ZAP - HackMD

# python背景執行目前問題是，儘管將程式碼放在背景執行，只要使用者關掉Shell或登出，這個背景執行就會強制被中斷。為了解決這個問題，可以在指令添加nohup，其名稱為no hang up的縮寫，意即使用者離線或登出後，程式依然能夠持續執行。我們將指令改寫如下： ``` sudo nohup python3 -u scan.py > my_log.txt & ``` 查看程式運作情形 ``` ps aux ``` ``` ps aux | grep python ``` 刪除python program ``` sudo kill <pid> ``` 有時候程式當掉時，這樣的方式如果沒辦法停止程式的執行，可以試試看 ``` sudo kill -9 <pid> ``` # ZAP docker To run it with no ‘file’ params use: ``` docker run -t owasp/zap2docker-stable zap-baseline.py -t https://www.example.com ``` If you use ‘file’ params then you need to mount the directory those file are in or will be generated in, eg ``` docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-stable zap-baseline.py \ -t https://www.example.com -g gen.conf -r testreport.html ``` Note that $(pwd) is only supported on Linux and MacOS - on Windows you will need to replace this with the full current working directory. ## Usage ``` Usage: zap-baseline.py -t <target> [options] -t target target URL including the protocol, eg https://www.example.com Options: -h print this help message -c config_file config file to use to INFO, IGNORE or FAIL warnings -u config_url URL of config file to use to INFO, IGNORE or FAIL warnings -g gen_file generate default config file (all rules set to WARN) -m mins the number of minutes to spider for (default 1) -r report_html file to write the full ZAP HTML report -w report_md file to write the full ZAP Wiki (Markdown) report -x report_xml file to write the full ZAP XML report -J report_json file to write the full ZAP JSON document -a include the alpha passive scan rules as well -d show debug messages -P specify listen port -D secs delay in seconds to wait for passive scanning -i default rules not in the config file to INFO -I do not return failure on warning -j use the Ajax spider in addition to the traditional one -l level minimum level to show: PASS, IGNORE, INFO, WARN or FAIL, use with -s to hide example URLs -n context_file context file which will be loaded prior to spidering the target -p progress_file progress file which specifies issues that are being addressed -s short output format - dont show PASSes or example URLs -T mins max time in minutes to wait for ZAP to start and the passive scan to run -U user username to use for authenticated scans - must be defined in the given context file (post 2.9.0) -z zap_options ZAP command line options e.g. -z "-config aaa=bbb -config ccc=ddd" --hook path to python file that define your custom hooks --auto use the automation framework if supported for the given parameters (this will become the default soon) --autooff do not use the automation framework even if supported for the given parameters ```