Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Started by upstream project "docker-zap" build number 37
- originally caused by:
- Started by user Stephen Donner
- Building in workspace /var/lib/jenkins/workspace/docker-zap/default
- > git rev-parse --is-inside-work-tree # timeout=10
- Fetching changes from the remote Git repository
- > git config remote.origin.url https://github.com/stephendonner/docker-zap.git # timeout=10
- Fetching upstream changes from https://github.com/stephendonner/docker-zap.git
- > git --version # timeout=10
- > git fetch --tags --progress https://github.com/stephendonner/docker-zap.git +refs/heads/*:refs/remotes/origin/*
- Checking out Revision c0a7ce4e47f61a7a1ea0a9a81b0511fbffa4993a (refs/remotes/origin/master)
- > git config core.sparsecheckout # timeout=10
- > git checkout -f c0a7ce4e47f61a7a1ea0a9a81b0511fbffa4993a
- > git rev-list c0a7ce4e47f61a7a1ea0a9a81b0511fbffa4993a # timeout=10
- [default] $ /usr/bin/env bash /tmp/hudson5573309737489043794.sh
- http://demo.testfire.net/
- [INFO] ZAP is running
- [INFO] Accessing URL http://demo.testfire.net/
- [INFO] Running spider...
- [INFO] Running an active scan...
- [INFO] Issues found: 21
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | Alert | Risk | CWE ID | URL |
- +==================================+========+==========+==================================================================================================================+
- | Cross Site Scripting (Reflected) | High | 79 | http://demo.testfire.net/bank/login.aspx |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | Cross Site Scripting (Reflected) | High | 79 | http://demo.testfire.net/search.aspx?txtSearch=%3C%2Fspan%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Cspan%3E |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | Cross Site Scripting (Reflected) | High | 79 | http://demo.testfire.net/comment.aspx |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | Cross Site Scripting (Reflected) | High | 79 | http://demo.testfire.net/notfound.aspx?aspxerrorpath=%3C%2Fb%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Cb%3E |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | SQL Injection | High | 89 | http://demo.testfire.net/bank/login.aspx |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | SQL Injection | High | 89 | http://demo.testfire.net/bank/login.aspx |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | Anti CSRF Tokens Scanner | High | 352 | http://demo.testfire.net/ |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | Anti CSRF Tokens Scanner | High | 352 | http://demo.testfire.net/default.aspx |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | Anti CSRF Tokens Scanner | High | 352 | http://demo.testfire.net/bank/login.aspx |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | Anti CSRF Tokens Scanner | High | 352 | http://demo.testfire.net/bank/login.aspx |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | Anti CSRF Tokens Scanner | High | 352 | http://demo.testfire.net/bank/login.aspx |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | Anti CSRF Tokens Scanner | High | 352 | http://demo.testfire.net/bank/login.aspx |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | Anti CSRF Tokens Scanner | High | 352 | http://demo.testfire.net/feedback.aspx |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | Anti CSRF Tokens Scanner | High | 352 | http://demo.testfire.net/default.aspx?content=jobs/20061027.htm |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | Anti CSRF Tokens Scanner | High | 352 | http://demo.testfire.net/feedback.aspx |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | Anti CSRF Tokens Scanner | High | 352 | http://demo.testfire.net/survey_questions.aspx |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | Anti CSRF Tokens Scanner | High | 352 | http://demo.testfire.net/search.aspx?txtSearch=ZAP |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | Anti CSRF Tokens Scanner | High | 352 | http://demo.testfire.net/comment.aspx |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | Anti CSRF Tokens Scanner | High | 352 | http://demo.testfire.net/high_yield_investments.htm |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | Anti CSRF Tokens Scanner | High | 352 | http://demo.testfire.net/survey_questions.aspx?step=a |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- | Anti CSRF Tokens Scanner | High | 352 | http://demo.testfire.net/notfound.aspx?aspxerrorpath=/Privacypolicy.aspx |
- +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
- n==============================================================================ZAP-daemon log output follows==============================================================================nFound Java version 1.8.0_45-internal
- Available memory: 1839 MB
- Setting jvm heap size: -Xmx512m
- 656 [main] INFO org.zaproxy.zap.DaemonBootstrap - OWASP ZAP D-2016-09-05 started.
- 763 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config view.mode = attack was null
- 770 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config api.disablekey = true was null
- 771 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config scanner.attackOnStart = true was null
- 787 [main] INFO org.parosproxy.paros.network.SSLConnector - Reading supported SSL/TLS protocols...
- 787 [main] INFO org.parosproxy.paros.network.SSLConnector - Using a SSLEngine...
- 1259 [main] INFO org.parosproxy.paros.network.SSLConnector - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
- 1275 [main] INFO org.parosproxy.paros.extension.option.OptionsParamCertificate - Unsafe SSL renegotiation disabled.
