Export/Import OWASP ZAP Passive Scan Rules

Question

Is there any way to create a scan policy for passive scans? I know you can create and modify scan policies for the active/attack scanning, but i\'m wondering if you can do the s

Answer 1

There's an existing ticket open to unify Active/Passive Scan handling in a singular policy type interface: https://github.com/zaproxy/zaproxy/issues/3870. If you're really interested in that you could support it on BountySource (https://www.bountysource.com/issues/49047644-improved-active-passive-rules-management) and see if that draws some attention/action.

Another option you could go with is to create a quick script that uses ZAP's web API to apply a Passive Scan rule "policy". Relevant endpoints include: pscan/view/scanners/, pscan/action/disableAllScanners/, pscan/action/enableScanners/. Here's a python example:

from zapv2 import ZAPv2 as zap
import time

apikey = "apikey12345" #Your apikey
z = zap(apikey=apikey, proxies={"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"})
time.sleep(2) #Might need to be longer depending on your machine and if ZAP is already running or not

print "Disabling all passive scan rules.."

z.pscan.disable_all_scanners()

scanners = z.pscan.scanners

for scanner in scanners:
    print scanner.get("id") + " : " + scanner.get("enabled") + " : " + scanner.get("name")

to_enable = "10020,10021,10062" #Customize as you see fit
print "\nEnabling specific passive scan rules..[" + to_enable +"]"

z.pscan.enable_scanners(to_enable)

print "\nListing enabled passive scan rules.."

scanners2 = z.pscan.scanners

for scanner in scanners2:
    if (scanner.get("enabled") == "true"):
        print scanner.get("id") + " : " + scanner.get("enabled") + " : " + scanner.get("name")

Finally you could configure ZAP on one system, then copy that config.xml to other systems as needed.