Started by user anonymous [CustomTools] - ZAP_2.4.0: Starting installation [CustomTools] - ZAP_2.4.0: Tool is installed at /var/jenkins_home/tools/com.cloudbees.jenkins.plugins.customtools.CustomTool/ZAP_2.4.0/ZAP_2.4.0 [CustomTools] - ZAP_2.4.0: Setting ZAP_2.4.0_HOME=/var/jenkins_home/tools/com.cloudbees.jenkins.plugins.customtools.CustomTool/ZAP_2.4.0/ZAP_2.4.0 Building in workspace /var/jenkins_home/jobs/test_zap_selenium/workspace ------- START Prebuild ------- zapProgram = /var/jenkins_home/tools/com.cloudbees.jenkins.plugins.customtools.CustomTool/ZAP_2.4.0/ZAP_2.4.0 targetURL = http://192.168.59.103:35001 zapProxyHost = localhost zapProxyPort = 9080 Start ZAProxy [/var/jenkins_home/tools/com.cloudbees.jenkins.plugins.customtools.CustomTool/ZAP_2.4.0/ZAP_2.4.0/zap.sh] [ZAP_2.4.0] $ /var/jenkins_home/tools/com.cloudbees.jenkins.plugins.customtools.CustomTool/ZAP_2.4.0/ZAP_2.4.0/zap.sh -daemon -host localhost -port 9080 -dir /var/jenkins_home/tools/com.cloudbees.jenkins.plugins.customtools.CustomTool/ZAP_2.4.0/ZAP_2.4.0 Found Java version 1.8.0_45-internal Available memory: 2001 MB Setting jvm heap size: -Xmx512m OpenJDK 64-Bit Server VM warning: ignoring option PermSize=256M; support was removed in 8.0 0 [main] INFO org.zaproxy.zap.ZAP - OWASP ZAP 2.4.0 started. 335 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open start 345 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open end 558 [main] INFO org.parosproxy.paros.network.SSLConnector - Reading supported SSL/TLS protocols... 558 [main] INFO org.parosproxy.paros.network.SSLConnector - Using a SSLEngine... 689 [main] INFO org.parosproxy.paros.network.SSLConnector - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2] 695 [main] INFO org.parosproxy.paros.extension.option.OptionsParamCertificate - Unsafe SSL renegotiation disabled. 948 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Loading extensions 1898 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Extensions loaded 2025 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Change user agent to other browsers. 2025 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Detect insecure or potentially malicious content in HTTP responses. 2025 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Detect and alert 'Set-cookie' attempt in HTTP response for modification. 2025 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Avoid browser cache (strip off IfModifiedSince) 2025 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log cookies sent by browser. 2025 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log unique GET queries into file:filter/get.xls 2026 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log unique POST queries into file: filter/post.xls 2026 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log request and response into file: filter/message.txt 2026 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP request body using defined pattern. 2026 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP request header using defined pattern. 2026 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP response body using defined pattern. 2026 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP response header using defined pattern. 2026 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Send ZAP session request ID 2119 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionViewOption 2120 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionEdit 2120 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionFilter 2120 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides a rest based API for controlling and accessing ZAP 2146 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionState 2146 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHistory 2148 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Show hidden fields and enable disabled fields 2149 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Search messages for strings and regular expressions 2149 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Encode/Decode/Hash... 2149 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to intercept and modify requests and responses 2150 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive scanner 2187 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Script passive scan rules 2188 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure 2188 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Incomplete or No Cache-control and Pragma HTTP Header Set 2188 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing 2188 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag 2188 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag 2189 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion 2189 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Web Browser XSS Protection Not Enabled 2189 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content 2189 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Password Autocomplete in Browser 2189 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure 2189 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite 2189 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing 2189 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Frame-Options Header Not Set 2206 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to view and manage alerts 2206 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active scanner, heavily based on the original Paros active scanner, but with additional tests added 2211 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider used for automatically finding URIs on a site 2216 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing A set of common popup menus for miscellaneous tasks 2216 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced browsing of files and directories using code from the OWASP DirBuster tool Xlib: extension "RANDR" missing on display ":99". 2530 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionManualRequest 2530 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows ZAP to check for updates 2531 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Compares 2 sessions and generates an HTML file showing the differences 2531 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Invoke external applications passing context related information such as URLs and parameters 2531 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles anti cross site request forgery (CSRF) tokens 2532 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAuthentication 2921 [ZAP-daemon] INFO org.zaproxy.zap.extension.authentication.ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication] 2923 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Creates a dynamic SSL certificate to allow SSL communications to be intercepted without warnings being generated by the browser 2924 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Logs errors to the Output tab in development mode only 2924 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionUserManagement 2925 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Summarise and analyse FORM and URL parameters as well as cookies 2925 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Script integration 2927 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Scripting console, supports all JSR 223 scripting languages 2927 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionForcedUser 2939 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Extension handling HTTP sessions 2940 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Zest is a specialized scripting language from Mozilla specifically designed to be used in security tools 3282 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDiff 3282 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionRequestPostTableView 3282 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Simple browser configuration 3283 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSessionManagement 3378 [ZAP-daemon] INFO org.zaproxy.zap.extension.sessions.ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, Http Authentication Session Management] 3379 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelRequestFormTableView 3379 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Capture messages from WebSockets with the ability to set breakpoints. 3384 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Summarise and analyse FORM and URL parameters as well as cookies 3384 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAuthorization 3384 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing AJAX Spider, uses Crawljax 3386 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles adding Global Excluded URLs 3387 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds menu item to refresh the Sites tree 3387 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds support for configurable keyboard shortcuts for all of the ZAP menus. 3387 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OWASP ZAP User guide 3387 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionReport 3388 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to configure which extensions are loaded when ZAP starts 3388 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelComponentonentAll 3388 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelHexView 3388 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelImageView 3388 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelLargeRequestView 3388 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelLargeResponseView 3388 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelRequestQueryCookieTableView 3388 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelSyntaxHighlightTextView 3388 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The Online menu links 3389 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start panel 3389 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSaveRawHttpMessage 3389 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules 3389 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Translations of the core language files 3389 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Tips and Tricks 3390 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser. 3390 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules 3390 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The ZAP Getting Started Guide 3390 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations. 3391 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz HTTP messages. 3392 [Thread-5] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL - Creating new root CA ------- END Prebuild ------- java -jar /usr/lib/selenium/selenium-server.jar -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=9080 -htmlSuite *firefox http://192.168.59.103:35001 /var/jenkins_home/jobs/test_zap_selenium/workspace/set_suite.html /var/jenkins_home/jobs/test_zap_selenium/workspace/testresult.html [workspace] $ java -jar /usr/lib/selenium/selenium-server.jar -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=9080 -htmlSuite *firefox http://192.168.59.103:35001 /var/jenkins_home/jobs/test_zap_selenium/workspace/set_suite.html /var/jenkins_home/jobs/test_zap_selenium/workspace/testresult.html 08:21:49.532 INFO - Launching a standalone Selenium Server Setting system property http.proxyHost to 127.0.0.1 Setting system property http.proxyPort to 9080 08:21:49.572 INFO - Java: Oracle Corporation 25.45-b02 08:21:49.572 INFO - OS: Linux 4.0.5-boot2docker amd64 08:21:49.583 INFO - v2.46.0, with Core v2.46.0. Built from revision 87c69e2 08:21:49.643 INFO - Driver provider org.openqa.selenium.ie.InternetExplorerDriver registration is skipped: registration capabilities Capabilities [{ensureCleanSession=true, browserName=internet explorer, version=, platform=WINDOWS}] does not match the current platform LINUX 08:21:49.643 INFO - Driver class not found: com.opera.core.systems.OperaDriver 08:21:49.643 INFO - Driver provider com.opera.core.systems.OperaDriver is not registered 08:23:35.897 WARN - Caution: '/usr/bin/firefox': file is a script file, not a real executable. The browser environment is no longer fully under RC control jar:file:/usr/lib/selenium/selenium-server-standalone-2.46.0.jar!/customProfileDirCUSTFFCHROME 08:23:36.000 INFO - Preparing Firefox profile... 08:23:37.008 INFO - Launching Firefox... 114340 [ZAP-ProxyThread-3] INFO org.zaproxy.zap.extension.httpsessions.ExtensionHttpSessions - Added new session token for site '192.168.59.103:35001': PHPSESSID 114342 [ZAP-ProxyThread-3] INFO org.zaproxy.zap.extension.httpsessions.HttpSessionsSite - Created a new session as no match was found: HttpSession [name=Session 0, active=false, tokenValues=''] 08:23:39.743 INFO - Received posted results sel_test.html sel_test 08:23:40.012 INFO - Killing Firefox... 