Skip to content

Update ZAP, ZAP-Advanced, Nikto, and Screenshooter cascading rules to support non-standard HTTP(S) ports#922

Merged
malexmave merged 5 commits into
mainfrom
fix/zap-cascading-scan-protocols
Jan 10, 2022
Merged

Update ZAP, ZAP-Advanced, Nikto, and Screenshooter cascading rules to support non-standard HTTP(S) ports#922
malexmave merged 5 commits into
mainfrom
fix/zap-cascading-scan-protocols

Conversation

@malexmave

@malexmave malexmave commented Jan 10, 2022
edited
Loading

Copy link
Copy Markdown
Member

Analogous to #920, this commit splits the cascading rule for ZAP, ZAP-advanced, and Screenshooter into two: one for HTTP and one for HTTPS. This allows it to cover HTTP(S) services on nonstandard ports. This also requires adding the port as an extra parameter, which is also done in this change. Nikto already supported this, but now also matches on alternative HTTP ports that are called "http-*"

Also updates the integration test to work with the current version of ZAP plugins (started failing without any changes on our end).

Checklist

  • Test your changes as thoroughly as possible before you commit them. Preferably, automate your test by unit/integration tests.
  • Make sure npm test runs for the whole project.
  • Make codeclimate checks happy

@malexmave
Split ZAP cascadingrule into two rules
fab0023 
Analogous to #920, this commit splits the cascading rule for ZAP into
two: one for HTTP and one for HTTPS. This allows it to cover HTTP(S)
services on nonstandard ports. This also requires adding the port as
an extra parameter.

Signed-off-by: Max Maass <max.maass@iteratec.com>
@malexmave
Update test cases to pass with current ZAP plugins
fd9fa92 
Signed-off-by: Max Maass <max.maass@iteratec.com>
@malexmave malexmave added enhancement New feature or request scanner Implement or update a security scanner labels Jan 10, 2022
@malexmave malexmave requested a review from J12934 January 10, 2022 15:35
@malexmave malexmave self-assigned this Jan 10, 2022
@malexmave malexmave changed the title Update ZAP cascading rule to support non-standard http(s) ports Update ZAP and ZAP-Advanced cascading rules to support non-standard HTTP(S) ports Jan 10, 2022
@malexmave
Split cascading rule for ZAP-advanced as well
83eda93 
Signed-off-by: Max Maass <max.maass@iteratec.com>
@malexmave
Split cascading rules for screenshooter
9931202 
Signed-off-by: Max Maass <max.maass@iteratec.com>
@malexmave
Support alternative HTTP(s) ports for nikto
3c3d873 
Signed-off-by: Max Maass <max.maass@iteratec.com>
@malexmave malexmave changed the title Update ZAP and ZAP-Advanced cascading rules to support non-standard HTTP(S) ports Update ZAP, ZAP-Advanced, Nikto, and Screenshooter cascading rules to support non-standard HTTP(S) ports Jan 10, 2022
@malexmave malexmave merged commit cd884e5 into main Jan 10, 2022
@malexmave malexmave deleted the fix/zap-cascading-scan-protocols branch January 10, 2022 16:07
This was referenced Jan 6, 2023
Merged
Merged
@rfelber rfelber mentioned this pull request Jan 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@J12934 J12934 J12934 approved these changes

Assignees

@malexmave malexmave

Labels

enhancement New feature or request scanner Implement or update a security scanner

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@malexmave @J12934