Skip to content

Commit

Permalink
Update data
Browse files Browse the repository at this point in the history 
From:
zaproxy/zap-admin@7d1b80f

with just `pscan`.

Signed-off-by: thc202 <[email protected]>
  • Loading branch information
@thc202
thc202 committed Jan 10, 2025
1 parent 4828563 commit 9397952
Show file tree
Hide file tree
Showing 9 changed files with 197 additions and 2 deletions.
40 changes: 39 additions & 1 deletion site/content/docs/desktop/addons/passive-scanner/_index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,49 @@ weight: 1
cascade:
addon:
id: pscan
version: 0.0.1
version: 0.1.0
---

# Passive Scanner Add-on

An add-on that provides core passive scanning capabilities.


This add-on supports the [Automation Framework](/docs/desktop/addons/passive-scanner/automation/).

## Passive Scan


ZAP by default passively scans all messages (e.g. HTTP, WebSocket) sent to the web application being tested.

Passive scanning does not change the messages in any way and is therefore safe to use.

Scanning is performed in the background to ensure that it does not slow down the exploration of an application.


The (main) behaviour of the passive scanner can be configured using the [Options Passive Scanner Screen](/docs/desktop/addons/passive-scanner/options/scanner/).


Passive scanning can also be used for automatically adding [tags](/docs/desktop/start/features/tags/)
and raising [alerts](/docs/desktop/start/features/alerts/) for potential issues.

A set of rules for automatic tagging are provided by default. These can be changed, deleted or
added to via the [Options Passive Scan Tags screen](/docs/desktop/addons/passive-scanner/options/tags/).


The alerts raised by passive scan rules can be configured using the [Options Passive Scan Rules screen](/docs/desktop/addons/passive-scanner/options/rules/).

## Official Videos

| | |
|---|------------------------------------------------------------------------------------------------|
| | [ZAP In Ten: Passive Scanning](https://play.sonatype.com/watch/vDWpoYjHi7fSLYFDQPWgMF) (10:27) |
| | [ZAP In Ten: Passive Scan Scripts](https://play.vidyard.com/HfENJ3GJB3zbD6sMscDrjD) (11:53) |
| | [Deep Dive: Passive Scanning](https://www.youtube.com/watch?v=Rx42kyrB0nk) (27:35) |

## See also

| | | |
|---|------------------------------------------------------------------|------------------------------------------------|
| | [Passive Scanner API](/docs/desktop/addons/passive-scanner/api/) | for more details about the Passive Scanner API |
| | [Options](/docs/desktop/addons/passive-scanner/options/) | for the provided options screens |
45 changes: 45 additions & 0 deletions site/content/docs/desktop/addons/passive-scanner/api.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
---
# This page was generated from the add-on.
title: Passive Scanner API
type: userguide
weight: 1
---

# Passive Scanner API

The following operations are added to the API:

### Actions

* clearQueue: Clears the passive scan queue.
* disableAllScanners: Disables all passive scan rules.
* disableAllTags: Disables all passive scan tags.
* disableScanners (ids\*): Disables passive scan rules.
* ids: A comma separated list of scan rule IDs.
* enableAllScanners: Enables all passive scan rules.
* enableAllTags: Enables all passive scan tags.
* enableScanners (ids\*): Enables passive scan rules.
* ids: A comma separated list of scan rule IDs.
* setEnabled (enabled\*): Sets whether or not the passive scanning is enabled (Note: the enabled state is not persisted).
* enabled: The enabled state, true or false.
* setMaxAlertsPerRule (maxAlerts\*): Sets the maximum number of alerts a passive scan rule can raise.
* maxAlerts: The maximum number of alerts.
* setScanOnlyInScope (onlyInScope\*): Sets whether or not the passive scan should be performed only on messages that are in scope.
* onlyInScope: The scan state, true or false.
* setScannerAlertThreshold (id\* alertThreshold\*): Sets the alert threshold of a passive scan rule.
* id: The ID of the scan rule.
* alertThreshold: The alert threshold: OFF, DEFAULT, LOW, MEDIUM and HIGH

### Views

* currentTasks: Shows information about the passive scan tasks currently being run (if any).
* maxAlertsPerRule: Gets the maximum number of alerts a passive scan rule should raise.
* recordsToScan: The number of records the passive scanner still has to scan.
* scanOnlyInScope: Tells whether or not the passive scan should be performed only on messages that are in scope.
* scanners: Lists all passive scan rules with their ID, name, enabled state, and alert threshold.