- 2544 [main] INFO hsqldb.db..ENGINE - open start - state not modified
- 2778 [main] INFO hsqldb.db..ENGINE - dataFileCache open start
- 2801 [main] INFO hsqldb.db..ENGINE - dataFileCache open end
- 2983 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Loading extensions
- 7383 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Extensions loaded
- 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Change user agent to other browsers.
- 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Detect insecure or potentially malicious content in HTTP responses.
- 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Detect and alert 'Set-cookie' attempt in HTTP response for modification.
- 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Avoid browser cache (strip off IfModifiedSince)
- 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log cookies sent by browser.
- 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log unique GET queries into file:filter/get.xls
- 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log unique POST queries into file: filter/post.xls
- 8040 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log request and response into file: filter/message.txt
- 8040 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP request body using defined pattern.
- 8040 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP request header using defined pattern.
- 8040 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP response body using defined pattern.
- 8040 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP response header using defined pattern.
- 8040 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Send ZAP session request ID
- Sep 25, 2016 2:31:43 AM java.util.prefs.FileSystemPreferences$1 run
- INFO: Created user preferences directory.
- 8241 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows ZAP to check for updates
- 8247 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionViewOption
- 8247 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionEdit
- 8247 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionFilter
- 8247 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides a rest based API for controlling and accessing ZAP
- 8316 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionState
- 8316 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionReport
- 8316 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHistory
- 8319 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Show hidden fields and enable disabled fields
- 8322 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Search messages for strings and regular expressions
- 8323 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Encode/Decode/Hash...
- 8323 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to intercept and modify requests and responses
- 8323 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive scanner
- 8454 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Script Passive Scan Rules
- 8455 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Stats Passive Scan Rule
- 8455 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure
- 8455 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Incomplete or No Cache-control and Pragma HTTP Header Set
- 8455 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing
- 8456 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag
- 8456 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag
- 8456 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion
- 8456 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Web Browser XSS Protection Not Enabled
- 8456 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content
- 8456 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Password Autocomplete in Browser
- 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure
- 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite
- 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing
- 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Frame-Options Header Scanner
- 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Charset Mismatch
- 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Loosely Scoped Cookie
- 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Absence of Anti-CSRF Tokens
- 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Debug Error Messages
- 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Informations in URL
- 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header
- 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Suspicious Comments
- 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Weak Authentication Method
- 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Insecure JSF ViewState
- 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP Parameter Override
- 8459 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Viewstate Scanner
- 8459 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: WSDL File Passive Scanner
- 8475 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to view and manage alerts
- 8475 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active scanner, heavily based on the original Paros active scanner, but with additional tests added
- 8481 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSequence
- 8481 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider used for automatically finding URIs on a site
- 8487 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing A set of common popup menus for miscellaneous tasks
- 8488 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced browsing of files and directories using code from the OWASP DirBuster tool
- 8489 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Simple but effective port scanner
- 8489 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionManualRequest
- 8489 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Compares 2 sessions and generates an HTML file showing the differences
- 8490 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Invoke external applications passing context related information such as URLs and parameters
- 8490 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles anti cross site request forgery (CSRF) tokens
- 8493 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAuthentication
- 8542 [ZAP-daemon] INFO org.zaproxy.zap.extension.authentication.ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication]
- 8546 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Creates a dynamic SSL certificate to allow SSL communications to be intercepted without warnings being generated by the browser
- 8547 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Logs errors to the Output tab in development mode only
- 8547 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionUserManagement
- 8554 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Summarise and analyse FORM and URL parameters as well as cookies
- 8556 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Script integration
- 8587 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Scripting console, supports all JSR 223 scripting languages
- 8588 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionForcedUser
- 8589 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Extension handling HTTP sessions
- 8594 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Zest is a specialized scripting language from Mozilla specifically designed to be used in security tools
- 9515 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDiff
- 9518 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionRequestPostTableView
- 9518 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Simple browser configuration
- 9518 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSessionManagement
- 9522 [ZAP-daemon] INFO org.zaproxy.zap.extension.sessions.ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management]
- 9523 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelRequestFormTableView
- 9523 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Capture messages from WebSockets with the ability to set breakpoints.
- 9529 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to import a WSDL file containing operations which ZAP will access, adding them to the Sites tree.
- 9530 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Core UI related functionality.
- 9530 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAuthorization
- 9530 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing AJAX Spider, uses Crawljax
- 9532 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Add-on that adds a set of tools for testing access control in web applications.
- 9533 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles adding Global Excluded URLs
- 9533 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds menu item to refresh the Sites tree
- 9533 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds support for configurable keyboard shortcuts for all of the ZAP menus.