08:23:40.073 INFO - Shutting down... Perform ZAProxy Skip loadSession Spider the site [http://192.168.59.103:35001] 115799 [Thread-19] INFO org.zaproxy.zap.extension.spider.SpiderThread - Starting spidering scan on SpiderApi-0 at Tue Jul 07 08:23:40 UTC 2015 115800 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Spider initializing... Status spider = 0% Alerts number = ApiResponseElement numberOfAlerts = 0 115828 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Starting spider... 115830 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001 115833 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/robots.txt 115837 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/sitemap.xml 115842 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/login.php 115849 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/robots.txt 115849 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/sitemap.xml 115849 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/dvwa 115851 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/robots.txt 115851 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/sitemap.xml 115851 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/dvwa/css 115851 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/robots.txt 115851 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/sitemap.xml 115851 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/dvwa/css/login.css 115860 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/robots.txt 115860 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/sitemap.xml 115860 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/dvwa/css/main.css 115861 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/robots.txt 115862 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/sitemap.xml 115862 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/dvwa/images 115863 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/robots.txt 115863 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/sitemap.xml 115863 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/dvwa/js 115864 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/robots.txt 115864 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/sitemap.xml 115864 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/dvwa/js/dvwaPage.js 115864 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/robots.txt 115864 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/sitemap.xml 115864 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/login.php 115864 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/robots.txt 115864 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/sitemap.xml 115864 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/index.php 115872 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/robots.txt 115873 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/sitemap.xml 115873 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/vulnerabilities 115876 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/robots.txt 115876 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/sitemap.xml 115876 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/vulnerabilities/sqli/ 115876 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/robots.txt 115876 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/sitemap.xml 115876 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/vulnerabilities/sqli/?id=1+OR+1%3D1+--&Submit=Submit 115877 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/robots.txt 115877 [Thread-19] INFO org.zaproxy.zap.spider.Spider - Adding seed for spider: http://192.168.59.103:35001/sitemap.xml 116229 [pool-1-thread-2] INFO org.zaproxy.zap.spider.Spider - Spidering process is complete. Shutting down... 116230 [Thread-20] INFO org.zaproxy.zap.extension.spider.SpiderThread - Spider scanning complete: true Scan the site [http://192.168.59.103:35001] Scan url [http://192.168.59.103:35001] with the following policy [Default policy] 116851 [ZAP-ProxyThread-12] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Path Traversal 116852 [ZAP-ProxyThread-12] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Remote File Inclusion 116852 [ZAP-ProxyThread-12] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Server Side Include 116852 [ZAP-ProxyThread-12] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Cross Site Scripting (Reflected) 116852 [ZAP-ProxyThread-12] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Cross Site Scripting (Persistent) 116852 [ZAP-ProxyThread-12] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin SQL Injection 116852 [ZAP-ProxyThread-12] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Server Side Code Injection 116853 [ZAP-ProxyThread-12] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Remote OS Command Injection 116853 [ZAP-ProxyThread-12] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Directory Browsing 116853 [ZAP-ProxyThread-12] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin External Redirect 116853 [ZAP-ProxyThread-12] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin CRLF Injection 116853 [ZAP-ProxyThread-12] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Parameter Tampering 116853 [ZAP-ProxyThread-12] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Cross Site Scripting (Persistent) - Prime 116853 [ZAP-ProxyThread-12] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Cross Site Scripting (Persistent) - Spider 116853 [ZAP-ProxyThread-12] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Script active scan rules 116855 [ZAP-ProxyThread-12] INFO org.parosproxy.paros.core.scanner.Scanner - scanner started 116859 [Thread-21] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Path Traversal 116861 [Thread-21] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Remote File Inclusion 116862 [Thread-21] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Server Side Include 116862 [Thread-21] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Cross Site Scripting (Reflected) 116862 [Thread-21] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Cross Site Scripting (Persistent) 116862 [Thread-21] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin SQL Injection 116863 [Thread-21] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Server Side Code Injection 116863 [Thread-21] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Remote OS Command Injection 116868 [Thread-21] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Directory Browsing 116868 [Thread-21] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin External Redirect 116869 [Thread-21] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin CRLF Injection 116870 [Thread-21] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Parameter Tampering 116870 [Thread-21] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Cross Site Scripting (Persistent) - Prime 116870 [Thread-21] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Cross Site Scripting (Persistent) - Spider 116870 [Thread-21] INFO org.parosproxy.paros.core.scanner.PluginFactory - loaded plugin Script active scan rules Status scan = 0% Alerts number = ApiResponseElement numberOfAlerts = 0 Messages number = ApiResponseElement numberOfMessages = 109 116925 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://192.168.59.103:35001 | TestPathTraversal strength INSANE threshold HIGH Status scan = 0% Alerts number = ApiResponseElement numberOfAlerts = 410 Messages number = ApiResponseElement numberOfMessages = 1618 Status scan = 0% Alerts number = ApiResponseElement numberOfAlerts = 410 Messages number = ApiResponseElement numberOfMessages = 3171 128100 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://192.168.59.103:35001 | TestPathTraversal in 11.175s 128101 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://192.168.59.103:35001 | TestRemoteFileInclude strength INSANE threshold HIGH 131246 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://192.168.59.103:35001 | TestRemoteFileInclude in 3.145s 131246 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://192.168.59.103:35001 | TestServerSideInclude strength INSANE threshold HIGH Status scan = 13% Alerts number = ApiResponseElement numberOfAlerts = 410 Messages number = ApiResponseElement numberOfMessages = 3804 133979 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://192.168.59.103:35001 | TestServerSideInclude in 2.733s 133980 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://192.168.59.103:35001 | TestCrossSiteScriptV2 strength INSANE threshold HIGH 135849 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://192.168.59.103:35001 | TestCrossSiteScriptV2 in 1.869s 135849 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://192.168.59.103:35001 | TestSQLInjection strength INSANE threshold HIGH Status scan = 26% Alerts number = ApiResponseElement numberOfAlerts = 410 Messages number = ApiResponseElement numberOfMessages = 4115 139199 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://192.168.59.103:35001 | TestSQLInjection in 3.35s 139199 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://192.168.59.103:35001 | CodeInjectionPlugin strength INSANE threshold HIGH 141101 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://192.168.59.103:35001 | CodeInjectionPlugin in 1.902s 141101 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://192.168.59.103:35001 | CommandInjectionPlugin strength INSANE threshold HIGH Status scan = 40% Alerts number = ApiResponseElement numberOfAlerts = 410 Messages number = ApiResponseElement numberOfMessages = 4708 144620 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://192.168.59.103:35001 | CommandInjectionPlugin in 3.519s 144620 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://192.168.59.103:35001 | TestDirectoryBrowsing strength INSANE threshold HIGH Status scan = 46% Alerts number = ApiResponseElement numberOfAlerts = 417 Messages number = ApiResponseElement numberOfMessages = 4964 149968 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://192.168.59.103:35001 | TestDirectoryBrowsing in 5.348s 149968 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://192.168.59.103:35001 | TestExternalRedirect strength INSANE threshold HIGH 152325 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://192.168.59.103:35001 | TestExternalRedirect in 2.357s 152325 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://192.168.59.103:35001 | TestInjectionCRLF strength INSANE threshold HIGH Status scan = 60% Alerts number = ApiResponseElement numberOfAlerts = 417 Messages number = ApiResponseElement numberOfMessages = 5177 154033 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://192.168.59.103:35001 | TestInjectionCRLF in 1.707s 154033 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://192.168.59.103:35001 | TestParameterTamper strength INSANE threshold HIGH 156152 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://192.168.59.103:35001 | TestParameterTamper in 2.119s 156153 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://192.168.59.103:35001 | TestPersistentXSSPrime strength INSANE threshold HIGH 158040 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://192.168.59.103:35001 | TestPersistentXSSPrime in 1.887s 158041 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://192.168.59.103:35001 | TestPersistentXSSSpider strength INSANE threshold HIGH Status scan = 80% Alerts number = ApiResponseElement numberOfAlerts = 417 Messages number = ApiResponseElement numberOfMessages = 5304 163309 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://192.168.59.103:35001 | TestPersistentXSSSpider in 5.268s 163309 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://192.168.59.103:35001 | TestPersistentXSSAttack strength INSANE threshold HIGH Status scan = 86% Alerts number = ApiResponseElement numberOfAlerts = 417 164547 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://192.168.59.103:35001 | TestPersistentXSSAttack in 1.238s 164547 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - start host http://192.168.59.103:35001 | ScriptsActiveScanner strength INSANE threshold HIGH Messages number = ApiResponseElement numberOfMessages = 5345 165811 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin http://192.168.59.103:35001 | ScriptsActiveScanner in 1.263s 165812 [Thread-22] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host http://192.168.59.103:35001 in 48.938s 165814 [Thread-21] INFO org.parosproxy.paros.core.scanner.Scanner - scanner completed in 48.958s File [/var/jenkins_home/jobs/test_zap_selenium/workspace/report_zap.html] saved Save session to [/var/jenkins_home/jobs/test_zap_selenium/workspace/DefaultSession] 170029 [ZAP-ProxyThread-55] INFO org.parosproxy.paros.control.Control - Save Session 170029 [ZAP-ProxyThread-55] INFO org.parosproxy.paros.core.scanner.Scanner - scanner stopped 170038 [Thread-833] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit start 170087 [Thread-833] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - Database closed 170254 [Thread-833] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open start 170256 [Thread-833] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open end Total alerts = ApiResponseElement numberOfAlerts = 417 Total messages = ApiResponseElement numberOfMessages = 5345 Shutdown ZAProxy Finished: SUCCESS