API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 28th, 2016
527
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Java 40.21 KB | None | 0 0
raw download clone embed print report
  1. Started by upstream project "docker-zap" build number 37
  2. originally caused by:
  3.  Started by user Stephen Donner
  4. Building in workspace /var/lib/jenkins/workspace/docker-zap/default
  5.  > git rev-parse --is-inside-work-tree # timeout=10
  6. Fetching changes from the remote Git repository
  7.  > git config remote.origin.url https://github.com/stephendonner/docker-zap.git # timeout=10
  8. Fetching upstream changes from https://github.com/stephendonner/docker-zap.git
  9.  > git --version # timeout=10
  10.  > git fetch --tags --progress https://github.com/stephendonner/docker-zap.git +refs/heads/*:refs/remotes/origin/*
  11. Checking out Revision c0a7ce4e47f61a7a1ea0a9a81b0511fbffa4993a (refs/remotes/origin/master)
  12.  > git config core.sparsecheckout # timeout=10
  13.  > git checkout -f c0a7ce4e47f61a7a1ea0a9a81b0511fbffa4993a
  14.  > git rev-list c0a7ce4e47f61a7a1ea0a9a81b0511fbffa4993a # timeout=10
  15. [default] $ /usr/bin/env bash /tmp/hudson5573309737489043794.sh
  16. http://demo.testfire.net/
  17. [INFO]            ZAP is running
  18. [INFO]            Accessing URL http://demo.testfire.net/
  19. [INFO]            Running spider...
  20. [INFO]            Running an active scan...
  21. [INFO]            Issues found: 21
  22. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  23. | Alert                            | Risk   |   CWE ID | URL                                                                                                              |
  24. +==================================+========+==========+==================================================================================================================+
  25. | Cross Site Scripting (Reflected) | High   |       79 | http://demo.testfire.net/bank/login.aspx                                                                         |
  26. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  27. | Cross Site Scripting (Reflected) | High   |       79 | http://demo.testfire.net/search.aspx?txtSearch=%3C%2Fspan%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Cspan%3E |
  28. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  29. | Cross Site Scripting (Reflected) | High   |       79 | http://demo.testfire.net/comment.aspx                                                                            |
  30. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  31. | Cross Site Scripting (Reflected) | High   |       79 | http://demo.testfire.net/notfound.aspx?aspxerrorpath=%3C%2Fb%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Cb%3E |
  32. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  33. | SQL Injection                    | High   |       89 | http://demo.testfire.net/bank/login.aspx                                                                         |
  34. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  35. | SQL Injection                    | High   |       89 | http://demo.testfire.net/bank/login.aspx                                                                         |
  36. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  37. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/                                                                                        |
  38. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  39. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/default.aspx                                                                            |
  40. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  41. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/bank/login.aspx                                                                         |
  42. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  43. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/bank/login.aspx                                                                         |
  44. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  45. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/bank/login.aspx                                                                         |
  46. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  47. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/bank/login.aspx                                                                         |
  48. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  49. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/feedback.aspx                                                                           |
  50. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  51. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/default.aspx?content=jobs/20061027.htm                                                  |
  52. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  53. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/feedback.aspx                                                                           |
  54. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  55. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/survey_questions.aspx                                                                   |
  56. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  57. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/search.aspx?txtSearch=ZAP                                                               |
  58. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  59. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/comment.aspx                                                                            |
  60. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  61. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/high_yield_investments.htm                                                              |
  62. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  63. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/survey_questions.aspx?step=a                                                            |
  64. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  65. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/notfound.aspx?aspxerrorpath=/Privacypolicy.aspx                                         |
  66. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  67. n==============================================================================ZAP-daemon log output follows==============================================================================nFound Java version 1.8.0_45-internal
  68. Available memory: 1839 MB
  69. Setting jvm heap size: -Xmx512m
  70. 656 [main] INFO org.zaproxy.zap.DaemonBootstrap  - OWASP ZAP D-2016-09-05 started.
