Guest User

Untitled

a guest
Sep 28th, 2016
274
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Started by upstream project "docker-zap" build number 37
  2. originally caused by:
  3.  Started by user Stephen Donner
  4. Building in workspace /var/lib/jenkins/workspace/docker-zap/default
  5.  > git rev-parse --is-inside-work-tree # timeout=10
  6. Fetching changes from the remote Git repository
  7.  > git config remote.origin.url https://github.com/stephendonner/docker-zap.git # timeout=10
  8. Fetching upstream changes from https://github.com/stephendonner/docker-zap.git
  9.  > git --version # timeout=10
  10.  > git fetch --tags --progress https://github.com/stephendonner/docker-zap.git +refs/heads/*:refs/remotes/origin/*
  11. Checking out Revision c0a7ce4e47f61a7a1ea0a9a81b0511fbffa4993a (refs/remotes/origin/master)
  12.  > git config core.sparsecheckout # timeout=10
  13.  > git checkout -f c0a7ce4e47f61a7a1ea0a9a81b0511fbffa4993a
  14.  > git rev-list c0a7ce4e47f61a7a1ea0a9a81b0511fbffa4993a # timeout=10
  15. [default] $ /usr/bin/env bash /tmp/hudson5573309737489043794.sh
  16. http://demo.testfire.net/
  17. [INFO]            ZAP is running
  18. [INFO]            Accessing URL http://demo.testfire.net/
  19. [INFO]            Running spider...
  20. [INFO]            Running an active scan...
  21. [INFO]            Issues found: 21
  22. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  23. | Alert                            | Risk   |   CWE ID | URL                                                                                                              |
  24. +==================================+========+==========+==================================================================================================================+
  25. | Cross Site Scripting (Reflected) | High   |       79 | http://demo.testfire.net/bank/login.aspx                                                                         |
  26. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  27. | Cross Site Scripting (Reflected) | High   |       79 | http://demo.testfire.net/search.aspx?txtSearch=%3C%2Fspan%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Cspan%3E |
  28. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  29. | Cross Site Scripting (Reflected) | High   |       79 | http://demo.testfire.net/comment.aspx                                                                            |
  30. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  31. | Cross Site Scripting (Reflected) | High   |       79 | http://demo.testfire.net/notfound.aspx?aspxerrorpath=%3C%2Fb%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Cb%3E |
  32. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  33. | SQL Injection                    | High   |       89 | http://demo.testfire.net/bank/login.aspx                                                                         |
  34. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  35. | SQL Injection                    | High   |       89 | http://demo.testfire.net/bank/login.aspx                                                                         |
  36. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  37. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/                                                                                        |
  38. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  39. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/default.aspx                                                                            |
  40. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  41. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/bank/login.aspx                                                                         |
  42. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  43. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/bank/login.aspx                                                                         |
  44. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  45. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/bank/login.aspx                                                                         |
  46. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  47. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/bank/login.aspx                                                                         |
  48. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  49. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/feedback.aspx                                                                           |
  50. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  51. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/default.aspx?content=jobs/20061027.htm                                                  |
  52. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  53. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/feedback.aspx                                                                           |
  54. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  55. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/survey_questions.aspx                                                                   |
  56. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  57. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/search.aspx?txtSearch=ZAP                                                               |
  58. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  59. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/comment.aspx                                                                            |
  60. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  61. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/high_yield_investments.htm                                                              |
  62. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  63. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/survey_questions.aspx?step=a                                                            |
  64. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  65. | Anti CSRF Tokens Scanner         | High   |      352 | http://demo.testfire.net/notfound.aspx?aspxerrorpath=/Privacypolicy.aspx                                         |
  66. +----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
  67. n==============================================================================ZAP-daemon log output follows==============================================================================nFound Java version 1.8.0_45-internal
  68. Available memory: 1839 MB
  69. Setting jvm heap size: -Xmx512m
  70. 656 [main] INFO org.zaproxy.zap.DaemonBootstrap  - OWASP ZAP D-2016-09-05 started.
  71. 763 [main] INFO org.parosproxy.paros.common.AbstractParam  - Setting config view.mode = attack was null
  72. 770 [main] INFO org.parosproxy.paros.common.AbstractParam  - Setting config api.disablekey = true was null
  73. 771 [main] INFO org.parosproxy.paros.common.AbstractParam  - Setting config scanner.attackOnStart = true was null
  74. 787 [main] INFO org.parosproxy.paros.network.SSLConnector  - Reading supported SSL/TLS protocols...
  75. 787 [main] INFO org.parosproxy.paros.network.SSLConnector  - Using a SSLEngine...
  76. 1259 [main] INFO org.parosproxy.paros.network.SSLConnector  - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
  77. 1275 [main] INFO org.parosproxy.paros.extension.option.OptionsParamCertificate  - Unsafe SSL renegotiation disabled.
  78. 2544 [main] INFO hsqldb.db..ENGINE  - open start - state not modified
  79. 2778 [main] INFO hsqldb.db..ENGINE  - dataFileCache open start
  80. 2801 [main] INFO hsqldb.db..ENGINE  - dataFileCache open end
  81. 2983 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory  - Loading extensions
  82. 7383 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory  - Extensions loaded
  83. 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Change user agent to other browsers.
  84. 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Detect insecure or potentially malicious content in HTTP responses.
  85. 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Detect and alert 'Set-cookie' attempt in HTTP response for modification.
  86. 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Avoid browser cache (strip off IfModifiedSince)
  87. 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Log cookies sent by browser.
  88. 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Log unique GET queries into file:filter/get.xls
  89. 8039 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Log unique POST queries into file:  filter/post.xls
  90. 8040 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Log request and response into file: filter/message.txt
  91. 8040 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Replace HTTP request body using defined pattern.
  92. 8040 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Replace HTTP request header using defined pattern.
  93. 8040 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Replace HTTP response body using defined pattern.
  94. 8040 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Replace HTTP response header using defined pattern.
  95. 8040 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory  - loaded filter Send ZAP session request ID
  96. Sep 25, 2016 2:31:43 AM java.util.prefs.FileSystemPreferences$1 run
  97. INFO: Created user preferences directory.
  98. 8241 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows ZAP to check for updates
  99. 8247 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionViewOption
  100. 8247 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionEdit
  101. 8247 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionFilter
  102. 8247 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Provides a rest based API for controlling and accessing ZAP
  103. 8316 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionState
  104. 8316 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionReport
  105. 8316 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHistory
  106. 8319 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Show hidden fields and enable disabled fields
  107. 8322 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Search messages for strings and regular expressions
  108. 8323 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Encode/Decode/Hash...
  109. 8323 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to intercept and modify requests and responses
  110. 8323 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Passive scanner
  111. 8454 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Script Passive Scan Rules
  112. 8455 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Stats Passive Scan Rule
  113. 8455 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Application Error Disclosure
  114. 8455 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Incomplete or No Cache-control and Pragma HTTP Header Set
  115. 8455 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Content-Type Header Missing
  116. 8456 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cookie No HttpOnly Flag
  117. 8456 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cookie Without Secure Flag
  118. 8456 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion
  119. 8456 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Web Browser XSS Protection Not Enabled
  120. 8456 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Secure Pages Include Mixed Content
  121. 8456 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Password Autocomplete in Browser
  122. 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Private IP Disclosure
  123. 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Session ID in URL Rewrite
  124. 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-Content-Type-Options Header Missing
  125. 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-Frame-Options Header Scanner
  126. 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Charset Mismatch
  127. 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Loosely Scoped Cookie
  128. 8457 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Absence of Anti-CSRF Tokens
  129. 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Information Disclosure - Debug Error Messages
  130. 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Information Disclosure - Sensitive Informations in URL
  131. 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header
  132. 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Information Disclosure - Suspicious Comments
  133. 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Weak Authentication Method
  134. 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Insecure JSF ViewState
  135. 8458 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: HTTP Parameter Override
  136. 8459 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Viewstate Scanner
  137. 8459 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: WSDL File Passive Scanner
  138. 8475 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to view and manage alerts
  139. 8475 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Active scanner, heavily based on the original Paros active scanner, but with additional tests added
  140. 8481 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionSequence
  141. 8481 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Spider used for automatically finding URIs on a site
  142. 8487 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing A set of common popup menus for miscellaneous tasks
  143. 8488 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Forced browsing of files and directories using code from the OWASP DirBuster tool
  144. 8489 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Simple but effective port scanner
  145. 8489 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionManualRequest
  146. 8489 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Compares 2 sessions and generates an HTML file showing the differences
  147. 8490 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Invoke external applications passing context related information such as URLs and parameters
  148. 8490 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Handles anti cross site request forgery (CSRF) tokens
  149. 8493 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionAuthentication
  150. 8542 [ZAP-daemon] INFO org.zaproxy.zap.extension.authentication.ExtensionAuthentication  - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication]
  151. 8546 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Creates a dynamic SSL certificate to allow SSL communications to be intercepted without warnings being generated by the browser
  152. 8547 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Logs errors to the Output tab in development mode only
  153. 8547 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionUserManagement
  154. 8554 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Summarise and analyse FORM and URL parameters as well as cookies
  155. 8556 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Script integration
  156. 8587 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Scripting console, supports all JSR 223 scripting languages
  157. 8588 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionForcedUser
  158. 8589 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Extension handling HTTP sessions
  159. 8594 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Zest is a specialized scripting language from Mozilla specifically designed to be used in security tools
  160. 9515 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionDiff
  161. 9518 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionRequestPostTableView
  162. 9518 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Simple browser configuration
  163. 9518 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionSessionManagement
  164. 9522 [ZAP-daemon] INFO org.zaproxy.zap.extension.sessions.ExtensionSessionManagement  - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management]
  165. 9523 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelRequestFormTableView
  166. 9523 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Capture messages from WebSockets with the ability to set breakpoints.
  167. 9529 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to import a WSDL file containing operations which ZAP will access, adding them to the Sites tree.
  168. 9530 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Core UI related functionality.
  169. 9530 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionAuthorization
  170. 9530 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing AJAX Spider, uses Crawljax
  171. 9532 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Add-on that adds a set of tools for testing access control in web applications.
  172. 9533 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Handles adding Global Excluded URLs
  173. 9533 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Adds menu item to refresh the Sites tree
  174. 9533 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Adds support for configurable keyboard shortcuts for all of the ZAP menus.
  175. 9533 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing OWASP ZAP User Guide
  176. 9533 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to configure which extensions are loaded when ZAP starts
  177. 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelComponentonentAll
  178. 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelHexView
  179. 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelImageView
  180. 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelLargeRequestView
  181. 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelLargeResponseView
  182. 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelRequestQueryCookieTableView
  183. 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHttpPanelSyntaxHighlightTextView
  184. 9534 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Active and passive rule configuration
  185. 9537 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Statistics
  186. 9538 [ZAP-daemon] INFO org.zaproxy.zap.extension.stats.ExtensionStats  - Start recording in memory stats
  187. 9540 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Context alert rules filter
  188. 9541 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Active Scan Rules
  189. 9542 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Active Scan Rules - beta
  190. 9542 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Translations of the core language files
  191. 9542 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.
  192. 9544 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows to fuzz HTTP messages.
  193. 9544 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing The ZAP Getting Started Guide
  194. 9545 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing The Online menu links
  195. 9545 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Passive Scan Rules
  196. 9545 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Passive Scan Rules - beta
  197. 9545 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Quick Start panel
  198. 9546 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionSaveRawHttpMessage
  199. 9546 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.
  200. 9547 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Tips and Tricks
  201. 9547 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows to fuzz WebSocket messages.
  202. 9569 [Thread-6] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL  - Creating new root CA certificate
  203. 10172 [ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap  - ZAP is now listening on 127.0.0.1:2375
  204. 11928 [ZAP-ProxyThread-2] INFO org.zaproxy.zap.extension.httpsessions.ExtensionHttpSessions  - Added new session token for site 'demo.testfire.net:80': ASP.NET_SessionId
  205. 14606 [Thread-9] INFO org.zaproxy.zap.extension.spider.SpiderThread  - Starting spidering scan on SpiderApi-0 at Sun Sep 25 02:31:49 UTC 2016
  206. 14630 [Thread-9] INFO org.zaproxy.zap.spider.Spider  - Spider initializing...
  207. 14710 [Thread-9] INFO org.zaproxy.zap.spider.Spider  - Starting spider...
  208. 26496 [pool-1-thread-1] INFO org.zaproxy.zap.spider.Spider  - Spidering process is complete. Shutting down...
  209. 26502 [Thread-10] INFO org.zaproxy.zap.extension.spider.SpiderThread  - Spider scanning complete: true
  210. 33200 [Thread-6] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL  - New root CA certificate created
  211. 35218 [ZAP-ProxyThread-9] INFO org.parosproxy.paros.core.scanner.Scanner  - scanner started
  212. 36038 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - Scanning 23 node(s) from http://demo.testfire.net
  213. 36040 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestPathTraversal strength MEDIUM threshold MEDIUM
  214. 58791 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestPathTraversal in 22.75s
  215. 58792 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestRemoteFileInclude strength MEDIUM threshold MEDIUM
  216. 67694 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestRemoteFileInclude in 8.902s
  217. 67699 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestServerSideInclude strength MEDIUM threshold MEDIUM
  218. 74085 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestServerSideInclude in 6.389s
  219. 74086 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestCrossSiteScriptV2 strength MEDIUM threshold MEDIUM
  220. 77965 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestCrossSiteScriptV2 in 3.879s
  221. 77966 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestSQLInjection strength MEDIUM threshold MEDIUM
  222. 96542 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestSQLInjection in 18.576s
  223. 96543 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | CodeInjectionPlugin strength MEDIUM threshold MEDIUM
  224. 104138 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | CodeInjectionPlugin in 7.594s
  225. 104140 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | CommandInjectionPlugin strength MEDIUM threshold MEDIUM
  226. 127522 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | CommandInjectionPlugin in 23.383s
  227. 127523 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestDirectoryBrowsing strength MEDIUM threshold MEDIUM
  228. 129810 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestDirectoryBrowsing in 2.287s
  229. 129811 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestExternalRedirect strength MEDIUM threshold MEDIUM
  230. 137444 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestExternalRedirect in 7.633s
  231. 137445 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | BufferOverflow strength MEDIUM threshold MEDIUM
  232. 140028 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | BufferOverflow in 2.582s
  233. 140028 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | FormatString strength MEDIUM threshold MEDIUM
  234. 143582 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | FormatString in 3.554s
  235. 143582 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestInjectionCRLF strength MEDIUM threshold MEDIUM
  236. 148764 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestInjectionCRLF in 5.182s
  237. 148765 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestParameterTamper strength MEDIUM threshold MEDIUM
  238. 153699 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestParameterTamper in 4.934s
  239. 153700 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestPersistentXSSPrime strength MEDIUM threshold MEDIUM
  240. 156175 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestPersistentXSSPrime in 2.474s
  241. 156176 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestPersistentXSSSpider strength MEDIUM threshold MEDIUM
  242. 158905 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestPersistentXSSSpider in 2.729s
  243. 158905 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | TestPersistentXSSAttack strength MEDIUM threshold MEDIUM
  244. 159741 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | TestPersistentXSSAttack in 0.836s
  245. 159741 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | ScriptsActiveScanner strength MEDIUM threshold MEDIUM
  246. 159745 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - skipped plugin [no scripts enabled] http://demo.testfire.net | ScriptsActiveScanner in 0.003s
  247. 159745 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | SourceCodeDisclosureSVN strength MEDIUM threshold MEDIUM
  248. 161630 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | SourceCodeDisclosureSVN in 1.884s
  249. 161630 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | SourceCodeDisclosureWEBINF strength MEDIUM threshold MEDIUM
  250. 161632 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | ShellShockScanner strength MEDIUM threshold MEDIUM
  251. 162041 [ZAP-ActiveScanner-0] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | SourceCodeDisclosureWEBINF in 0.411s
  252. 164806 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | ShellShockScanner in 3.173s
  253. 164807 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | Csrftokenscan strength MEDIUM threshold MEDIUM
  254. 166595 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | Csrftokenscan in 1.788s
