ZAP - Docker Automation Framework status/progress
Tiaguituh05 opened this issue · comments
Is your feature request related to a problem? Please describe.
I believe it would be beneficial to have a status and a progress log or display when running automation framework using docker with zap headless. In cases when scanning a very large application, active scan can take several hours, and all we get in the logs is:
Job spider found 753 URLs
Job spider test of type stats passed: At least 100 URLs found [753 >= 100]
Job spider finished, time taken: 00:03:33
Job spiderAjax started
Job spiderAjax found 145 URLs
Job spiderAjax test of type stats passed: At least 100 URLs found [145 >= 100]
Job spiderAjax finished, time taken: 00:14:38
Job passiveScan-wait started
Job passiveScan-wait finished, time taken: 00:00:00
Job activeScan started
Job activeScan set default strength to MEDIUM
Job activeScan set default threshold to MEDIUM
Having something showing a % of the progress, or even a estimate ETA , would be great.
Describe the solution you'd like
Having something showing a % of the progress, or even a estimate ETA , would be great.
Describe alternatives you've considered
N/A
Screenshots
No response
Additional context
No response
Would you like to help fix this issue?
- Yes
ETAs are notoriously unreliable, so I think the % would be better.
How about something like:
parameters:
infoOnProgress: 10
So that would output an info message like:
Job activeScan 10% complete
Job activeScan 20% complete
Job activeScan 30% complete
The value would be %s at which the info message was shown, so 2
would result in messages like:
Job activeScan 2% complete
Job activeScan 4% complete
Job activeScan 6% complete
That sounds great! Also another thing came to mind. Maybe also include a INFO log showing at which step / which type of attack the activescan currently is on, for example:
Job activeScan started
Job activeScan set default strength to MEDIUM
Job activeScan set default threshold to MEDIUM
Job activeScan, analyzer started
Job activeScan 0% complete
Job activeScan, analyzer completed
Job activeScan, CRLF Injection started
Job activeScan 10% complete
Job activeScan, CRLF Injection completed
Job activeScan 20% complete
Job activeScan, SQL Injection started
Job activeScan 30% complete
Job activeScan, SQL Injection completed
And so on.