  71. 763 [main] INFO org.parosproxy.paros.common.AbstractParam  - Setting config view.mode = attack was null
  72. 770 [main] INFO org.parosproxy.paros.common.AbstractParam  - Setting config api.disablekey = true was null
  73. 771 [main] INFO org.parosproxy.paros.common.AbstractParam  - Setting config scanner.attackOnStart = true was null
  74. 787 [main] INFO org.parosproxy.paros.network.SSLConnector  - Reading supported SSL/TLS protocols...
  75. 787 [main] INFO org.parosproxy.paros.network.SSLConnector  - Using a SSLEngine...
  76. 1259 [main] INFO org.parosproxy.paros.network.SSLConnector  - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
  77. 1275 [main] INFO org.parosproxy.paros.extension.option.OptionsParamCertificate  - Unsafe SSL renegotiation disabled.
  78. 2544 [main] INFO hsqldb.db..ENGINE  - open start - state not modified
  79. 2778 [main] INFO hsqldb.db..ENGINE  - dataFileCache open start
  80. 2801 [main] INFO hsqldb.db..ENGINE  - dataFileCache open end
  81. 2983 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory  - Loading extensions
  82. 7383 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory  - Extensions loaded
  83. 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Change user agent to other browsers.
  84. 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Detect insecure or potentially malicious content in HTTP responses.
  85. 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Detect and alert 'Set-cookie' attempt in HTTP response for modification.
  86. 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Avoid browser cache (strip off IfModifiedSince)
  87. 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Log cookies sent by browser.
  88. 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Log unique GET queries into file:filter/get.xls
  89. 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Log unique POST queries into file:  filter/post.xls
  90. 8040 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Log request and response into file: filter/message.txt
  91. 8040 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Replace HTTP request body using defined pattern.
  92. 8040 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Replace HTTP request header using defined pattern.
  93. 8040 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Replace HTTP response body using defined pattern.
  94. 8040 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Replace HTTP response header using defined pattern.
  95. 8040 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Send ZAP session request ID
  96. Sep 25, 2016 2:31:43 AM java.util.prefs.FileSystemPreferences$1 run
  97. INFO: Created user preferences directory.
  98. 8241 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows ZAP to check for updates
  99. 8247 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionViewOption
  100. 8247 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionEdit
  101. 8247 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionFilter
  102. 8247 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Provides a rest based API for controlling and accessing ZAP
  103. 8316 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionState
  104. 8316 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionReport
  105. 8316 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHistory
  106. 8319 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Show hidden fields and enable disabled fields
  107. 8322 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Search messages for strings and regular expressions
  108. 8323 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Encode/Decode/Hash...
  109. 8323 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to intercept and modify requests and responses
  110. 8323 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Passive scanner
  111. 8454 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Script Passive Scan Rules
  112. 8455 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Stats Passive Scan Rule
  113. 8455 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Application Error Disclosure
  114. 8455 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Incomplete or No Cache-control and Pragma HTTP Header Set
  115. 8455 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Content-Type Header Missing
  116. 8456 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cookie No HttpOnly Flag
  117. 8456 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cookie Without Secure Flag
  118. 8456 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion
  119. 8456 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Web Browser XSS Protection Not Enabled
  120. 8456 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Secure Pages Include Mixed Content
  121. 8456 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Password Autocomplete in Browser
  122. 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Private IP Disclosure
  123. 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Session ID in URL Rewrite
  124. 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-Content-Type-Options Header Missing
  125. 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-Frame-Options Header Scanner
  126. 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Charset Mismatch
  127. 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Loosely Scoped Cookie
  128. 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Absence of Anti-CSRF Tokens
  129. 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Information Disclosure - Debug Error Messages
  130. 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Information Disclosure - Sensitive Informations in URL
  131. 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header
  132. 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Information Disclosure - Suspicious Comments
  133. 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Weak Authentication Method
  134. 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Insecure JSF ViewState
  135. 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: HTTP Parameter Override
  136. 8459 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Viewstate Scanner
  137. 8459 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: WSDL File Passive Scanner
  138. 8475 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to view and manage alerts
  139. 8475 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Active scanner, heavily based on the original Paros active scanner, but with additional tests added
  140. 8481 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionSequence
  141. 8481 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Spider used for automatically finding URIs on a site
