Is there any way to create a scan policy for passive scans? I know you can create and modify scan policies for the active/attack scanning, but i'm wondering if you can do the same for the passive scan rules or if you have to individually modify them on every machine?
There's an existing ticket open to unify Active/Passive Scan handling in a singular policy type interface: https://github.com/zaproxy/zaproxy/issues/3870. If you're really interested in that you could support it on BountySource (https://www.bountysource.com/issues/49047644-improved-active-passive-rules-management) and see if that draws some attention/action.
Another option you could go with is to create a quick script that uses ZAP's web API to apply a Passive Scan rule "policy". Relevant endpoints include: pscan/view/scanners/, pscan/action/disableAllScanners/, pscan/action/enableScanners/. Here's a python example:
from zapv2 import ZAPv2 as zap
import time
apikey = "apikey12345" #Your apikey
z = zap(apikey=apikey, proxies={"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"})
time.sleep(2) #Might need to be longer depending on your machine and if ZAP is already running or not
print "Disabling all passive scan rules.."
z.pscan.disable_all_scanners()
scanners = z.pscan.scanners
for scanner in scanners:
print scanner.get("id") + " : " + scanner.get("enabled") + " : " + scanner.get("name")
to_enable = "10020,10021,10062" #Customize as you see fit
print "\nEnabling specific passive scan rules..[" + to_enable +"]"
z.pscan.enable_scanners(to_enable)
print "\nListing enabled passive scan rules.."
scanners2 = z.pscan.scanners
for scanner in scanners2:
if (scanner.get("enabled") == "true"):
print scanner.get("id") + " : " + scanner.get("enabled") + " : " + scanner.get("name")
Finally you could configure ZAP on one system, then copy that config.xml to other systems as needed.
来源:https://stackoverflow.com/questions/51266590/export-import-owasp-zap-passive-scan-rules