[error]ENOENT: no such file or directory, open '/home/vsts/work/r1/a/owaspzap/report.json'

[pragadeeshraju]

I was trying the use ZAP from Azure market place and getting bumped into the error.

2020-08-25T11:01:58.5517255Z ##[section]Starting: ZAP Scanner
2020-08-25T11:01:58.5524757Z ==============================================================================
2020-08-25T11:01:58.5525072Z Task         : OWASP Zap Scanner
2020-08-25T11:01:58.5525359Z Description  : Utilize the OWASP/ZAP scanner within Azure DevOps
2020-08-25T11:01:58.5525600Z Version      : 1.0.1
2020-08-25T11:01:58.5525835Z Author       : Doyle Turner, Anthony Turner
2020-08-25T11:01:58.5527199Z Help         : 
2020-08-25T11:01:58.5527468Z ==============================================================================
2020-08-25T11:01:59.6175709Z [command]/bin/chmod 777 /home/vsts/work/r1/a/owaspzap
2020-08-25T11:01:59.6179364Z [command]/usr/bin/id -u root
2020-08-25T11:01:59.6179601Z 0
2020-08-25T11:01:59.6186436Z [command]/usr/bin/docker run -u 0 -v /home/vsts/work/r1/a/owaspzap:/zap/wrk/:rw owasp/zap2docker-stable zap-full-scan.py -t http://172.17.0.1:8080 -J report.json -r report.html
2020-08-25T11:01:59.6188722Z Unable to find image 'owasp/zap2docker-stable:latest' locally
2020-08-25T11:01:59.6189567Z latest: Pulling from owasp/zap2docker-stable
2020-08-25T11:01:59.6189897Z 423ae2b273f4: Pulling fs layer
2020-08-25T11:01:59.6190207Z de83a2304fa1: Pulling fs layer
2020-08-25T11:01:59.6190549Z f9a83bce3af0: Pulling fs layer
2020-08-25T11:01:59.6190851Z b6b53be908de: Pulling fs layer
2020-08-25T11:01:59.6191140Z dfa4c0ed9f01: Pulling fs layer
2020-08-25T11:01:59.6191423Z 0d0271dc7f26: Pulling fs layer
2020-08-25T11:01:59.6191731Z ba10134fb40f: Pulling fs layer
2020-08-25T11:01:59.6192017Z a5566afd045d: Pulling fs layer
2020-08-25T11:01:59.6192324Z 7b60e2849bd0: Pulling fs layer
2020-08-25T11:01:59.6192609Z daf051f52216: Pulling fs layer
2020-08-25T11:01:59.6192912Z 3600cd933995: Pulling fs layer
2020-08-25T11:01:59.6193194Z a1d63c5e9c9f: Pulling fs layer
2020-08-25T11:01:59.6193497Z 86279da9d5e1: Pulling fs layer
2020-08-25T11:01:59.6193782Z 61d20517a689: Pulling fs layer
2020-08-25T11:01:59.6194085Z b645cc4494b6: Pulling fs layer
2020-08-25T11:01:59.6194383Z 87a41273fa00: Pulling fs layer
2020-08-25T11:01:59.6194673Z dcd8983ba399: Pulling fs layer
2020-08-25T11:01:59.6194978Z 424fa8727c16: Pulling fs layer
2020-08-25T11:01:59.6195245Z b6b53be908de: Waiting
2020-08-25T11:01:59.6195518Z dfa4c0ed9f01: Waiting
2020-08-25T11:01:59.6195766Z 0d0271dc7f26: Waiting
2020-08-25T11:01:59.6196037Z ba10134fb40f: Waiting
2020-08-25T11:01:59.6196284Z a5566afd045d: Waiting
2020-08-25T11:01:59.6196554Z 7b60e2849bd0: Waiting
2020-08-25T11:01:59.6196803Z daf051f52216: Waiting
2020-08-25T11:01:59.6197054Z 3600cd933995: Waiting
2020-08-25T11:01:59.6197322Z a1d63c5e9c9f: Waiting
2020-08-25T11:01:59.6197570Z 86279da9d5e1: Waiting
2020-08-25T11:01:59.6197840Z 61d20517a689: Waiting
2020-08-25T11:01:59.6198087Z b645cc4494b6: Waiting
2020-08-25T11:01:59.6198355Z 87a41273fa00: Waiting
2020-08-25T11:01:59.6198602Z dcd8983ba399: Waiting
2020-08-25T11:01:59.6198867Z 424fa8727c16: Waiting
2020-08-25T11:01:59.6199137Z de83a2304fa1: Verifying Checksum
2020-08-25T11:01:59.6199453Z de83a2304fa1: Download complete
2020-08-25T11:01:59.6199747Z f9a83bce3af0: Verifying Checksum
2020-08-25T11:01:59.6200037Z f9a83bce3af0: Download complete
2020-08-25T11:01:59.7288525Z b6b53be908de: Verifying Checksum
2020-08-25T11:01:59.7288834Z b6b53be908de: Download complete