## See also

| | | |
|---|----------------------------------------------------------|--------------------------------------------|
| | [Passive Scanner](/docs/desktop/addons/passive-scanner/) | the introduction to Passive Scanner add-on |
2 changes: 1 addition & 1 deletion site/content/docs/desktop/addons/passive-scanner/automation.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# This page was generated from the add-on.
title: Passive Scanner Automation Framework Support
type: userguide
weight: 1
weight: 2
---

# Passive Scanner Automation Framework Support
Expand Down
4 changes: 4 additions & 0 deletions site/content/docs/desktop/addons/passive-scanner/job-pscanconf.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,10 @@ weight: 1

This job allows you to manage the passive scan configuration.


It is covered in the video: [ZAP Chat 08 Automation Framework Part 2 - Environment](https://youtu.be/1fcpU54N-mA).


The passive scanner runs against all requests and responses that are generated by ZAP or are proxied through it.
If you want to configure the passive scan configuration then you should typically do so before running any other jobs.
However you can run this job later, or multiple times, if you want different jobs to use different passive scan configurations.
Expand All @@ -33,11 +35,13 @@ However you can run this job later, or multiple times, if you want different job

The job saves the current passive scan configuration when a plan starts and resets it when the plan ends. This is primarily to ensure the scanOnlyInScope setting is not changed - the default is 'true' for the job but 'false' in the GUI.


Note that if you set `disableAllRules` to `true` then they will stay disabled when the plan has finished.
Automatically re-enabling them when the plan finishes could result in the rules becoming enabled while the passive scan
queue is being processed, for example if the [passiveScan-wait](/docs/desktop/addons/passive-scanner/job-pscanwait/) job is not used,
or if it is used but with the maxDuration option is set.


In versions up to and including 0.16.0 running this job with the default settings would change scanOnlyInScope to 'true' in the GUI.
This has proved confusing as many users use the GUI without setting a scope - when scanOnlyInScope is set to 'true'
and no scope is defined then no passive scan alerts are raised.
1 change: 1 addition & 0 deletions site/content/docs/desktop/addons/passive-scanner/job-pscanwait.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ weight: 2

This job waits for the passive scanner to finishing scanning the requests and responses in the current queue. You should typically run this job after the jobs that explore you application, such as the spider jobs or those that import API definitions. If any more requests are sent by ZAP or proxied through ZAP after this job has run then they will be processed by the passive scanner. You can run this job as many times as you need to.


It is covered in the video: [ZAP Chat 12 Automation Framework Part 6 - Delays and Active Scan](https://youtu.be/hcftgjz_Vgc).

## YAML
Expand Down
22 changes: 22 additions & 0 deletions site/content/docs/desktop/addons/passive-scanner/options/_index.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
---
# This page was generated from the add-on.
title: Options
type: userguide
weight: 3
---

# Options

The Passive Scanner add-on provides the following options screens:

| | | |
|---|---------------------------------------------------------------------------|---------------------------------------------------------------------|
| | [Passive Scanner](/docs/desktop/addons/passive-scanner/options/scanner/) | Allows to configure the passive scanner. |
| | [Passive Scan Rules](/docs/desktop/addons/passive-scanner/options/rules/) | Allows to configure the passive scan rules. |
| | [Passive Scan Tags](/docs/desktop/addons/passive-scanner/options/tags/) | Allows to configure the tags that are added by the passive scanner. |

## See also

| | | |
|---|----------------------------------------------------------|--------------------------------------------|
| | [Passive Scanner](/docs/desktop/addons/passive-scanner/) | the introduction to Passive Scanner add-on |
25 changes: 25 additions & 0 deletions site/content/docs/desktop/addons/passive-scanner/options/rules.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
# This page was generated from the add-on.
title: Passive Scan Rules
type: userguide
weight: 2
---

# Passive Scan Rules


This screen allows you to configure the passive scan rules.

