How to run ZAP scan in command line? - owasp

I am running pen test on asp.net core web app using the tool OWASP ZAP. When I am running the test using the windows app of Owasp ZAP, the tests are running fine and giving results but when I am trying to run the tests using command line I am seeing this exception.
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x000001CCBD907D60>: Failed to establish a new connection: [WinError 10061] No connection could be made because the target machine actively refused it
Why is this happening and how to correct this?
I changed the ZAP_PATH environment variable to the folder where zap.sh is located. Now I am getting a different exception:
raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response

Following the documentation here and here I managed to run the basic scan from Windows command line.
From the directory where the ZAP is installed, in my case C:\Program Files\OWASP\Zed Attack Proxy run the following command:
PS C:\Program Files\OWASP\Zed Attack Proxy> java -jar zap-2.10.0.jar -cmd -quickurl http://example.com/ -quickprogress

You can use zap docker image run run the test
Baseline Scan
docker run -t owasp/zap2docker-stable zap-baseline.py -t http://google.com
Full Scan
docker run -t owasp/zap2docker-stable zap-full-scan.py -t http://google.com

Related

Run Docker through Xcode XCTestCase

I'm setting up tests for my Xcode Multiplatform App. To create a test environment I created a docker image that I want to run an XCTestCase against. I understand I'd have to make sure Docker is running before running the test. That said I'm having problems getting docker to build (run or kill).
I'm using a makefile to store the commands and planned to run the docker build and docker run commands in the setUpWithError while running the docker kill command in tearDownWithError. To run the commands I used Process to execute the shell commands. This works with ls but when I run the docker command I'm told docker: No such file or directory. Through ls I know I'm in the right location where the files exist. When switching to the terminal it works.
Is there something blocking docker from being run from my XCTestCase? If so is there anyway to get this to work or do I need to manually start docker and the docker container before running these tests?
Update
Got Docker running as it was a pathway issue. Rather than saying docker build... I now give it the entire path so /usr/local/bin/docker build.... New issue is that Xcode doesn't give me the permission to run this. I get:
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/create?name=remarkable": dial unix /var/run/docker.sock: connect: operation not permitted.
See 'docker run --help'.
Is there a way to allow me to run this in ONLY this XCTestCase?

Podman isn't working in Remote Containers in Windows?

Any hints on why Remote - Containers isn't working with podman on Windows?
Installed podman v4.2.0 on Windows 11 via .msi package
Set remote.containers.dockerPath to podman in VS Code Settings
Run podman machine init
Run podman machine start
Open Remote Explorer in VS Code and be presented with the following:
Everything is working with podman — pull, run, images, etc, but Remote - Containers on VSCode doesn't recognize podman.
After running Remote-Containers Developer: Show All Logs... in VS Code:
[2022-08-21T12:55:15.916Z] Start: Run: podman version --format {{.Server.APIVersion}}
[2022-08-21T12:55:16.080Z] Stop (164 ms): Run: podman version --format {{.Server.APIVersion}}
[2022-08-21T12:55:16.080Z] Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM
Error: unable to connect to Podman. failed to create sshClient: dial unix \\.\pipe\openssh-ssh-agent: connect: No connection could be made because the target machine actively refused it.
And podman system connection list in a terminal:
Name URI Identity Default
podman-machine-default ssh://user#localhost:62078/run/user/1000/podman/podman.sock C:\Users\Edmundo\.ssh\podman-machine-default true
podman-machine-default-root ssh://root#localhost:62078/run/podman/podman.sock C:\Users\Edmundo\.ssh\podman-machine-default false
Related Issues: #6957, #6747.
Please confirm you are running the latest build (prerelease)
v0.236.1.
(there are known issues on github with earlier release, fixed in this version)
in a WSL shell, i.e. for debugging try this
first - try to start podman podlib REST api (for socket, lifetime 5000 sec. - set to zero for "forever")
podman system service -t 5000 &
then symlink the podman.sock to the location vscode expects:
sudo ln -s /mnt/wslg/runtime-dir/podman/podman.sock /var/run/docker.sock
if none of that works, would you mind posting a dump:
podman info
HINT: check the podman info YAML output for host | remoteSocket | path & make sure it matches the path /mnt/wslg/runtime-dir/podman/podman.sock above.
The bug being tracked on GitHub. One step you should also do is enable Run in WSL in VS Code Development Container extension settings. Then it will run the podman commands in the podman-machine-default wsl instance.

Failed to parse remote port from server output: bash: no job control in this shell