2020-08-25T11:01:59.7581522Z 423ae2b273f4: Verifying Checksum
2020-08-25T11:01:59.7581799Z 423ae2b273f4: Download complete
2020-08-25T11:02:00.0200883Z 0d0271dc7f26: Verifying Checksum
2020-08-25T11:02:00.0204393Z 0d0271dc7f26: Download complete
2020-08-25T11:02:00.1626355Z ba10134fb40f: Verifying Checksum
2020-08-25T11:02:00.1628067Z ba10134fb40f: Download complete
2020-08-25T11:02:00.2440710Z a5566afd045d: Verifying Checksum
2020-08-25T11:02:00.2441076Z a5566afd045d: Download complete
2020-08-25T11:02:00.3826980Z 7b60e2849bd0: Verifying Checksum
2020-08-25T11:02:00.3827326Z 7b60e2849bd0: Download complete
2020-08-25T11:02:00.4699181Z daf051f52216: Verifying Checksum
2020-08-25T11:02:00.4702720Z daf051f52216: Download complete
2020-08-25T11:02:00.6056936Z 3600cd933995: Verifying Checksum
2020-08-25T11:02:00.6062062Z 3600cd933995: Download complete
2020-08-25T11:02:00.8704360Z 86279da9d5e1: Verifying Checksum
2020-08-25T11:02:00.8704723Z 86279da9d5e1: Download complete
2020-08-25T11:02:01.1910799Z 61d20517a689: Verifying Checksum
2020-08-25T11:02:01.1911127Z 61d20517a689: Download complete
2020-08-25T11:02:01.4637803Z b645cc4494b6: Verifying Checksum
2020-08-25T11:02:01.4638135Z b645cc4494b6: Download complete
2020-08-25T11:02:01.7456138Z 87a41273fa00: Verifying Checksum
2020-08-25T11:02:01.7457476Z 87a41273fa00: Download complete
2020-08-25T11:02:02.0527074Z dcd8983ba399: Verifying Checksum
2020-08-25T11:02:02.0532117Z dcd8983ba399: Download complete
2020-08-25T11:02:02.2482686Z 423ae2b273f4: Pull complete
2020-08-25T11:02:02.4169287Z 424fa8727c16: Verifying Checksum
2020-08-25T11:02:02.4185358Z 424fa8727c16: Download complete
2020-08-25T11:02:02.4395320Z de83a2304fa1: Pull complete
2020-08-25T11:02:02.5519363Z f9a83bce3af0: Pull complete
2020-08-25T11:02:02.5798981Z a1d63c5e9c9f: Verifying Checksum
2020-08-25T11:02:02.5799351Z a1d63c5e9c9f: Download complete
2020-08-25T11:02:02.6307706Z b6b53be908de: Pull complete
2020-08-25T11:02:03.3476808Z dfa4c0ed9f01: Verifying Checksum
2020-08-25T11:02:03.3477202Z dfa4c0ed9f01: Download complete
2020-08-25T11:02:17.9988589Z dfa4c0ed9f01: Pull complete
2020-08-25T11:02:22.1217171Z 0d0271dc7f26: Pull complete
2020-08-25T11:02:24.4090781Z ba10134fb40f: Pull complete
2020-08-25T11:02:24.4830155Z a5566afd045d: Pull complete
2020-08-25T11:02:24.5479546Z 7b60e2849bd0: Pull complete
2020-08-25T11:02:24.6054036Z daf051f52216: Pull complete
2020-08-25T11:02:24.6678709Z 3600cd933995: Pull complete
2020-08-25T11:02:26.3878224Z a1d63c5e9c9f: Pull complete
2020-08-25T11:02:26.4629663Z 86279da9d5e1: Pull complete
2020-08-25T11:02:26.5239973Z 61d20517a689: Pull complete
2020-08-25T11:02:26.5869040Z b645cc4494b6: Pull complete
2020-08-25T11:02:26.6511473Z 87a41273fa00: Pull complete
2020-08-25T11:02:26.7287229Z dcd8983ba399: Pull complete
2020-08-25T11:02:26.8518725Z 424fa8727c16: Pull complete
2020-08-25T11:02:26.8555012Z Digest: sha256:3563ecc53448ad224262ccea185cff8360c999c52d9c4b78630d9344dc1c3fd6
2020-08-25T11:02:26.8574934Z Status: Downloaded newer image for owasp/zap2docker-stable:latest
2020-08-25T11:02:32.0896132Z 2020-08-25 11:02:32,087 Params: ['zap-x.sh', '-daemon', '-port', '55382', '-host', '0.0.0.0', '-config', 'api.disablekey=true', '-config', 'api.addrs.addr.name=.*', '-config', 'api.addrs.addr.regex=true', '-config', 'spider.maxDuration=0', '-addonupdate', '-addoninstall', 'pscanrulesBeta', '-addoninstall', 'ascanrulesBeta']
2020-08-25T11:02:34.6787780Z Aug 25, 2020 11:02:34 AM java.util.prefs.FileSystemPreferences$1 run
2020-08-25T11:02:34.6788472Z INFO: Created user preferences directory.
