
If you want to configure the passive scan configuration then you should typically do so before running any other jobs.
However you can run this job later, or multiple times, if you want different jobs to use different passive scan configurations.</p></description> |
58 | | - </item> |
59 | 52 | <item> |
60 | 53 | <title>Automation Framework - activeScan-policy Job</title> |
61 | 54 | <link>/docs/desktop/addons/automation-framework/job-ascanpolicy/</link> |
62 | 55 | <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate> |
63 | 56 | <guid>/docs/desktop/addons/automation-framework/job-ascanpolicy/</guid> |
64 | 57 | <description><h1 id="automation-framework---activescan-policy-job">Automation Framework - activeScan-policy Job</h1>
<p>This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs, like <a href="/docs/desktop/addons/automation-framework/job-ascan/">activeScan</a> job.</p>

<h2 id="yaml">YAML <a class="header-link" href="#yaml"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2>
<pre tabindex="0"><code> - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
 parameters:
 name: # String: Name of the policy, mandatory
 policyDefinition: # The policy definition
 defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
 defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
 alertTags: # Add rules based on alert tags; does not override or remove rules listed explicitly under &#34;rules&#34;
 include: [] # List of alert tags to include, regex supported
 exclude: [] # List of alert tags to exclude from this include list, regex supported
 strength: # String: The Attack Strength for this set of rules, one of Low, Medium, High, Insane, default: Medium
 threshold: # String: The Alert Threshold for this set of rules, one of Off, Low, Medium, High, default: Medium
 rules: # A list of one or more active scan rules and associated settings which override the defaults
 - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
 name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
 strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
 threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
 enabled: # Bool: If set to false the job will not be run, default: true
 alwaysRun: # Bool: If set and the job is enabled then it will run even if the plan exits early, default: false
</code></pre>
<h2 id="policy-definition-hierarchy">Policy Definition Hierarchy <a class="header-link" href="#policy-definition-hierarchy"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2>
<p>ZAP processes the policy definition in the following order:</p></description> |
65 | 58 | </item> |
66 | | - <item> |
67 | | - <title>Automation Framework - passiveScan-wait Job</title> |
68 | | - <link>/docs/desktop/addons/automation-framework/job-pscanwait/</link> |
69 | | - <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate> |
70 | | - <guid>/docs/desktop/addons/automation-framework/job-pscanwait/</guid> |
71 | | - <description><h1 id="automation-framework---passivescan-wait-job">Automation Framework - passiveScan-wait Job</h1>
<p>This job waits for the passive scanner to finishing scanning the requests and responses in the current queue. You should typically run this job after the jobs that explore you application, such as the spider jobs or those that import API definitions. If any more requests are sent by ZAP or proxied through ZAP after this job has run then they will be processed by the passive scanner. You can run this job as many times as you need to.</p></description> |
72 | | - </item> |
73 | 59 | <item> |
74 | 60 | <title>Automation Framework - activeScan Job</title> |
75 | 61 | <link>/docs/desktop/addons/automation-framework/job-ascan/</link> |
|
140 | 126 | <guid>/docs/desktop/addons/automation-framework/about/</guid> |
141 | 127 | <description><h1 id="automation-framework---about">Automation Framework - About</h1>

<h2 id="source-code">Source Code <a class="header-link" href="#source-code"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2>
<p><a href="https://github.com/zaproxy/zap-extensions/tree/main/addOns/automation">https://github.com/zaproxy/zap-extensions/tree/main/addOns/automation</a></p>

<h2 id="authors">Authors <a class="header-link" href="#authors"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2>
<p>ZAP Dev Team</p></description> |
142 | 128 | </item> |
| 129 | + <item> |
| 130 | + <title>Automation Framework - passiveScan-config Job</title> |
| 131 | + <link>/docs/desktop/addons/automation-framework/job-pscanconf/</link> |
| 132 | + <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate> |
| 133 | + <guid>/docs/desktop/addons/automation-framework/job-pscanconf/</guid> |
| 134 | + <description></description> |
| 135 | + </item> |
| 136 | + <item> |
| 137 | + <title>Automation Framework - passiveScan-wait Job</title> |
| 138 | + <link>/docs/desktop/addons/automation-framework/job-pscanwait/</link> |
| 139 | + <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate> |
| 140 | + <guid>/docs/desktop/addons/automation-framework/job-pscanwait/</guid> |
| 141 | + <description></description> |
| 142 | + </item> |
143 | 143 | <item> |
144 | 144 | <title>Automation Framework - spider Job</title> |
145 | 145 | <link>/docs/desktop/addons/automation-framework/job-spider/</link> |
|
0 commit comments