I am trying to use VSCode - Insiders to run code on a docker container in a remote AWS machine using the Remote - SSH plugin. I have opened a terminal and set up port forwarding like so: ssh -L 2201:localhost:2222 user#host -N -i ~/.ssh/id_rsa. Then in VSCode I try to connect to root#localhost and it starts up, but then gives me an error message:
> Found existing installation...
> Found running server...
>
> bash: no job control in this shell
"install" terminal command done
Received install output: bash: no job control in this shell
Failed to parse remote port from server output: bash: no job control in this shell
I started doing this process a couple days ago and it worked. Yesterday it was in and out a bit, and today it's not working at all. I've tried turning it off and on again, but can't get it to work. In case it's relevant, I am on MacOS with the Mojave OS.
Edit:
Magically, it worked today (the following day) the first time. I would still be interested in knowing how to fix this next time it breaks. In case this helps, here's the output from when it is working:
SSH Resolver called for "ssh-remote+7b22686..."
SSH Resolver called for host: root#localhost
Setting up SSH remote "localhost"
Using commit id "473af338..." and quality "insider" for server
Using SSH config file "/Users/user/config"
Install and start server if needed
> Found existing installation...
> Found running server...
>
> bash: no job control in this shell
> 368805d0-03...==38466==
"install" terminal command done
Received install output: 368805d0-03...==38466==
Server is listening on port 38466
Using SSH config file "/Users/user/config"
Spawning tunnel with: ssh -F /Users/user/config root#localhost -N -L localhost:39003:localhost:38466
Spawned SSH tunnel between local port 39003 and remote port 38466
Waiting for ssh tunnel to be ready
Tunneling remote port 38466 to local port 39003
Resolving "ssh-remote+7b22686f737..." to "localhost:39003", attempt: 1
Edit 2: And now (the following following day) it's not working again.
Edit 3: I have a config file at ~/config. Here are the contents:
Host *
User root
Port 2201
IdentityFile ~/id_rsa
In the specific implementation shown above, you have User root in your config and are logging in with root#localhost, so you have your username twice. Leave the config file as is and just enter localhost in VSCode. This still doesn't solve the instability issue, but it does fix one problem.
I have the same issue when configuring my server. It solved by this issue. After save your config file for remote server, change the remote shell path like this issue, and then connect, you will in.
https://github.com/microsoft/vscode-remote-release/issues/220#issuecomment-490374437

Docker dotnet run port not mapping, windows 10 host, linux container

I'm following a https://app.pluralsight.com/library/courses/docker-web-development/table-of-contents which uses the older microsoft/aspnetcore-build image but I'm running core 2.1 so I'm using microsoft/dotnet:2.1-sdk instead.
The command I'm running is:
docker run -it -p 8080:5001 -v ${pwd}:/app -w "/app"
microsoft/dotnet:2.1-sdk
and then once inside the TTY I do a dotnet run which gives me the following output:
Using launch settings from /app/Properties/launchSettings.json...
info:
Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0]
User profile is available. Using '/root/.aspnet/DataProtection-Keys'
as key repository; keys will not be encrypted at rest.
info:
Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[58]
Creating key {5445e854-c1d9-4261-82f4-0fc3a7543e0a} with creation date
2018-12-14 10:41:13Z, activation date 2018-12-14 10:41:13Z, and
expiration date 2019-03-14 10:41:13Z.
warn:
Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
No XML encryptor configured. Key
{5445e854-c1d9-4261-82f4-0fc3a7543e0a} may be persisted to storage in
unencrypted form.
info:
Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[39]
Writing data to file
'/root/.aspnet/DataProtection-Keys/key-5445e854-c1d9-4261-82f4-0fc3a7543e0a.xml'.
warn: Microsoft.AspNetCore.Server.Kestrel[0]
Unable to bind to https://localhost:5001 on the IPv6 loopback
interface: 'Cannot assign requested address'.
warn: Microsoft.AspNetCore.Server.Kestrel[0]
Unable to bind to http://localhost:5000 on the IPv6 loopback
interface: 'Cannot assign requested address'.
Hosting environment: Development
Content root path: /app
Now listening on: https://localhost:5001
Now listening on: http://localhost:5000
Application started. Press Ctrl+C to shut down.
Then, when I open browser on my host and navigate to http://localhost:8080 I get a "This page isn't working" "localhost didn't send any data" " ERR_EMPTY_RESPONSE"
I've tried a couple different port combinations too with the same result.
Can anyone spot where I went wrong? Or have any ideas / suggestions?
Not sure if this question still relevant for you, but I also encountered this issue and left my solution here for others. I used PowerShell with the next docker command (almost the same as your command, just used internal port 90 instead of 5000 and used --rm switch which will automatically remove the container when it exits):
docker run --rm -it -p 8080:90 -v ${pwd}:/app -w "/app" microsoft/dotnet /bin/bash
And after that, I got the interactive bash shell, and when typing dotnet run I got the same output as you and cannot reach my site in the container via localhost:8080.
I resolved it by using UseUrls method or --urls command-line argument. They (UseUrls method or --urls command-line argument) indicates the IP addresses or host addresses with ports and protocols that the server should listen on for requests. Below descriptions of solutions which worked for me:
Edit CreateWebHostBuildermethod in Program.cs like below:
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseUrls("http://+:90") //for your case you should use 5000 instead of 90
.UseStartup<Startup>();
You can specify several ports if needed using the next syntax .UseUrls("http://+:90;http://+:5000")
With this approach, you just typed dotnet run in bash shell and then your container will be reachable with localhost:8080.
But with the previous approach you alter the default behavior of your source code, which you can forget and then maybe should debug and fix in the future. So I prefer 2nd approach without changing the source code. After typing docker command and getting an interactive bash shell instead of just dotnet run type it with --urls argument like below (in your case use port 5000 instead of 90):
dotnet run --urls="http://+:90"
In the documentation there is also a 3rd approach where you can use ASPNETCORE_URLS environment variable, but this approach didn't work for me. I used the next command (with -e switch):
docker run --rm -it -p 8080:90 -v ${pwd}:/app -w "/app" -e "ASPNETCORE_URLS=http://+:90" microsoft/dotnet /bin/bash
If you type printenv in bash you will see that ASPNETCORE_URLS environment variable was passed to the container, but for some reason dotnet run is ignoring it.

No X11 DISPLAY variable was set, but this program performed an operation which requires error when launching jmeter on Centos

I have installed jmeter on a server but when i try to launch jmeter i get the following error error
No X11 DISPLAY variable was set, but this program performed an operation which requires it
Jmeter installed on CentOS along with java.
I tried export DISPLAY=:0 and this export DISPLAY=:0.0 but no luck
run SSH command with "-X" param (without commas)
sample:
ssh user#server -X <enter>