2020-08-25T11:02:42.2030923Z 2020-08-25 11:02:42,201 I/O error(5): ZAP failed to access: http://172.17.0.1:8080
2020-08-25T11:02:42.2031545Z Traceback (most recent call last):
2020-08-25T11:02:42.2032216Z   File "/zap/zap-full-scan.py", line 319, in main
2020-08-25T11:02:42.2032552Z     zap_access_target(zap, target)
2020-08-25T11:02:42.2032871Z   File "/zap/zap_common.py", line 84, in _wrap
2020-08-25T11:02:42.2080118Z     return_data = func(*args_list, **kwargs)
2020-08-25T11:02:42.2081059Z   File "/zap/zap_common.py", line 365, in zap_access_target
2020-08-25T11:02:42.2082304Z     raise IOError(errno.EIO, 'ZAP failed to access: {0}'.format(target))
2020-08-25T11:02:42.2083087Z IOError: [Errno 5] ZAP failed to access: http://172.17.0.1:8080
2020-08-25T11:02:42.2083829Z Found Java version 1.8.0_242
2020-08-25T11:02:42.2084411Z Available memory: 6927 MB
2020-08-25T11:02:42.2085278Z Using JVM args: -Xmx1731m
2020-08-25T11:02:42.2086445Z 194 [main] INFO org.zaproxy.zap.DaemonBootstrap  - OWASP ZAP 2.9.0 started 25/08/20 11:02:32 with home /root/.ZAP/
2020-08-25T11:02:42.2090093Z 227 [main] INFO org.parosproxy.paros.common.AbstractParam  - Setting config api.disablekey = true was null
2020-08-25T11:02:42.2091346Z 228 [main] INFO org.parosproxy.paros.common.AbstractParam  - Setting config api.addrs.addr.name = .* was null
2020-08-25T11:02:42.2104910Z 228 [main] INFO org.parosproxy.paros.common.AbstractParam  - Setting config api.addrs.addr.regex = true was null
2020-08-25T11:02:42.2106191Z 228 [main] INFO org.parosproxy.paros.common.AbstractParam  - Setting config spider.maxDuration = 0 was null
2020-08-25T11:02:42.2107291Z 234 [main] INFO org.parosproxy.paros.network.SSLConnector  - Reading supported SSL/TLS protocols...
2020-08-25T11:02:42.2108279Z 234 [main] INFO org.parosproxy.paros.network.SSLConnector  - Using a SSLEngine...
2020-08-25T11:02:42.2109498Z 332 [main] INFO org.parosproxy.paros.network.SSLConnector  - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
2020-08-25T11:02:42.2110690Z 341 [main] INFO org.parosproxy.paros.extension.option.OptionsParamCertificate  - Unsafe SSL renegotiation disabled.
2020-08-25T11:02:42.2111725Z 718 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE  - dataFileCache open start
2020-08-25T11:02:42.2113031Z 724 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE  - dataFileCache open end
2020-08-25T11:02:42.2114025Z 772 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory  - Loading extensions
2020-08-25T11:02:42.2117522Z 1857 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory  - Installed add-ons: [[id=alertFilters, version=10.0.0], [id=ascanrules, version=34.0.0], [id=bruteforce, version=9.0.0], [id=diff, version=10.0.0], [id=directorylistv1, version=4.0.0], [id=fuzz, version=12.0.0], [id=gettingStarted, version=11.0.0], [id=help, version=10.0.0], [id=hud, version=0.9.0], [id=importurls, version=7.0.0], [id=invoke, version=10.0.0], [id=onlineMenu, version=7.0.0], [id=openapi, version=15.0.0], [id=pscanrules, version=26.0.0], [id=quickstart, version=27.0.0], [id=replacer, version=8.0.0], [id=reveal, version=3.0.0], [id=saverawmessage, version=5.0.0], [id=savexmlmessage, version=0.1.0], [id=scripts, version=26.0.0], [id=selenium, version=15.1.0], [id=spiderAjax, version=23.1.0], [id=tips, version=7.0.0], [id=webdriverlinux, version=16.0.0], [id=websocket, version=21.0.0], [id=zest, version=31.0.0]]
2020-08-25T11:02:42.2131117Z 2085 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory  - Extensions loaded
2020-08-25T11:02:42.2132053Z 2181 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows ZAP to check for updates
2020-08-25T11:02:42.2132899Z 2183 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Options Extension
2020-08-25T11:02:42.2133731Z 2183 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Edit Menu Extension
2020-08-25T11:02:42.2134676Z 2183 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Provides a rest based API for controlling and accessing ZAP
2020-08-25T11:02:42.2135571Z 2189 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Session State Extension
2020-08-25T11:02:42.2136415Z 2190 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Report Extension
2020-08-25T11:02:42.2137228Z 2190 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing History Extension
2020-08-25T11:02:42.2138128Z 2191 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Show hidden fields and enable disabled fields
2020-08-25T11:02:42.2139087Z 2191 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Search messages for strings and regular expressions
2020-08-25T11:02:42.2139979Z 2193 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Encode/Decode/Hash...