  142. 8487 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing A set of common popup menus for miscellaneous tasks
  143. 8488 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Forced browsing of files and directories using code from the OWASP DirBuster tool
  144. 8489 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Simple but effective port scanner
  145. 8489 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionManualRequest
  146. 8489 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Compares 2 sessions and generates an HTML file showing the differences
  147. 8490 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Invoke external applications passing context related information such as URLs and parameters
  148. 8490 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Handles anti cross site request forgery (CSRF) tokens
  149. 8493 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionAuthentication
  150. 8542 [ZAP-daemon] INFO org.zaproxy.zap.extension.authentication.ExtensionAuthentication  - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication]
  151. 8546 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Creates a dynamic SSL certificate to allow SSL communications to be intercepted without warnings being generated by the browser
  152. 8547 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Logs errors to the Output tab in development mode only
  153. 8547 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionUserManagement
  154. 8554 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Summarise and analyse FORM and URL parameters as well as cookies
  155. 8556 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Script integration
  156. 8587 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Scripting console, supports all JSR 223 scripting languages
  157. 8588 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionForcedUser
  158. 8589 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Extension handling HTTP sessions
  159. 8594 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Zest is a specialized scripting language from Mozilla specifically designed to be used in security tools
  160. 9515 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionDiff
  161. 9518 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionRequestPostTableView
  162. 9518 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Simple browser configuration
  163. 9518 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionSessionManagement
  164. 9522 [ZAP-daemon] INFO org.zaproxy.zap.extension.sessions.ExtensionSessionManagement  - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management]
  165. 9523 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelRequestFormTableView
  166. 9523 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Capture messages from WebSockets with the ability to set breakpoints.
  167. 9529 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to import a WSDL file containing operations which ZAP will access, adding them to the Sites tree.
  168. 9530 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Core UI related functionality.
  169. 9530 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionAuthorization
  170. 9530 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing AJAX Spider, uses Crawljax
  171. 9532 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Add-on that adds a set of tools for testing access control in web applications.
  172. 9533 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Handles adding Global Excluded URLs
  173. 9533 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Adds menu item to refresh the Sites tree
  174. 9533 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Adds support for configurable keyboard shortcuts for all of the ZAP menus.
  175. 9533 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing OWASP ZAP User Guide
  176. 9533 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to configure which extensions are loaded when ZAP starts
  177. 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelComponentonentAll
  178. 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelHexView
  179. 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelImageView
  180. 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelLargeRequestView
  181. 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelLargeResponseView
  182. 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelRequestQueryCookieTableView
  183. 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelSyntaxHighlightTextView
  184. 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Active and passive rule configuration
  185. 9537 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Statistics
  186. 9538 [ZAP-daemon] INFO org.zaproxy.zap.extension.stats.ExtensionStats  - Start recording in memory stats
  187. 9540 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Context alert rules filter
  188. 9541 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Active Scan Rules
  189. 9542 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Active Scan Rules - beta
  190. 9542 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Translations of the core language files
  191. 9542 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.
  192. 9544 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows to fuzz HTTP messages.
  193. 9544 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing The ZAP Getting Started Guide
  194. 9545 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing The Online menu links
  195. 9545 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Passive Scan Rules
  196. 9545 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Passive Scan Rules - beta
  197. 9545 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Quick Start panel
  198. 9546 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionSaveRawHttpMessage
  199. 9546 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.
  200. 9547 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Tips and Tricks
  201. 9547 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows to fuzz WebSocket messages.
  202. 9569 [Thread-6] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL  - Creating new root CA certificate
  203. 10172 [ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap  - ZAP is now listening on 127.0.0.1:2375
  204. 11928 [ZAP-ProxyThread-2] INFO org.zaproxy.zap.extension.httpsessions.ExtensionHttpSessions  - Added new session token for site 'demo.testfire.net:80': ASP.NET_SessionId
  205. 14606 [Thread-9] INFO org.zaproxy.zap.extension.spider.SpiderThread  - Starting spidering scan on SpiderApi-0 at Sun Sep 25 02:31:49 UTC 2016
  206. 14630 [Thread-9] INFO org.zaproxy.zap.spider.Spider  - Spider initializing...