- 9533 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OWASP ZAP User Guide
- 9533 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to configure which extensions are loaded when ZAP starts
- 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelComponentonentAll
- 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelHexView
- 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelImageView
- 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelLargeRequestView
- 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelLargeResponseView
- 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelRequestQueryCookieTableView
- 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelSyntaxHighlightTextView
- 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active and passive rule configuration
- 9537 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Statistics
- 9538 [ZAP-daemon] INFO org.zaproxy.zap.extension.stats.ExtensionStats - Start recording in memory stats
- 9540 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Context alert rules filter
- 9541 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules
- 9542 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules - beta
- 9542 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Translations of the core language files
- 9542 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.
- 9544 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz HTTP messages.
- 9544 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The ZAP Getting Started Guide
- 9545 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The Online menu links
- 9545 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules
- 9545 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules - beta
- 9545 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start panel
- 9546 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSaveRawHttpMessage
- 9546 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.
- 9547 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Tips and Tricks
- 9547 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz WebSocket messages.
- 9569 [Thread-6] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL - Creating new root CA certificate
- 10172 [ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap - ZAP is now listening on 127.0.0.1:2375
- 11928 [ZAP-ProxyThread-2] INFO org.zaproxy.zap.extension.httpsessions.ExtensionHttpSessions - Added new session token for site 'demo.testfire.net:80': ASP.NET_SessionId
- 14606 [Thread-9] INFO org.zaproxy.zap.extension.spider.SpiderThread - Starting spidering scan on SpiderApi-0 at Sun Sep 25 02:31:49 UTC 2016
- 14630 [Thread-9] INFO org.zaproxy.zap.spider.Spider - Spider initializing...
- 14710 [Thread-9] INFO org.zaproxy.zap.spider.Spider - Starting spider...
- 26496 [pool-1-thread-1] INFO org.zaproxy.zap.spider.Spider - Spidering process is complete. Shutting down...
- 26502 [Thread-10] INFO org.zaproxy.zap.extension.spider.SpiderThread - Spider scanning complete: true
- 33200 [Thread-6] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL - New root CA certificate created
- 35218 [ZAP-ProxyThread-9] INFO org.parosproxy.paros.core.scanner.Scanner - scanner started
- 36038 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - Scanning 23 node(s) from http://demo.testfire.net
- 36040 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | TestPathTraversal strength MEDIUM threshold MEDIUM
- 58791 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | TestPathTraversal in 22.75s
- 58792 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | TestRemoteFileInclude strength MEDIUM threshold MEDIUM
- 67694 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | TestRemoteFileInclude in 8.902s
- 67699 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | TestServerSideInclude strength MEDIUM threshold MEDIUM
- 74085 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | TestServerSideInclude in 6.389s
- 74086 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | TestCrossSiteScriptV2 strength MEDIUM threshold MEDIUM
- 77965 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | TestCrossSiteScriptV2 in 3.879s
- 77966 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | TestSQLInjection strength MEDIUM threshold MEDIUM
- 96542 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | TestSQLInjection in 18.576s
- 96543 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | CodeInjectionPlugin strength MEDIUM threshold MEDIUM
- 104138 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | CodeInjectionPlugin in 7.594s
- 104140 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | CommandInjectionPlugin strength MEDIUM threshold MEDIUM
- 127522 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | CommandInjectionPlugin in 23.383s
- 127523 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | TestDirectoryBrowsing strength MEDIUM threshold MEDIUM
- 129810 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | TestDirectoryBrowsing in 2.287s
- 129811 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | TestExternalRedirect strength MEDIUM threshold MEDIUM
- 137444 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | TestExternalRedirect in 7.633s
- 137445 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | BufferOverflow strength MEDIUM threshold MEDIUM
- 140028 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | BufferOverflow in 2.582s
- 140028 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | FormatString strength MEDIUM threshold MEDIUM
- 143582 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | FormatString in 3.554s
- 143582 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | TestInjectionCRLF strength MEDIUM threshold MEDIUM
- 148764 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | TestInjectionCRLF in 5.182s
- 148765 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | TestParameterTamper strength MEDIUM threshold MEDIUM
- 153699 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | TestParameterTamper in 4.934s
- 153700 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | TestPersistentXSSPrime strength MEDIUM threshold MEDIUM
- 156175 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | TestPersistentXSSPrime in 2.474s
- 156176 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | TestPersistentXSSSpider strength MEDIUM threshold MEDIUM
