dast

Passed Started 4 years ago by
This job is archived. Only the complete pipeline can be retried.
1Running with gitlab-runner 12.9.0-rc1 (a350f628)
2  on docker-auto-scale 72989761
 3  Preparing the "docker+machine" executor  
  01:56
4Using Docker executor with image registry.gitlab.com/gitlab-org/security-products/dast:1 ...
5Pulling docker image registry.gitlab.com/gitlab-org/security-products/dast:1 ...
6Using docker image sha256:1a19b3e575dab553d2f3e7dc3be88c9482a94cc811f2bd48af0c181f626837f7 for registry.gitlab.com/gitlab-org/security-products/dast:1 ...
 7  Preparing environment  
  00:05
8Running on runner-72989761-project-4422333-concurrent-0 via runner-72989761-stg-srm-1584700269-e5322051...
 9  Getting source from Git repository  
  00:02
10Skipping Git repository setup
11Skipping Git checkout
12Skipping Git submodules setup
 13  Restoring cache  
  00:01
 14  Downloading artifacts  
  00:02
15Downloading artifacts for dast_environment_deploy (37117857)...
16Downloading artifacts from coordinator... ok        id=37117857 responseStatus=200 OK token=RugY5uic
 17  Running script from Job  
  00:49
18$ export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}
19$ /analyze -t $DAST_WEBSITE
202020-03-20 10:33:16,109 using Python 3.6.9 (default, Nov  7 2019, 10:44:02) [GCC 8.3.0]
212020-03-20 10:33:16,110 waiting for http://dast-4422333-dast-default.34.67.11.220.nip.io to be available
222020-03-20 10:33:16,110 requesting access to http://dast-4422333-dast-default.34.67.11.220.nip.io
232020-03-20 10:33:19,192 requesting access to http://dast-4422333-dast-default.34.67.11.220.nip.io
242020-03-20 10:33:22,268 requesting access to http://dast-4422333-dast-default.34.67.11.220.nip.io
252020-03-20 10:33:25,344 requesting access to http://dast-4422333-dast-default.34.67.11.220.nip.io
262020-03-20 10:33:28,421 requesting access to http://dast-4422333-dast-default.34.67.11.220.nip.io
272020-03-20 10:33:31,507 requesting access to http://dast-4422333-dast-default.34.67.11.220.nip.io
282020-03-20 10:33:34,730 requesting access to http://dast-4422333-dast-default.34.67.11.220.nip.io
292020-03-20 10:33:37,948 requesting access to http://dast-4422333-dast-default.34.67.11.220.nip.io
302020-03-20 10:33:41,168 requesting access to http://dast-4422333-dast-default.34.67.11.220.nip.io
312020-03-20 10:33:41,399 starting scan
322020-03-20 10:33:41,400 Script params: [('-t', 'http://dast-4422333-dast-default.34.67.11.220.nip.io'), ('-J', 'gl-dast-report.json'), ('-z', '-config selenium.firefoxDriver=/usr/bin/geckodriver -addonupdate')]
332020-03-20 10:33:41,401 Params: ['zap-x.sh', '-daemon', '-port', '46180', '-host', '0.0.0.0', '-config', 'api.disablekey=true', '-config', 'api.addrs.addr.name=.*', '-config', 'api.addrs.addr.regex=true', '-config', 'spider.maxDuration=1', '-config', 'selenium.firefoxDriver=/usr/bin/geckodriver', '-addonupdate']
34Mar 20, 2020 10:33:48 AM java.util.prefs.FileSystemPreferences$1 run
35INFO: Created user preferences directory.
36[zap.out] Found Java version 1.8.0_242
37[zap.out] Available memory: 3693 MB
38[zap.out] Using JVM args: -Xmx923m
39[zap.out] 623 [main] INFO org.zaproxy.zap.DaemonBootstrap  - OWASP ZAP D-2020-02-10 started 20/03/20 10:33:42 with home /root/.ZAP_D/
40[zap.out] 700 [main] INFO org.parosproxy.paros.common.AbstractParam  - Setting config api.disablekey = true was null
41[zap.out] 702 [main] INFO org.parosproxy.paros.common.AbstractParam  - Setting config api.addrs.addr.name = .* was null
42[zap.out] 703 [main] INFO org.parosproxy.paros.common.AbstractParam  - Setting config api.addrs.addr.regex = true was null
43[zap.out] 703 [main] INFO org.parosproxy.paros.common.AbstractParam  - Setting config spider.maxDuration = 1 was null
44[zap.out] 703 [main] INFO org.parosproxy.paros.common.AbstractParam  - Setting config selenium.firefoxDriver = /usr/bin/geckodriver was null
45[zap.out] 722 [main] INFO org.parosproxy.paros.network.SSLConnector  - Reading supported SSL/TLS protocols...
46[zap.out] 722 [main] INFO org.parosproxy.paros.network.SSLConnector  - Using a SSLEngine...
47[zap.out] 932 [main] INFO org.parosproxy.paros.network.SSLConnector  - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
48[zap.out] 942 [main] INFO org.parosproxy.paros.extension.option.OptionsParamCertificate  - Unsafe SSL renegotiation disabled.
49[zap.out] 1854 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE  - dataFileCache open start
50[zap.out] 1871 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE  - dataFileCache open end
51[zap.out] 2011 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory  - Loading extensions
52[zap.out] 5333 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory  - Installed add-ons: [[id=accessControl, version=6.0.0], [id=alertFilters, version=10.0.0], [id=ascanrules, version=34.0.0], [id=ascanrulesBeta, version=27.0.0], [id=bruteforce, version=9.0.0], [id=coreLang, version=14.0.0], [id=diff, version=10.0.0], [id=directorylistv1, version=4.0.0], [id=formhandler, version=3.0.0], [id=fuzz, version=12.0.0], [id=gettingStarted, version=11.0.0], [id=help, version=10.0.0], [id=hud, version=0.10.0], [id=importurls, version=7.0.0], [id=invoke, version=10.0.0], [id=onlineMenu, version=7.0.0], [id=openapi, version=15.0.0], [id=plugnhack, version=12.0.0], [id=portscan, version=9.0.0], [id=pscanrules, version=27.0.0], [id=pscanrulesBeta, version=21.0.0], [id=quickstart, version=28.0.0], [id=replacer, version=8.0.0], [id=reveal, version=3.0.0], [id=saverawmessage, version=5.0.0], [id=savexmlmessage, version=0.1.0], [id=scripts, version=26.0.0], [id=selenium, version=15.1.0], [id=sequence, version=6.0.0], [id=spiderAjax, version=23.1.0], [id=tips, version=7.0.0], [id=webdriverlinux, version=17.0.0], [id=webdrivermacos, version=16.0.0], [id=webdriverwindows, version=17.0.0], [id=websocket, version=21.0.0], [id=zest, version=32.0.0]]
53[zap.out] 6333 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory  - Extensions loaded
54[zap.out] 6651 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows ZAP to check for updates
55[zap.out] 6658 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Options Extension
56[zap.out] 6659 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Edit Menu Extension
57[zap.out] 6659 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Provides a rest based API for controlling and accessing ZAP
58[zap.out] 6676 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Session State Extension
59[zap.out] 6678 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Report Extension
60[zap.out] 6680 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing History Extension
61[zap.out] 6685 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Show hidden fields and enable disabled fields
62[zap.out] 6686 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Search messages for strings and regular expressions
63[zap.out] 6695 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Encode/Decode/Hash...
64[zap.out] 6696 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to intercept and modify requests and responses
65[zap.out] 6697 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Passive scanner
66[zap.out] 6862 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Script Passive Scan Rules
67[zap.out] 6865 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Stats Passive Scan Rule
68[zap.out] 6866 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Application Error Disclosure
69[zap.out] 6866 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Absence of Anti-CSRF Tokens
70[zap.out] 6867 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Incomplete or No Cache-control and Pragma HTTP Header Set
71[zap.out] 6867 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Charset Mismatch
72[zap.out] 6867 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: CSP Scanner
73[zap.out] 6867 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Content-Type Header Missing
74[zap.out] 6867 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cookie No HttpOnly Flag
75[zap.out] 6868 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Loosely Scoped Cookie
76[zap.out] 6870 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cookie Without SameSite Attribute
77[zap.out] 6870 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cookie Without Secure Flag
78[zap.out] 6870 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cross-Domain Misconfiguration
79[zap.out] 6870 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion
80[zap.out] 6870 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Information Disclosure - Debug Error Messages
81[zap.out] 6870 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Information Disclosure - Sensitive Information in URL
82[zap.out] 6870 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header
83[zap.out] 6871 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Information Disclosure - Suspicious Comments
84[zap.out] 6871 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Weak Authentication Method
85[zap.out] 6871 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Insecure JSF ViewState
86[zap.out] 6875 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Secure Pages Include Mixed Content
87[zap.out] 6876 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Private IP Disclosure
88[zap.out] 6876 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Session ID in URL Rewrite
89[zap.out] 6876 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Timestamp Disclosure
90[zap.out] 6876 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Username Hash Found
91[zap.out] 6877 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Viewstate Scanner
92[zap.out] 6878 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-AspNet-Version Response Header Scanner
93[zap.out] 6878 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-Content-Type-Options Header Missing
94[zap.out] 6878 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-Debug-Token Information Leak
95[zap.out] 6878 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-Frame-Options Header Scanner
96[zap.out] 6879 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
97[zap.out] 6879 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Big Redirect Detected (Potential Sensitive Information Leak)
98[zap.out] 6879 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Content Security Policy (CSP) Header Not Set
99[zap.out] 6879 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Directory Browsing
100[zap.out] 6879 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Hash Disclosure
101[zap.out] 6879 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Heartbleed OpenSSL Vulnerability (Indicative)
102[zap.out] 6880 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: HTTP to HTTPS Insecure Transition in Form Post
103[zap.out] 6880 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: HTTPS to HTTP Insecure Transition in Form Post
104[zap.out] 6880 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Reverse Tabnabbing
105[zap.out] 6880 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: PII Scanner
106[zap.out] 6880 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Retrieved from Cache
107[zap.out] 6880 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: HTTP Server Response Header Scanner
108[zap.out] 6880 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: HTTP Parameter Override
109[zap.out] 6880 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Strict-Transport-Security Header Scanner
110[zap.out] 6880 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: User Controllable Charset
111[zap.out] 6880 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cookie Poisoning
112[zap.out] 6881 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: User Controllable HTML Element Attribute (Potential XSS)
113[zap.out] 6881 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: User Controllable JavaScript Event (XSS)
114[zap.out] 6881 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Open Redirect
115[zap.out] 6881 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-Backend-Server Header Information Leak
116[zap.out] 6881 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-ChromeLogger-Data (XCOLD) Header Information Leak
117[zap.out] 6913 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to view and manage alerts
118[zap.out] 6917 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Active scanner, heavily based on the original Paros active scanner, but with additional tests added
119[zap.out] 6929 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionSequence
120[zap.out] 6931 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Spider used for automatically finding URIs on a site
121[zap.out] 6945 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing A set of common popup menus for miscellaneous tasks
122[zap.out] 6946 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Forced browsing of files and directories using code from the OWASP DirBuster tool
123[zap.out] 6947 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Simple but effective port scanner
124[zap.out] 6947 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Manual Request Editor Extension
125[zap.out] 6948 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Compares 2 sessions and generates an HTML file showing the differences
126[zap.out] 6948 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Invoke external applications passing context related information such as URLs and parameters
127[zap.out] 6948 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Handles anti cross site request forgery (CSRF) tokens
128[zap.out] 6961 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Authentication Extension
129[zap.out] 6998 [ZAP-daemon] INFO org.zaproxy.zap.extension.authentication.ExtensionAuthentication  - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication, JSON-based Authentication]
130[zap.out] 7000 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Creates a dynamic SSL certificate to allow SSL communications to be intercepted without warnings being generated by the browser
131[zap.out] 7001 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Logs errors to the Output tab in development mode only
132[zap.out] 7001 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Users Extension
133[zap.out] 7007 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Summarise and analyse FORM and URL parameters as well as cookies
134[zap.out] 7012 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Script integration
135[zap.out] 7050 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Scripting console, supports all JSR 223 scripting languages
136[zap.out] 7345 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Forced User Extension
137[zap.out] 7349 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Extension handling HTTP sessions
138[zap.out] 7351 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Zest is a specialized scripting language from Mozilla specifically designed to be used in security tools
139[zap.out] 7759 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionDiff
140[zap.out] 7763 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing HTTP Panel Post Table View Extension
141[zap.out] 7764 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Simple browser configuration
142[zap.out] 7764 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Session Management Extension
143[zap.out] 7778 [ZAP-daemon] INFO org.zaproxy.zap.extension.sessions.ExtensionSessionManagement  - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management, Script-based Session Management]
144[zap.out] 7779 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing HTTP Panel Form Table View Extension
145[zap.out] 7779 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Capture messages from WebSockets with the ability to set breakpoints.
146[zap.out] 7802 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to import a file containing URLs which ZAP will access, adding them to the Sites tree
147[zap.out] 7802 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Core UI related functionality.
148[zap.out] 7802 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Authorization Extension
149[zap.out] 7803 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing AJAX Spider, uses Crawljax
150[zap.out] 7804 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.
151[zap.out] 7818 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Manages the local proxy configurations
152[zap.out] 7823 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Add-on that adds a set of tools for testing access control in web applications.
