HelpUiDialogsAdvascan
This dialog launches the active scanner.
The first tab allows you to select or change the starting point. If you have more that one scan policies then you will be able to select the one to use. If the starting point is in one or more Contexts then you will be able to choose one of them. If that context has any Users defined then you will be able to select one of them. If you select one of the users then the active scan will be performed as that user, with ZAP (re)authenticating as that user whenever necessary.
If you select 'recurse' then all of the nodes underneath the one selected will also be scanned. Custom input vectors are only supported if this option is not selected.
If you select 'Show advanced options' then the following tabs will be shown which provide fine grain control over the active scanning process.
Clicking on the 'Reset' button will reset all of the options to their default values.
The Input Vectors tab allows you override the default input vectors which are defined in the Options Active Scan Input Vectors screen. Clicking on the 'Reset' button will reset the input vectors to the default options.
The Custom Vectors tab allows you specify specific locations in the request to attack. Custom Vectors are only available if the 'recurse' option on the first tab is not selected. To add custom input vectors highlight the characters you want to attack in the request and lick the 'Add' button. You can add as many custom input vectors as you want. To remove custom input vectors highlight any of the selected characters and click the 'Remove' button. Checking the 'Disable non custom input vectors' box disables all of the input vectors except those you manually define on this tab.
The Technology tab allows you to specify which types of technologies to scan. Un-selecting technologies that you know are not present in the target application may speed up the scan as rules which target that technology can skip those tests.
The Policy tab allows you to override any of the settings specified in the selected scan policy.
| Active Scan tab | 'New Scan' button | |
| Top level Tools menu | 'Active Scan...' menu item | |
| Sites tab | 'Attack / Active Scan... right click menu item | |
| History tab | 'Attack / Active Scan...' right click menu item |
| UI Overview | for an overview of the user interface | |
| Dialogs | for details of the dialogs or popups |
-
ZAP User Guide
- Introduction
-
Getting Started
- Configuring proxies
-
Features
- Active Scan
- Add-ons
- Alerts
- Anti CSRF Tokens
- API
- Authentication
- Break Points
- Callbacks
- Contexts
- Data Driven Content
- Filters
- Globally Excluded URLs
- HTTP Sessions
- Man-in-the-middle Proxy
- Modes
- Notes
- Passive Scan
- Scan Policies
- Scope
- Session Management
- Spider
- Statistics
- Structural Modifiers
- Structural Parameters
- Tags
- Users
- Scanner Rules
- A Simple Penetration Test
-
The User Interface
- Overview
- The Top Level Menu
- The Top Level Toolbar
- The Tabs
-
The Dialogs
- Active Scan
- Add Alert
- Add Break Point
- Add Note
- Encode/Decode/Hash
- Filter
- Find
- History Filter
- Manual Request Editor
- Manage Add-ons
- Manage Tags
-
Options
- Active Scan
- Active Scan Input Vectors
- Alerts
- Anti CSRF Tokens
- API
- Breakpoints
- Callback Address
- Certificate
- Check for Updates
- Connection
- Database
- Display
- Dynamic SSL Certificates
- Extensions
- Global Exclude URL
- HTTP Sessions
- JVM
- Keyboard
- Language
- Local Proxies
- Passive Scan Rules
- Passive Scan Tags
- Passive Scanner
- Rule Configuration
- Scripts
- Search
- Spider
- Statistics
- Persist Session
- Resend
- Scan Policy Manager
- Scan Progress
- Session
- Spider
- The Footer
- Command Line
- Add Ons
- Releases
- Paros Proxy
- Credits