2020-08-25T11:02:42.2140924Z 2193 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to intercept and modify requests and responses
2020-08-25T11:02:42.2141807Z 2194 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Passive scanner
2020-08-25T11:02:42.2142756Z 2266 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Script Passive Scan Rules
2020-08-25T11:02:42.2144169Z 2266 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Stats Passive Scan Rule
2020-08-25T11:02:42.2145225Z 2266 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Application Error Disclosure
2020-08-25T11:02:42.2146305Z 2266 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Absence of Anti-CSRF Tokens
2020-08-25T11:02:42.2147445Z 2266 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Incomplete or No Cache-control and Pragma HTTP Header Set
2020-08-25T11:02:42.2148554Z 2266 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Charset Mismatch
2020-08-25T11:02:42.2149757Z 2266 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: CSP Scanner
2020-08-25T11:02:42.2150811Z 2267 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Content-Type Header Missing
2020-08-25T11:02:42.2151868Z 2267 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cookie No HttpOnly Flag
2020-08-25T11:02:42.2152898Z 2267 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Loosely Scoped Cookie
2020-08-25T11:02:42.2153974Z 2267 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cookie Without SameSite Attribute
2020-08-25T11:02:42.2155031Z 2267 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cookie Without Secure Flag
2020-08-25T11:02:42.2156109Z 2267 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cross-Domain Misconfiguration
2020-08-25T11:02:42.2157235Z 2267 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion
2020-08-25T11:02:42.2158376Z 2267 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Web Browser XSS Protection Not Enabled
2020-08-25T11:02:42.2159496Z 2267 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Information Disclosure - Debug Error Messages
2020-08-25T11:02:42.2160781Z 2267 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Information Disclosure - Sensitive Information in URL
2020-08-25T11:02:42.2162022Z 2267 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header
2020-08-25T11:02:42.2163229Z 2267 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Information Disclosure - Suspicious Comments
2020-08-25T11:02:42.2164327Z 2267 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Weak Authentication Method
2020-08-25T11:02:42.2165386Z 2267 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Insecure JSF ViewState
2020-08-25T11:02:42.2166464Z 2267 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Secure Pages Include Mixed Content
2020-08-25T11:02:42.2167512Z 2268 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Private IP Disclosure
2020-08-25T11:02:42.2168559Z 2268 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Session ID in URL Rewrite
2020-08-25T11:02:42.2197554Z 2268 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Timestamp Disclosure
2020-08-25T11:02:42.2199012Z 2268 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Username Hash Found
2020-08-25T11:02:42.2200050Z 2268 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Viewstate Scanner
2020-08-25T11:02:42.2201302Z 2268 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-AspNet-Version Response Header Scanner
2020-08-25T11:02:42.2202440Z 2268 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-Content-Type-Options Header Missing
2020-08-25T11:02:42.2203523Z 2268 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-Debug-Token Information Leak
2020-08-25T11:02:42.2204607Z 2268 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-Frame-Options Header Scanner
2020-08-25T11:02:42.2206029Z 2268 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
2020-08-25T11:02:42.2207102Z 2308 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to view and manage alerts
2020-08-25T11:02:42.2208178Z 2310 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Active scanner, heavily based on the original Paros active scanner, but with additional tests added
2020-08-25T11:02:42.2209516Z 2335 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Spider used for automatically finding URIs on a site
2020-08-25T11:02:42.2210546Z 2343 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing A set of common popup menus for miscellaneous tasks
2020-08-25T11:02:42.2211623Z 2344 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Forced browsing of files and directories using code from the OWASP DirBuster tool
2020-08-25T11:02:42.2212594Z 2344 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Manual Request Editor Extension
2020-08-25T11:02:42.2213597Z 2344 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Compares 2 sessions and generates an HTML file showing the differences
2020-08-25T11:02:42.2214702Z 2344 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Invoke external applications passing context related information such as URLs and parameters
2020-08-25T11:02:42.2215761Z 2345 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Handles anti cross site request forgery (CSRF) tokens
2020-08-25T11:02:42.2216658Z 2354 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Authentication Extension
2020-08-25T11:02:42.2218002Z 2365 [ZAP-daemon] INFO org.zaproxy.zap.extension.authentication.ExtensionAuthentication  - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication, JSON-based Authentication]
2020-08-25T11:02:42.2219520Z 2367 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Creates a dynamic SSL certificate to allow SSL communications to be intercepted without warnings being generated by the browser
2020-08-25T11:02:42.2220810Z 2367 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Logs errors to the Output tab in development mode only
2020-08-25T11:02:42.2221698Z 2367 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Users Extension
2020-08-25T11:02:42.2222647Z 2369 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Summarise and analyse FORM and URL parameters as well as cookies
2020-08-25T11:02:42.2223534Z 2369 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Script integration
2020-08-25T11:02:42.2224734Z 2386 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Scripting console, supports all JSR 223 scripting languages
2020-08-25T11:02:42.2225627Z 2496 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Forced User Extension
2020-08-25T11:02:42.2226488Z 2496 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Extension handling HTTP sessions
2020-08-25T11:02:42.2227568Z 2498 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Zest is a specialized scripting language from Mozilla specifically designed to be used in security tools
2020-08-25T11:02:42.2228527Z 2628 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionDiff
2020-08-25T11:02:42.2229366Z 2628 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing HTTP Panel Post Table View Extension
2020-08-25T11:02:42.2230430Z 2628 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Session Management Extension
2020-08-25T11:02:42.2231728Z 2632 [ZAP-daemon] INFO org.zaproxy.zap.extension.sessions.ExtensionSessionManagement  - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management, Script-based Session Management]
2020-08-25T11:02:42.2232913Z 2633 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing HTTP Panel Form Table View Extension
2020-08-25T11:02:42.2233914Z 2633 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Capture messages from WebSockets with the ability to set breakpoints.
2020-08-25T11:02:42.2235043Z 2640 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to import a file containing URLs which ZAP will access, adding them to the Sites tree
2020-08-25T11:02:42.2236044Z 2641 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Core UI related functionality.
2020-08-25T11:02:42.2236891Z 2641 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Authorization Extension
2020-08-25T11:02:42.2237742Z 2641 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing AJAX Spider, uses Crawljax
2020-08-25T11:02:42.2238771Z 2642 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.
2020-08-25T11:02:42.2239779Z 2647 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Manages the local proxy configurations
2020-08-25T11:02:42.2240656Z 2647 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Handles adding Global Excluded URLs
2020-08-25T11:02:42.2241568Z 2647 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Adds menu item to refresh the Sites tree
2020-08-25T11:02:42.2242424Z 2647 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing OWASP ZAP User Guide
2020-08-25T11:02:42.2243364Z 2647 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Provides a URL suitable for calling from target sites
2020-08-25T11:02:42.2244363Z 2649 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to configure which extensions are loaded when ZAP starts
2020-08-25T11:02:42.2245303Z 2649 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Combined HTTP Panels Extension
2020-08-25T11:02:42.2246170Z 2649 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing HTTP Panel Hex View Extension
2020-08-25T11:02:42.2247024Z 2649 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing HTTP Panel Image View Extension
2020-08-25T11:02:42.2247918Z 2649 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing HTTP Panel Large Request View Extension
2020-08-25T11:02:42.2261251Z 2649 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing HTTP Panel Large Response View Extension
2020-08-25T11:02:42.2262579Z 2649 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing HTTP Panel Query Table View Extension
2020-08-25T11:02:42.2263532Z 2649 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing HTTP Panel Syntax Highlighter View Extension
2020-08-25T11:02:42.2264577Z 2649 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Adds support for configurable keyboard shortcuts for all of the ZAP menus.
2020-08-25T11:02:42.2265536Z 2649 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Active and passive rule configuration
2020-08-25T11:02:42.2266369Z 2651 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Statistics
2020-08-25T11:02:42.2267438Z 2652 [ZAP-daemon] INFO org.zaproxy.zap.extension.stats.ExtensionStats  - Start recording in memory stats
2020-08-25T11:02:42.2268300Z 2653 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Passive Scan Rules
2020-08-25T11:02:42.2269127Z 2653 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Context alert rules filter
2020-08-25T11:02:42.2269999Z 2654 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing The ZAP Getting Started Guide
2020-08-25T11:02:42.2270815Z 2654 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Heads Up Display
2020-08-25T11:02:42.2271635Z 2689 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHUDlaunch
2020-08-25T11:02:42.2272458Z 2690 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionSaveRawHttpMessage
2020-08-25T11:02:42.2273398Z 2690 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Easy way to replace strings in requests and responses
2020-08-25T11:02:42.2274568Z 2694 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.
2020-08-25T11:02:42.2275610Z 2695 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows to fuzz HTTP messages.
2020-08-25T11:02:42.2276456Z 2695 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Active Scan Rules
2020-08-25T11:02:42.2277409Z 2695 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Adds the Quick Start panel for scanning and exploring applications
2020-08-25T11:02:42.2278448Z 2699 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Add the option to use the Ajax Spider in the Quick Start scan
2020-08-25T11:02:42.2279383Z 2700 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Launch browsers proxying through ZAP
2020-08-25T11:02:42.2280304Z 2700 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Launch browsers proxying through ZAP
2020-08-25T11:02:42.2281141Z 2700 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing The Online menu links
2020-08-25T11:02:42.2282090Z 2700 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows you to spider and import OpenAPI (Swagger) definitions 
2020-08-25T11:02:42.2282994Z 2712 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionSaveXMLHttpMessage
2020-08-25T11:02:42.2283821Z 2713 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Tips and Tricks
2020-08-25T11:02:42.2284661Z 2713 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Allows to fuzz WebSocket messages.
2020-08-25T11:02:42.2285633Z 2917 [ZAP-daemon] INFO org.zaproxy.zap.extension.callback.ExtensionCallback  - Started callback server on 0.0.0.0:34273
2020-08-25T11:02:42.2286733Z 2917 [ZAP-daemon] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL  - Creating new root CA certificate
2020-08-25T11:02:42.2287576Z 3289 [ZAP-daemon] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL  - New root CA certificate created
2020-08-25T11:02:42.2288399Z 4296 [ZAP-daemon] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - There is/are 10 newer addons
2020-08-25T11:02:42.2289525Z 6265 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Installing new addon selenium v15.2.0
2020-08-25T11:02:42.2290532Z 6439 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Finished installing new addon selenium v15.2.0
2020-08-25T11:02:42.2291482Z 6453 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Installing new addon openapi v16.0.0
2020-08-25T11:02:42.2294131Z 6473 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Finished installing new addon openapi v16.0.0
2020-08-25T11:02:42.2295147Z 6488 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Installing new addon pscanrules v29.0.0
2020-08-25T11:02:42.2296130Z 6488 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Finished installing new addon pscanrules v29.0.0
2020-08-25T11:02:42.2297078Z 6494 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Installing new addon quickstart v28.0.0
2020-08-25T11:02:42.2298061Z 6540 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Finished installing new addon quickstart v28.0.0
2020-08-25T11:02:42.2299026Z 6555 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Installing new addon webdriverlinux v19.0.0
2020-08-25T11:02:42.2300033Z 6861 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Finished installing new addon webdriverlinux v19.0.0
2020-08-25T11:02:42.2301012Z 6866 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Installing new addon ascanrules v36.0.0
2020-08-25T11:02:42.2301994Z 6888 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Finished installing new addon ascanrules v36.0.0
2020-08-25T11:02:42.2302926Z 6900 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Installing new addon fuzz v13.0.0
2020-08-25T11:02:42.2303882Z 7147 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Finished installing new addon fuzz v13.0.0
2020-08-25T11:02:42.2304809Z 7173 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Installing new addon zest v32.0.0
2020-08-25T11:02:42.2305764Z 7260 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Finished installing new addon zest v32.0.0
2020-08-25T11:02:42.2306719Z 7387 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Installing new addon websocket v22.0.0
2020-08-25T11:02:42.2307700Z 7627 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Finished installing new addon websocket v22.0.0
2020-08-25T11:02:42.2308644Z 7770 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Installing new addon hud v0.11.0
2020-08-25T11:02:42.2309572Z 7840 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Finished installing new addon hud v0.11.0
2020-08-25T11:02:42.2310520Z 7842 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Installing new addon commonlib v1.1.0
2020-08-25T11:02:42.2311560Z 7880 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Application Error Disclosure
2020-08-25T11:02:42.2312947Z 7880 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Absence of Anti-CSRF Tokens
2020-08-25T11:02:42.2314161Z 7881 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Incomplete or No Cache-control and Pragma HTTP Header Set
2020-08-25T11:02:42.2315319Z 7881 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Charset Mismatch
2020-08-25T11:02:42.2316366Z 7881 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: CSP Scanner
2020-08-25T11:02:42.2317466Z 7881 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Content-Type Header Missing
2020-08-25T11:02:42.2318564Z 7881 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cookie No HttpOnly Flag
2020-08-25T11:02:42.2319842Z 7881 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Loosely Scoped Cookie
2020-08-25T11:02:42.2321135Z 7881 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cookie Without SameSite Attribute
2020-08-25T11:02:42.2322294Z 7881 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cookie Without Secure Flag
2020-08-25T11:02:42.2323426Z 7881 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cross-Domain Misconfiguration
2020-08-25T11:02:42.2324602Z 7881 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion
2020-08-25T11:02:42.2325813Z 7881 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Information Disclosure - Debug Error Messages
2020-08-25T11:02:42.2327056Z 7881 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Information Disclosure - Sensitive Information in URL
2020-08-25T11:02:42.2328364Z 7881 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header
2020-08-25T11:02:42.2329975Z 7881 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Information Disclosure - Suspicious Comments
2020-08-25T11:02:42.2331163Z 7881 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Weak Authentication Method
2020-08-25T11:02:42.2332260Z 7881 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Insecure JSF ViewState
2020-08-25T11:02:42.2333424Z 7881 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Secure Pages Include Mixed Content
2020-08-25T11:02:42.2334528Z 7881 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Private IP Disclosure
2020-08-25T11:02:42.2335643Z 7881 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Session ID in URL Rewrite
2020-08-25T11:02:42.2336752Z 7882 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Timestamp Disclosure
2020-08-25T11:02:42.2337830Z 7882 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Username Hash Found
2020-08-25T11:02:42.2338916Z 7882 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Viewstate Scanner
2020-08-25T11:02:42.2340256Z 7882 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-AspNet-Version Response Header Scanner
2020-08-25T11:02:42.2341450Z 7882 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-Content-Type-Options Header Missing
2020-08-25T11:02:42.2342589Z 7882 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-Debug-Token Information Leak
2020-08-25T11:02:42.2343732Z 7882 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-Frame-Options Header Scanner
2020-08-25T11:02:42.2344982Z 7882 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
2020-08-25T11:02:42.2346136Z 7925 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Finished installing new addon commonlib v1.1.0
2020-08-25T11:02:42.2347285Z 7942 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/pscanrules-release-29.zap
2020-08-25T11:02:42.2348548Z 7942 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/quickstart-release-28.zap
2020-08-25T11:02:42.2349540Z 7942 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/websocket-release-22.zap
2020-08-25T11:02:42.2350525Z 7942 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/hud-beta-0.11.0.zap
2020-08-25T11:02:42.2351501Z 7942 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/ascanrules-release-36.zap
2020-08-25T11:02:42.2352489Z 7942 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/fuzz-beta-13.0.0.zap
2020-08-25T11:02:42.2353491Z 7943 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/commonlib-release-1.1.0.zap
2020-08-25T11:02:42.2354522Z 7943 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/webdriverlinux-release-19.zap
2020-08-25T11:02:42.2355495Z 7943 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/openapi-beta-16.zap
2020-08-25T11:02:42.2356463Z 7943 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/zest-beta-32.zap
2020-08-25T11:02:42.2357438Z 7943 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/selenium-release-15.2.0.zap
2020-08-25T11:02:42.2358380Z 7943 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on update check complete
2020-08-25T11:02:42.2359462Z 7944 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Downloading add-on from: https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesBeta-v22/pscanrulesBeta-beta-22.zap
2020-08-25T11:02:42.2360820Z 7952 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Downloading add-on from: https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v30/ascanrulesBeta-beta-30.zap
2020-08-25T11:02:42.2361948Z 8661 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Installing new addon pscanrulesBeta v22.0.0
2020-08-25T11:02:42.2363088Z 8684 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Big Redirect Detected (Potential Sensitive Information Leak)
2020-08-25T11:02:42.2364327Z 8684 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Content Security Policy (CSP) Header Not Set
2020-08-25T11:02:42.2365446Z 8684 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Directory Browsing
2020-08-25T11:02:42.2366542Z 8684 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Hash Disclosure
2020-08-25T11:02:42.2367863Z 8684 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Heartbleed OpenSSL Vulnerability (Indicative)
2020-08-25T11:02:42.2369236Z 8684 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: HTTP to HTTPS Insecure Transition in Form Post
2020-08-25T11:02:42.2374353Z 8684 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: HTTPS to HTTP Insecure Transition in Form Post
2020-08-25T11:02:42.2375564Z 8684 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Reverse Tabnabbing
2020-08-25T11:02:42.2376655Z 8684 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Modern Web Application
2020-08-25T11:02:42.2378006Z 8684 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: PII Disclosure