153[zap.out] 7824 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Handles adding Global Excluded URLs
154[zap.out] 7824 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Adds menu item to refresh the Sites tree
155[zap.out] 7824 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing OWASP ZAP User Guide
156[zap.out] 7824 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Provides a URL suitable for calling from target sites
157[zap.out] 7827 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to configure which extensions are loaded when ZAP starts
158[zap.out] 7828 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Combined HTTP Panels Extension
159[zap.out] 7828 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing HTTP Panel Hex View Extension
160[zap.out] 7828 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing HTTP Panel Image View Extension
161[zap.out] 7829 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing HTTP Panel Large Request View Extension
162[zap.out] 7830 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing HTTP Panel Large Response View Extension
163[zap.out] 7831 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing HTTP Panel Query Table View Extension
164[zap.out] 7832 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing HTTP Panel Syntax Highlighter View Extension
165[zap.out] 7837 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Adds support for configurable keyboard shortcuts for all of the ZAP menus.
166[zap.out] 7837 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Active and passive rule configuration
167[zap.out] 7840 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Statistics
168[zap.out] 7843 [ZAP-daemon] INFO org.zaproxy.zap.extension.stats.ExtensionStats  - Start recording in memory stats
169[zap.out] 7847 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing This extension allows a user to change the default values used by ZAP Spiders.
170[zap.out] 7849 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Translations of the core language files
171[zap.out] 7849 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Passive Scan Rules
172[zap.out] 7849 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.
173[zap.out] 7856 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows to fuzz HTTP messages.
174[zap.out] 7856 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Tips and Tricks
175[zap.out] 7857 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Active Scan Rules - beta
176[zap.out] 7857 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to spider and import OpenAPI (Swagger) definitions 
177[zap.out] 7889 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionSaveRawHttpMessage
178[zap.out] 7889 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Context alert rules filter
179[zap.out] 7897 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows to fuzz WebSocket messages.
180[zap.out] 7898 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Active Scan Rules
181[zap.out] 7898 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing The ZAP Getting Started Guide
182[zap.out] 7899 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Easy way to replace strings in requests and responses
183[zap.out] 7904 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing The Online menu links
184[zap.out] 7905 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionSaveXMLHttpMessage
185[zap.out] 7905 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Adds the Quick Start panel for scanning and exploring applications
186[zap.out] 7910 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Add the option to use the Ajax Spider in the Quick Start scan
187[zap.out] 7911 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Launch browsers proxying through ZAP
188[zap.out] 7911 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Launch browsers proxying through ZAP
189[zap.out] 7911 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Heads Up Display
190[zap.out] 8100 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHUDlaunch
191[zap.out] 8109 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Passive Scan Rules - beta
192[zap.out] 8635 [ZAP-daemon] INFO org.zaproxy.zap.extension.callback.ExtensionCallback  - Started callback server on 0.0.0.0:39555
193[zap.out] 8635 [ZAP-daemon] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL  - Creating new root CA certificate
194[zap.out] 9615 [ZAP-daemon] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL  - New root CA certificate created
195[zap.out] 10630 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on update check complete
196[zap.out] 10631 [ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap  - ZAP is now listening on 0.0.0.0:46180
197[zap.out] 11307 [ZAP-ProxyThread-2] INFO org.parosproxy.paros.control.Control  - Discard Session
198[zap.out] 11347 [ZAP-ProxyThread-2] INFO org.parosproxy.paros.control.Control  - New Session
199[zap.out] 11349 [ZAP-ProxyThread-2] INFO org.parosproxy.paros.control.Control  - Create and Open Untitled Db
200[zap.out] 11388 [ZAP-ProxyThread-2] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE  - dataFileCache commit start
201[zap.out] 11409 [ZAP-ProxyThread-2] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE  - dataFileCache commit end
202[zap.out] 11416 [ZAP-ProxyThread-2] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE  - Database closed
203[zap.out] 11741 [ZAP-ProxyThread-2] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE  - dataFileCache open start
204[zap.out] 11754 [ZAP-ProxyThread-2] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE  - dataFileCache open end
205[zap.out] 15889 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.extension.spider.SpiderThread  - Starting spidering scan on Context: Target Context at Fri Mar 20 10:33:58 UTC 2020
206[zap.out] 15892 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.spider.Spider  - Spider initializing...