  207. 14710 [Thread-9] INFO org.zaproxy.zap.spider.Spider  - Starting spider...
  208. 26496 [pool-1-thread-1] INFO org.zaproxy.zap.spider.Spider  - Spidering process is complete. Shutting down...
  209. 26502 [Thread-10] INFO org.zaproxy.zap.extension.spider.SpiderThread  - Spider scanning complete: true
  210. 33200 [Thread-6] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL  - New root CA certificate created
  211. 35218 [ZAP-ProxyThread-9] INFO org.parosproxy.paros.core.scanner.Scanner  - scanner started
  212. 36038 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - Scanning 23 node(s) from http://demo.testfire.net
  213. 36040 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestPathTraversal strength MEDIUM threshold MEDIUM
  214. 58791 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestPathTraversal in 22.75s
  215. 58792 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestRemoteFileInclude strength MEDIUM threshold MEDIUM
  216. 67694 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestRemoteFileInclude in 8.902s
  217. 67699 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestServerSideInclude strength MEDIUM threshold MEDIUM
  218. 74085 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestServerSideInclude in 6.389s
  219. 74086 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestCrossSiteScriptV2 strength MEDIUM threshold MEDIUM
  220. 77965 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestCrossSiteScriptV2 in 3.879s
  221. 77966 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestSQLInjection strength MEDIUM threshold MEDIUM
  222. 96542 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestSQLInjection in 18.576s
  223. 96543 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | CodeInjectionPlugin strength MEDIUM threshold MEDIUM
  224. 104138 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | CodeInjectionPlugin in 7.594s
  225. 104140 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | CommandInjectionPlugin strength MEDIUM threshold MEDIUM
  226. 127522 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | CommandInjectionPlugin in 23.383s
  227. 127523 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestDirectoryBrowsing strength MEDIUM threshold MEDIUM
  228. 129810 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestDirectoryBrowsing in 2.287s
  229. 129811 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestExternalRedirect strength MEDIUM threshold MEDIUM
  230. 137444 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestExternalRedirect in 7.633s
  231. 137445 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | BufferOverflow strength MEDIUM threshold MEDIUM
  232. 140028 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | BufferOverflow in 2.582s
  233. 140028 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | FormatString strength MEDIUM threshold MEDIUM
  234. 143582 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | FormatString in 3.554s
  235. 143582 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestInjectionCRLF strength MEDIUM threshold MEDIUM
  236. 148764 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestInjectionCRLF in 5.182s
  237. 148765 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestParameterTamper strength MEDIUM threshold MEDIUM
  238. 153699 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestParameterTamper in 4.934s
  239. 153700 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestPersistentXSSPrime strength MEDIUM threshold MEDIUM
  240. 156175 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestPersistentXSSPrime in 2.474s
  241. 156176 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestPersistentXSSSpider strength MEDIUM threshold MEDIUM
  242. 158905 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestPersistentXSSSpider in 2.729s
  243. 158905 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestPersistentXSSAttack strength MEDIUM threshold MEDIUM
  244. 159741 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestPersistentXSSAttack in 0.836s
  245. 159741 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | ScriptsActiveScanner strength MEDIUM threshold MEDIUM
  246. 159745 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - skipped plugin [no scripts enabled] http://demo.testfire.net | ScriptsActiveScanner in 0.003s
  247. 159745 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | SourceCodeDisclosureSVN strength MEDIUM threshold MEDIUM
  248. 161630 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | SourceCodeDisclosureSVN in 1.884s
  249. 161630 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | SourceCodeDisclosureWEBINF strength MEDIUM threshold MEDIUM
  250. 161632 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | ShellShockScanner strength MEDIUM threshold MEDIUM
  251. 162041 [ZAP-ActiveScanner-0] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | SourceCodeDisclosureWEBINF in 0.411s
  252. 164806 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | ShellShockScanner in 3.173s
  253. 164807 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | Csrftokenscan strength MEDIUM threshold MEDIUM
