Deepak dubey
Reputation: 1
When I am running zap in local it runs complete scan without any issues while when I run zap installed on an ec2 instance it fails with an error
Zap can be accessed publicly on ec2 instance using IP and PORT.
The error I received:
Proxy error: HTTPConnectionPool(host='10.102.0.156', port=8080): Max retries exceeded with url: http://zap/JSON/ascan/view/status/?scanId=0 (Caused by ProxyError('Unable to connect to proxy', NewConnectionError('<urllib3.connection.HTTPConnection object at 0x0000028E18540940>: Failed to establish a new connection: [WinError 10061] No connection could be made because the target machine actively refused it')))
from zapv2 import ZAPv2
import time
import requests
# ZAP API configuration
api_key = # ZAP API Key
zap_ip =
zap_port = '8080'
# Initialize the ZAP API client
zap = ZAPv2(apikey=api_key, proxies={
'http': f'http://{zap_ip}:{zap_port}',
'https': f'http://{zap_ip}:{zap_port}'
})
# JWT token
jwt_token = 'Bearer ' # Replace with your actual JWT token
# Swagger URL for the OpenAPI definition
swagger_url = 'https://inspired-mock-backend.sapidblue.in/v2/api-docs?group=Post Login Resource'
base_url = 'https://inspired-mock-backend.sapidblue.in/'
# Start a new session
zap.core.new_session(name='new_session', overwrite=True)
# Set custom headers for authentication (JWT)
zap.replacer.add_rule(description="Add JWT Authorization Header",
enabled=True,
matchtype="REQ_HEADER",
matchregex=False,
matchstring="Authorization",
replacement=jwt_token)
try:
# Import the OpenAPI definition
zap.openapi.import_url(swagger_url)
print("Swagger definition imported successfully.")
# Start an active scan on the base URL
scan_id = zap.ascan.scan(base_url)
print(f'Started Active Scan with ID: {scan_id}')
# Monitor scan progress
status = 0
while int(zap.ascan.status(scan_id)) < 100:
print(f'Scan progress: {zap.ascan.status(scan_id)}%')
time.sleep(10)
# Generate and save the HTML report
html_report = zap.core.htmlreport()
with open('zap_report.html', 'w') as report_file:
report_file.write(html_report)
print('HTML report saved as zap_report.html')
except requests.exceptions.ProxyError as e:
print(f"Proxy error: {e}")
except requests.exceptions.ConnectionError as e:
print(f"Connection error: {e}")
except Exception as e:
print(f"An error occurred: {e}")
Upvotes: 0
Views: 56
Answers (0)
Related Questions
- OWASP ZAP can not test API
- Is it allowed to specify the same authentication method several times in OpenAPI?
- Authentication not happening through ZAP API Scan docker image
- ZAP active scan works in desktop but fails in docker image with url_not_in_context error
- 404 Not Found error when creating a new template using Python Docusign Templates API
- RandomForestClassifier .fit fails with Memory Error on ec2 but runs without error locally