-
Notifications
You must be signed in to change notification settings - Fork 1
/
boman_zap_auth_plan.yaml
134 lines (134 loc) · 2.7 KB
/
boman_zap_auth_plan.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
env:
contexts:
- name: boman_generated_context
urls:
- https://demo.testfire.net
authentication:
method: form
parameters:
loginPageUrl: https://demo.testfire.net/login.jsp
loginRequestUrl: https://demo.testfire.net/doLogin
loginRequestBody: uid={%username%}&passw={%password%}&btnSubmit=Login
verification:
method: both
loggedOutRegex: \QSign In\E
loggedInRegex: \QSign Off\E
users:
- name: Boman
credentials:
username: admin
password: admin
includePaths: []
excludePaths: []
technology:
exclude:
- C
- ASP
- IBM DB2
- PHP
- CouchDB
- XML
- Microsoft SQL Server
- JSP/Servlet
- Firebird
- MongoDB
- HypersonicSQL
- SAP MaxDB
- Ruby
- SCM
- WS
- Microsoft Access
- Sybase
- Python
parameters:
failOnError: true
failOnWarning: false
progressToStdout: true
vars: {}
jobs:
- parameters:
scanOnlyInScope: true
enableTags: false
disableAllRules: false
rules: []
name: passiveScan-config
type: passiveScan-config
- parameters:
context: boman_generated_context
user: Boman
url: https://demo.testfire.net
maxDuration: 1
maxDepth: 2
maxChildren: 0
name: spider
type: spider
tests:
- onFail: INFO
statistic: automation.spider.urls.added
site: ''
operator: '>='
value: 100
name: At least 100 URLs found
type: stats
- name: spider logged in
type: stats
statistic: stats.auth.success
operator: '>='
value: 2
onFail: info
- name: spider failed
type: stats
statistic: stats.auth.failure
operator: '>='
value: 2
onFail: info
- parameters: {}
name: passiveScan-wait
type: passiveScan-wait
- parameters:
context: boman_generated_context
user: Boman
policy: ''
maxRuleDurationInMins: 0
maxScanDurationInMins: 5
maxAlertsPerRule: 0
policyDefinition:
defaultStrength: medium
defaultThreshold: medium
rules: []
tests:
- name: spider logged in
type: stats
statistic: stats.auth.success
operator: '>='
value: 2
onFail: info
- name: spider failed
type: stats
statistic: stats.auth.failure
operator: '>='
value: 2
onFail: info
name: activeScan
type: activeScan
- parameters:
template: traditional-json
reportDir: /zap/wrk
reportFile: boman_zap_auth_report.json
reportTitle: Boman_Scanning_Report
reportDescription: ''
displayReport: false
risks:
- info
- low
- medium
- high
confidences:
- falsepositive
- low
- medium
- high
- confirmed
sites: []
name: report
type: report