- 158905 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | TestPersistentXSSSpider in 2.729s
- 158905 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | TestPersistentXSSAttack strength MEDIUM threshold MEDIUM
- 159741 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | TestPersistentXSSAttack in 0.836s
- 159741 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | ScriptsActiveScanner strength MEDIUM threshold MEDIUM
- 159745 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - skipped plugin [no scripts enabled] http://demo.testfire.net | ScriptsActiveScanner in 0.003s
- 159745 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | SourceCodeDisclosureSVN strength MEDIUM threshold MEDIUM
- 161630 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | SourceCodeDisclosureSVN in 1.884s
- 161630 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | SourceCodeDisclosureWEBINF strength MEDIUM threshold MEDIUM
- 161632 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | ShellShockScanner strength MEDIUM threshold MEDIUM
- 162041 [ZAP-ActiveScanner-0] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | SourceCodeDisclosureWEBINF in 0.411s
- 164806 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | ShellShockScanner in 3.173s
- 164807 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | Csrftokenscan strength MEDIUM threshold MEDIUM
- 166595 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | Csrftokenscan in 1.788s
- 166596 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | HeartBleedActiveScanner strength MEDIUM threshold MEDIUM
- 166603 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | CrossDomainScanner strength MEDIUM threshold MEDIUM
- 166609 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | SourceCodeDisclosureCVE20121823 strength MEDIUM threshold MEDIUM
- 166900 [ZAP-ActiveScanner-1] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | CrossDomainScanner in 0.297s
- 182093 [ZAP-ActiveScanner-0] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | HeartBleedActiveScanner in 15.497s
- 182094 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | SourceCodeDisclosureCVE20121823 in 15.486s
- 182094 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | RemoteCodeExecutionCVE20121823 strength MEDIUM threshold MEDIUM
- 185815 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | RemoteCodeExecutionCVE20121823 in 3.721s
- 185816 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | SessionFixation strength MEDIUM threshold MEDIUM
- 186036 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | SessionFixation in 0.22s
- 186036 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | SQLInjectionMySQL strength MEDIUM threshold MEDIUM
- 194039 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | SQLInjectionMySQL in 8.003s
- 194041 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | SQLInjectionHypersonic strength MEDIUM threshold MEDIUM
- 199804 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | SQLInjectionHypersonic in 5.763s
- 199805 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | SQLInjectionOracle strength MEDIUM threshold MEDIUM
- 206859 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | SQLInjectionOracle in 7.052s
- 206866 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | SQLInjectionPostgresql strength MEDIUM threshold MEDIUM
- 213925 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | SQLInjectionPostgresql in 7.062s
- 213926 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | XpathInjectionPlugin strength MEDIUM threshold MEDIUM
- 216836 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | XpathInjectionPlugin in 2.909s
- 216836 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | XXEPlugin strength MEDIUM threshold MEDIUM
- 216864 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | XXEPlugin in 0.028s
- 216864 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | PaddingOraclePlugin strength MEDIUM threshold MEDIUM
- 217495 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | PaddingOraclePlugin in 0.631s
- 217495 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | ExpressionLanguageInjectionPlugin strength MEDIUM threshold MEDIUM
- 218973 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | ExpressionLanguageInjectionPlugin in 1.477s
- 218973 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | BackupFileDisclosure strength MEDIUM threshold MEDIUM
- 245490 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | BackupFileDisclosure in 26.516s
- 245491 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | IntegerOverflow strength MEDIUM threshold MEDIUM
- 250937 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | IntegerOverflow in 5.447s
- 250938 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | InsecureHTTPMethod strength MEDIUM threshold MEDIUM
- 253736 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | InsecureHTTPMethod in 2.798s
- 253737 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | HPP strength MEDIUM threshold MEDIUM
- 256230 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | HPP in 2.494s
- 256231 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | UsernameEnumeration strength MEDIUM threshold MEDIUM
- 256234 [Thread-12] INFO org.zaproxy.zap.extension.ascanrulesBeta.UsernameEnumeration - There does not appear to be any configured contexts using Form-based Authentication. Further attempts during the current scan will be skipped.
- 256236 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - skipped plugin http://demo.testfire.net | UsernameEnumeration in 0.005s
- 256236 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | SOAPActionSpoofingActiveScanner strength MEDIUM threshold MEDIUM
- 256299 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | SOAPActionSpoofingActiveScanner in 0.063s
- 256299 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://demo.testfire.net | SOAPXMLInjectionActiveScanner strength MEDIUM threshold MEDIUM
- 257328 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://demo.testfire.net | SOAPXMLInjectionActiveScanner in 1.029s
- 257329 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host http://demo.testfire.net in 222.032s
- 257331 [Thread-11] INFO org.parosproxy.paros.core.scanner.Scanner - scanner completed in 222.111s
- 854d1d01ba7313432519e9d173db6b6bf5a5d7768582190df0524239f8715977
- Finished: SUCCESS
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement