问题
Is there any way to create a scan policy for passive scans? I know you can create and modify scan policies for the active/attack scanning, but i'm wondering if you can do the same for the passive scan rules or if you have to individually modify them on every machine?
回答1:
There's an existing ticket open to unify Active/Passive Scan handling in a singular policy type interface: https://github.com/zaproxy/zaproxy/issues/3870. If you're really interested in that you could support it on BountySource (https://www.bountysource.com/issues/49047644-improved-active-passive-rules-management) and see if that draws some attention/action.
Another option you could go with is to create a quick script that uses ZAP's web API to apply a Passive Scan rule "policy". Relevant endpoints include: pscan/view/scanners/, pscan/action/disableAllScanners/, pscan/action/enableScanners/. Here's a python example:
from zapv2 import ZAPv2 as zap
import time
apikey = "apikey12345" #Your apikey
z = zap(apikey=apikey, proxies={"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"})
time.sleep(2) #Might need to be longer depending on your machine and if ZAP is already running or not
print "Disabling all passive scan rules.."
z.pscan.disable_all_scanners()
scanners = z.pscan.scanners
for scanner in scanners:
print scanner.get("id") + " : " + scanner.get("enabled") + " : " + scanner.get("name")
to_enable = "10020,10021,10062" #Customize as you see fit
print "\nEnabling specific passive scan rules..[" + to_enable +"]"
z.pscan.enable_scanners(to_enable)
print "\nListing enabled passive scan rules.."
scanners2 = z.pscan.scanners
for scanner in scanners2:
if (scanner.get("enabled") == "true"):
print scanner.get("id") + " : " + scanner.get("enabled") + " : " + scanner.get("name")
Finally you could configure ZAP on one system, then copy that config.xml
to other systems as needed.
来源:https://stackoverflow.com/questions/51266590/export-import-owasp-zap-passive-scan-rules