  254. 166595 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | Csrftokenscan in 1.788s
  255. 166596 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | HeartBleedActiveScanner strength MEDIUM threshold MEDIUM
  256. 166603 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | CrossDomainScanner strength MEDIUM threshold MEDIUM
  257. 166609 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | SourceCodeDisclosureCVE20121823 strength MEDIUM threshold MEDIUM
  258. 166900 [ZAP-ActiveScanner-1] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | CrossDomainScanner in 0.297s
  259. 182093 [ZAP-ActiveScanner-0] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | HeartBleedActiveScanner in 15.497s
  260. 182094 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | SourceCodeDisclosureCVE20121823 in 15.486s
  261. 182094 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | RemoteCodeExecutionCVE20121823 strength MEDIUM threshold MEDIUM
  262. 185815 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | RemoteCodeExecutionCVE20121823 in 3.721s
  263. 185816 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | SessionFixation strength MEDIUM threshold MEDIUM
  264. 186036 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | SessionFixation in 0.22s
  265. 186036 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | SQLInjectionMySQL strength MEDIUM threshold MEDIUM
  266. 194039 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | SQLInjectionMySQL in 8.003s
  267. 194041 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | SQLInjectionHypersonic strength MEDIUM threshold MEDIUM
  268. 199804 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | SQLInjectionHypersonic in 5.763s
  269. 199805 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | SQLInjectionOracle strength MEDIUM threshold MEDIUM
  270. 206859 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | SQLInjectionOracle in 7.052s
  271. 206866 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | SQLInjectionPostgresql strength MEDIUM threshold MEDIUM
  272. 213925 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | SQLInjectionPostgresql in 7.062s
  273. 213926 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | XpathInjectionPlugin strength MEDIUM threshold MEDIUM
  274. 216836 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | XpathInjectionPlugin in 2.909s
  275. 216836 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | XXEPlugin strength MEDIUM threshold MEDIUM
  276. 216864 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | XXEPlugin in 0.028s
  277. 216864 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | PaddingOraclePlugin strength MEDIUM threshold MEDIUM
  278. 217495 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | PaddingOraclePlugin in 0.631s
  279. 217495 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | ExpressionLanguageInjectionPlugin strength MEDIUM threshold MEDIUM
  280. 218973 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | ExpressionLanguageInjectionPlugin in 1.477s
  281. 218973 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | BackupFileDisclosure strength MEDIUM threshold MEDIUM
  282. 245490 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | BackupFileDisclosure in 26.516s
  283. 245491 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | IntegerOverflow strength MEDIUM threshold MEDIUM
  284. 250937 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | IntegerOverflow in 5.447s
  285. 250938 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | InsecureHTTPMethod strength MEDIUM threshold MEDIUM
  286. 253736 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | InsecureHTTPMethod in 2.798s
  287. 253737 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | HPP strength MEDIUM threshold MEDIUM
  288. 256230 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | HPP in 2.494s
  289. 256231 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | UsernameEnumeration strength MEDIUM threshold MEDIUM
  290. 256234 [Thread-12] INFO org.zaproxy.zap.extension.ascanrulesBeta.UsernameEnumeration  - There does not appear to be any configured contexts using Form-based Authentication. Further attempts during the current scan will be skipped.
  291. 256236 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - skipped plugin http://demo.testfire.net | UsernameEnumeration in 0.005s
  292. 256236 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | SOAPActionSpoofingActiveScanner strength MEDIUM threshold MEDIUM
  293. 256299 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | SOAPActionSpoofingActiveScanner in 0.063s
  294. 256299 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | SOAPXMLInjectionActiveScanner strength MEDIUM threshold MEDIUM
  295. 257328 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | SOAPXMLInjectionActiveScanner in 1.029s
  296. 257329 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host http://demo.testfire.net in 222.032s
  297. 257331 [Thread-11] INFO org.parosproxy.paros.core.scanner.Scanner  - scanner completed in 222.111s
  298. 854d1d01ba7313432519e9d173db6b6bf5a5d7768582190df0524239f8715977
  299. Finished: SUCCESS
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!