  255. 166596 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | HeartBleedActiveScanner strength MEDIUM threshold MEDIUM
  256. 166603 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | CrossDomainScanner strength MEDIUM threshold MEDIUM
  257. 166609 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | SourceCodeDisclosureCVE20121823 strength MEDIUM threshold MEDIUM
  258. 166900 [ZAP-ActiveScanner-1] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | CrossDomainScanner in 0.297s
  259. 182093 [ZAP-ActiveScanner-0] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | HeartBleedActiveScanner in 15.497s
  260. 182094 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | SourceCodeDisclosureCVE20121823 in 15.486s
  261. 182094 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | RemoteCodeExecutionCVE20121823 strength MEDIUM threshold MEDIUM
  262. 185815 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | RemoteCodeExecutionCVE20121823 in 3.721s
  263. 185816 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | SessionFixation strength MEDIUM threshold MEDIUM
  264. 186036 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | SessionFixation in 0.22s
  265. 186036 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | SQLInjectionMySQL strength MEDIUM threshold MEDIUM
  266. 194039 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | SQLInjectionMySQL in 8.003s
  267. 194041 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | SQLInjectionHypersonic strength MEDIUM threshold MEDIUM
  268. 199804 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | SQLInjectionHypersonic in 5.763s
  269. 199805 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | SQLInjectionOracle strength MEDIUM threshold MEDIUM
  270. 206859 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | SQLInjectionOracle in 7.052s
  271. 206866 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | SQLInjectionPostgresql strength MEDIUM threshold MEDIUM
  272. 213925 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | SQLInjectionPostgresql in 7.062s
  273. 213926 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | XpathInjectionPlugin strength MEDIUM threshold MEDIUM
  274. 216836 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | XpathInjectionPlugin in 2.909s
  275. 216836 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | XXEPlugin strength MEDIUM threshold MEDIUM
  276. 216864 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | XXEPlugin in 0.028s
  277. 216864 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | PaddingOraclePlugin strength MEDIUM threshold MEDIUM
  278. 217495 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | PaddingOraclePlugin in 0.631s
  279. 217495 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | ExpressionLanguageInjectionPlugin strength MEDIUM threshold MEDIUM
  280. 218973 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | ExpressionLanguageInjectionPlugin in 1.477s
  281. 218973 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | BackupFileDisclosure strength MEDIUM threshold MEDIUM
  282. 245490 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | BackupFileDisclosure in 26.516s
  283. 245491 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | IntegerOverflow strength MEDIUM threshold MEDIUM
  284. 250937 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | IntegerOverflow in 5.447s
  285. 250938 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | InsecureHTTPMethod strength MEDIUM threshold MEDIUM
  286. 253736 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | InsecureHTTPMethod in 2.798s
  287. 253737 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | HPP strength MEDIUM threshold MEDIUM
  288. 256230 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | HPP in 2.494s
  289. 256231 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | UsernameEnumeration strength MEDIUM threshold MEDIUM
  290. 256234 [Thread-12] INFO org.zaproxy.zap.extension.ascanrulesBeta.UsernameEnumeration  - There does not appear to be any configured contexts using Form-based Authentication. Further attempts during the current scan will be skipped.
  291. 256236 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - skipped plugin http://demo.testfire.net | UsernameEnumeration in 0.005s
  292. 256236 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | SOAPActionSpoofingActiveScanner strength MEDIUM threshold MEDIUM
  293. 256299 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | SOAPActionSpoofingActiveScanner in 0.063s
  294. 256299 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - start host http://demo.testfire.net | SOAPXMLInjectionActiveScanner strength MEDIUM threshold MEDIUM
  295. 257328 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host/plugin http://demo.testfire.net | SOAPXMLInjectionActiveScanner in 1.029s
  296. 257329 [Thread-12] INFO org.parosproxy.paros.core.scanner.HostProcess  - completed host http://demo.testfire.net in 222.032s
  297. 257331 [Thread-11] INFO org.parosproxy.paros.core.scanner.Scanner  - scanner completed in 222.111s
  298. 854d1d01ba7313432519e9d173db6b6bf5a5d7768582190df0524239f8715977
  299. Finished: SUCCESS
RAW Paste Data