zap-cli icon indicating copy to clipboard operation
zap-cli copied to clipboard
verified publisher icon Grunny

Never ending spider

Open garthoid opened this issue 7 years ago • 4 comments

I have been able to use zap-cli in the official owasp zap docker container. With a preconfigured context for login against a sample target site (juiceshop for example) the spider does not stop.

Is it possible to provide a max depth (the ZAP UI supports this) or perhaps provide a max time?

Thanks

garthoid avatar Nov 15 '18 04:11 garthoid

Next I tried using quick-scan with the spider option:

docker exec zap_engine zap-cli --zap-url <zapurl> --port <zapport> -v quick-scan --spider -r -c <contextfile> http://targeturl

However the spider gets stuck at 3% [DEBUG] Spider progress %: 3 [DEBUG] Spider progress %: 3

which continues....

The target in this case is juiceshop as a test target environment

garthoid avatar Nov 15 '18 15:11 garthoid

For the record, the infinite loop issue is tracked in zaproxy/zaproxy#4084.

thc202 avatar Dec 17 '18 12:12 thc202

:+1: We can add a max depth option and a timeout, both would be useful for the spider command I think. :)

Grunny avatar Dec 31 '18 05:12 Grunny

👍 We can add a max depth option and a timeout, both would be useful for the spider command I think. :)

Yes would be nice to run it against a single URL

ali-habibzadeh avatar Aug 17 '21 16:08 ali-habibzadeh