Reputation: 629
Install & Run OWASP ZAP via Ubuntu command line
I'm using a shell script to install & run ZAP on an Ubuntu image.
sudo apt update
sudo apt install default-jre -y
sudo apt install snapd -y
sudo snap install zaproxy --classic
cd /snap/zaproxy/current
java -jar ./zap-2.11.1.jar -cmd -quickurl https://www.website.com/ -quickprogress -quickout ~/report.xml
The Spider works fine, but a little while after the Active Scan starts, it throws the following error:
java.io.EOFException
at java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2353)
at java.io.ObjectInputStream$BlockDataInputStream.readShort(ObjectInputStream.java:2822)
at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:804)
at java.io.ObjectInputStream.<init>(ObjectInputStream.java:301)
at hudson.remoting.ObjectInputStreamEx.<init>(ObjectInputStreamEx.java:49)
at hudson.remoting.Command.readFrom(Command.java:142)
at hudson.remoting.Command.readFrom(Command.java:128)
at hudson.remoting.AbstractSynchronousByteArrayCommandTransport.read(AbstractSynchronousByteArrayCommandTransport.java:35)
at hudson.remoting.SynchronousCommandTransport$ReaderThread.run(SynchronousCommandTransport.java:61)
Caused: java.io.IOException: Unexpected termination of the channel
at hudson.remoting.SynchronousCommandTransport$ReaderThread.run(SynchronousCommandTransport.java:75)
Caused: java.io.IOException: Backing channel 'jenkins-zap-t6s4nu' is disconnected.
I saw in another question that java.io.EOFException happens when you try to read an empty file. The shell script works fine when it's running on a PC or VM, so I'm thinking maybe there's a hidden dependency that isn't installed by default on the barebones Ubuntu image.
Is there a portion of this shell script that's missing or incorrect?
Upvotes: 1
Views: 14925
Answers (4)
Reputation: 2488
There are official releases from Zap's team themselves, check: https://software.opensuse.org/download.html?project=home%3Acabelo&package=owasp-zap
Upvotes: 1
Reputation: 27486
Run the below commands to install owasp zap
echo 'deb http://download.opensuse.org/repositories/home:/cabelo/xUbuntu_22.10/ /' | sudo tee /etc/apt/sources.list.d/home:cabelo.list
curl -fsSL https://download.opensuse.org/repositories/home:cabelo/xUbuntu_22.10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_cabelo.gpg > /dev/null
sudo apt update
sudo apt install owasp-zap
Upvotes: 2
Reputation: 629
It turns out that the problem was with our server, not with ZAP! We had a rogue Jenkins controller that believed it needed to kill all agents it had not started.
If someone else runs into this problem in the future, definitely try running server diagnostics.
Upvotes: 1
Related Questions
- How to login and scan with OWASP Zap
- OWASP/ZAP dangling when trying to scan
- Run a active scan from OWASP ZAP through Ubuntu command line using Open API Definition
- How to run ZAP scan in command line?
- INFO org.zaproxy.addon.network.ExtensionNetwork - ZAP is now listening on 0.0.0.0:8090
- OWASP Zap Plug-In Development
- Using OWASP ZAP (and tools of the same purpose) on AWS EC2
- How to working Owasp ZAP on web interface
- SOAP exception while using ZAP
- Getting error in python code for automate owsap zap for the application