### Threshold

This controls how likely ZAP is to report potential vulnerabilities.

* If you select Off then the scan rule won't run.
* If you select Low then more potential issues will be raised which may increase the number of false positives.
* If you select High then fewer potential issues will be raised which may mean that some real issues are missed (false negatives).

## See also

| | | |
|---|----------------------------------------------------------|--------------------------------------------|
| | [Passive Scanner](/docs/desktop/addons/passive-scanner/) | the introduction to Passive Scanner add-on |
27 changes: 27 additions & 0 deletions site/content/docs/desktop/addons/passive-scanner/options/scanner.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
---
# This page was generated from the add-on.
title: Passive Scanner
type: userguide
weight: 1
---

# Passive Scanner


This screen allows you to configure the passive scanner.

## Configuration Options

| Field | Details | Default | Config File |
|-------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------|---------------------------------------------------------------------------------------|
| Only scan messages in scope | Sets whether or not the passive scan should be performed only on messages that are in scope. | Deselected | Key: `pscans.scanOnlyInScope` Values: `true` or `false` |
| Include traffic from the Fuzzer when passive scanning | Sets whether or not the passive scanning should be performed on messages generated by the Fuzzer. | Deselected | Key: `pscans.scanFuzzerMessages` Values: `true` or `false` |
| Max alerts any rule can raise | Sets the maximum number of alerts a passive scan rule should raise. This may be slightly exceeded due to threading. This setting is typically only useful for automated scanning. Scan rules that exceed this value will be disabled and will need to be manually enabled if a new session is started. | 0 (unset) | Key: `pscans.maxAlertsPerRule` Values: `0`: unset or the maximum number of alerts |
| Max body size in bytes to scan | Sets the maximum size request or response body size in bytes that the passive scanner will scan. This can be used if passive scan rules take too long scanning very large requests or responses. If set the number of ignored requests and responses are recorded in the stats using the keys `stats.pscan.reqBodyTooBig` and `stats.pscan.respBodyTooBig` respectively. | 0 (unset) | Key: `pscans.maxBodySizeInBytes` Values: `0`: unset or the maximum body size in bytes |
| Clear Queue | Empties the passive scan queue without passively scanning the messages. Currently running rules will run to completion but new rules will only be run when new messages are added to the queue. | | |

## See also

| | | |
|---|----------------------------------------------------------|--------------------------------------------|
| | [Passive Scanner](/docs/desktop/addons/passive-scanner/) | the introduction to Passive Scanner add-on |
33 changes: 33 additions & 0 deletions site/content/docs/desktop/addons/passive-scanner/options/tags.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
---
# This page was generated from the add-on.
title: Passive Scan Tags
type: userguide
weight: 3
---

# Passive Scan Tags


This screen allows you to configure the tags that are added by the passive scanner.
You can add, modify and remove the tags via the appropriate buttons.

## Tag Interpolation

In order to allow some flexibility in Tag creation and content it is possible for the user to specify a regular expression with capturing groups which will be used to replace the group identifiers (ex: $1) in the resulting tag.


For example, a tag could be defined as follows:

| Field | Value | Note |
|----------------------|------------|----------------------------------------------------------------------|
| Name: | Test | |
| Tag: | $1-SOMETAG | |
| Response Body Regex: | (\\d{3}) | Find strings of 3 numbers, using a capturing group (round brackets). |

**Result:** When 3 digit strings are passively identified in response body content (the regex matches) the messages will be tagged such as "123-SOMETAG", "345-SOMETAG", etc.

## See also

| | | |
|---|----------------------------------------------------------|--------------------------------------------|
| | [Passive Scanner](/docs/desktop/addons/passive-scanner/) | the introduction to Passive Scanner add-on |

0 comments on commit 9397952

Please sign in to comment.