207[zap.out] 15923 [ZAP-SpiderInitThread-0] I2020-03-20 10:34:03,891 The following 4 URLs were scanned:
208GET http://dast-4422333-dast-default.34.67.11.220.nip.io/
209GET http://dast-4422333-dast-default.34.67.11.220.nip.io/robots.txt
210GET http://dast-4422333-dast-default.34.67.11.220.nip.io
211GET http://dast-4422333-dast-default.34.67.11.220.nip.io/sitemap.xml
212Total of 4 URLs
213PASS: Cookie No HttpOnly Flag [10010]
214PASS: Cookie Without Secure Flag [10011]
215PASS: Incomplete or No Cache-control and Pragma HTTP Header Set [10015]
216PASS: Cross-Domain JavaScript Source File Inclusion [10017]
217PASS: Content-Type Header Missing [10019]
218PASS: X-Frame-Options Header Scanner [10020]
219PASS: X-Content-Type-Options Header Missing [10021]
220PASS: Information Disclosure - Debug Error Messages [10023]
221PASS: Information Disclosure - Sensitive Information in URL [10024]
222PASS: Information Disclosure - Sensitive Information in HTTP Referrer Header [10025]
223PASS: HTTP Parameter Override [10026]
224PASS: Information Disclosure - Suspicious Comments [10027]
225PASS: Open Redirect [10028]
226PASS: Cookie Poisoning [10029]
227PASS: User Controllable Charset [10030]
228PASS: User Controllable HTML Element Attribute (Potential XSS) [10031]
229PASS: Viewstate Scanner [10032]
230PASS: Directory Browsing [10033]
231PASS: Heartbleed OpenSSL Vulnerability (Indicative) [10034]
232PASS: Strict-Transport-Security Header Scanner [10035]
233PASS: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) [10037]
234PASS: Content Security Policy (CSP) Header Not Set [10038]
235PASS: X-Backend-Server Header Information Leak [10039]
236PASS: Secure Pages Include Mixed Content [10040]
237PASS: HTTP to HTTPS Insecure Transition in Form Post [10041]
238PASS: HTTPS to HTTP Insecure Transition in Form Post [10042]
239PASS: User Controllable JavaScript Event (XSS) [10043]
240PASS: Big Redirect Detected (Potential Sensitive Information Leak) [10044]
241PASS: Retrieved from Cache [10050]
242PASS: X-ChromeLogger-Data (XCOLD) Header Information Leak [10052]
243PASS: Cookie Without SameSite Attribute [10054]
244PASS: CSP Scanner [10055]
245PASS: X-Debug-Token Information Leak [10056]
246PASS: Username Hash Found [10057]
247PASS: X-AspNet-Version Response Header Scanner [10061]
248PASS: PII Scanner [10062]
249PASS: Timestamp Disclosure [10096]
250PASS: Hash Disclosure [10097]
251PASS: Cross-Domain Misconfiguration [10098]
252PASS: Weak Authentication Method [10105]
253PASS: Reverse Tabnabbing [10108]
254PASS: Absence of Anti-CSRF Tokens [10202]
255PASS: Private IP Disclosure [2]
256PASS: Session ID in URL Rewrite [3]
257PASS: Script Passive Scan Rules [50001]
258PASS: Insecure JSF ViewState [90001]
259PASS: Charset Mismatch [90011]
260PASS: Application Error Disclosure [90022]
261PASS: Loosely Scoped Cookie [90033]
262WARN-NEW: Server Leaks Version Information via "Server" HTTP Response Header Field [10036] x 4 
263	http://dast-4422333-dast-default.34.67.11.220.nip.io/ (308 Permanent Redirect)
264	http://dast-4422333-dast-default.34.67.11.220.nip.io/robots.txt (308 Permanent Redirect)
265	http://dast-4422333-dast-default.34.67.11.220.nip.io (308 Permanent Redirect)
266	http://dast-4422333-dast-default.34.67.11.220.nip.io/sitemap.xml (308 Permanent Redirect)
267FAIL-NEW: 0	FAIL-INPROG: 0	WARN-NEW: 1	WARN-INPROG: 0	INFO: 0	IGNORE: 0	PASS: 49
268cat: /tmp/.X1-lock: No such file or directory
269/zap/zap-x.sh: 10: kill: Usage: kill [-s sigspec | -signum | -sigspec] [pid | job]... or
270kill -l [exitstatus]
 271  Running after script  
  00:02
 272  Saving cache  
  00:02
 273  Uploading artifacts for successful job  
  00:02
274Uploading artifacts...
275gl-dast-report.json: found 1 matching files        
276Uploading artifacts to coordinator... ok            id=37117858 responseStatus=201 Created token=yoFkomuf
277Job succeeded
Admin message

Admin message