2020-08-25T11:02:42.2379106Z 8684 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Retrieved from Cache
2020-08-25T11:02:42.2380243Z 8685 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: HTTP Server Response Header Scanner
2020-08-25T11:02:42.2381381Z 8685 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: HTTP Parameter Override
2020-08-25T11:02:42.2382538Z 8685 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Strict-Transport-Security Header Scanner
2020-08-25T11:02:42.2383694Z 8686 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: User Controllable Charset
2020-08-25T11:02:42.2384800Z 8687 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Cookie Poisoning
2020-08-25T11:02:42.2387456Z 8687 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: User Controllable HTML Element Attribute (Potential XSS)
2020-08-25T11:02:42.2389139Z 8687 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: User Controllable JavaScript Event (XSS)
2020-08-25T11:02:42.2390273Z 8687 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: Open Redirect
2020-08-25T11:02:42.2391400Z 8687 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-Backend-Server Header Information Leak
2020-08-25T11:02:42.2392634Z 8687 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan  - loaded passive scan rule: X-ChromeLogger-Data (XCOLD) Header Information Leak
2020-08-25T11:02:42.2393751Z 8689 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Finished installing new addon pscanrulesBeta v22.0.0
2020-08-25T11:02:42.2394747Z 8692 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Installing new addon ascanrulesBeta v30.0.0
2020-08-25T11:02:42.2395748Z 8754 [ZAP-DownloadInstaller] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate  - Finished installing new addon ascanrulesBeta v30.0.0
2020-08-25T11:02:42.2396743Z 8953 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/pscanrules-release-29.zap
2020-08-25T11:02:42.2397760Z 8953 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/quickstart-release-28.zap
2020-08-25T11:02:42.2398749Z 8954 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/websocket-release-22.zap
2020-08-25T11:02:42.2399953Z 8954 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/hud-beta-0.11.0.zap
2020-08-25T11:02:42.2400944Z 8954 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/ascanrules-release-36.zap
2020-08-25T11:02:42.2401935Z 8954 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/fuzz-beta-13.0.0.zap
2020-08-25T11:02:42.2402925Z 8954 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/commonlib-release-1.1.0.zap
2020-08-25T11:02:42.2403947Z 8954 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/webdriverlinux-release-19.zap
2020-08-25T11:02:42.2404923Z 8954 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/openapi-beta-16.zap
2020-08-25T11:02:42.2406061Z 8954 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/zest-beta-32.zap
2020-08-25T11:02:42.2407063Z 8954 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/selenium-release-15.2.0.zap
2020-08-25T11:02:42.2408079Z 8954 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/pscanrulesBeta-beta-22.zap
2020-08-25T11:02:42.2409362Z 8954 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine  - Add-on downloaded to: /root/.ZAP/plugin/ascanrulesBeta-beta-30.zap
2020-08-25T11:02:42.2410405Z 8955 [ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap  - ZAP is now listening on 0.0.0.0:55382
2020-08-25T11:02:42.2410929Z ERROR ZAP failed to access: http://172.17.0.1:8080
2020-08-25T11:02:43.8659287Z ##[error]ENOENT: no such file or directory, open '/home/vsts/work/r1/a/owaspzap/report.json'

any help would be appreciated.
let me know if more information are needed

[mikedouglasdev]

Looks like the real error is the one before it and that it can't access the target URL. Is this an intranet site? is this running a non-microsoft hosted agent? Is it accessible from the agent?

I/O error(5): ZAP failed to access: http://172.17.0.1:8080

The file doesn't exist because the scan never ran.

[pragadeeshraju]

okay, that was fixed and now bumped into|

2020-08-28T09:01:59.8208528Z ==============================================================================
2020-08-28T09:01:59.8208830Z Task         : Publish Test Results
2020-08-28T09:01:59.8209089Z Description  : Publish test results to Azure Pipelines
2020-08-28T09:01:59.8209313Z Version      : 2.171.0
2020-08-28T09:01:59.8209526Z Author       : Microsoft Corporation
2020-08-28T09:01:59.8209830Z Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/test/publish-test-results
2020-08-28T09:01:59.8210205Z ==============================================================================
2020-08-28T09:01:59.9692246Z [command]/usr/bin/dotnet --version
2020-08-28T09:02:00.3321909Z 3.1.401
2020-08-28T09:02:01.0726910Z ##[warning]Failed to read /home/vsts/work/r1/a/owaspzap/test-results.xml. Error : There are multiple root elements. Line 49, position 2..
2020-08-28T09:02:01.0740737Z ##[warning]Failed to publish test results: Object reference not set to an instance of an object.
2020-08-28T09:02:01.0857511Z ##[section]Async Command Start: Publish test results
2020-08-28T09:02:01.0982697Z ##[section]Async Command End: Publish test results
2020-08-28T09:02:01.0984007Z ##[section]Finishing: Publish Test Results owaspzap/test-results.xml

2020-08-28T09:02:01.0726910Z ##[warning]Failed to read /home/vsts/work/r1/a/owaspzap/test-results.xml. Error : There are multiple root elements. Line 49, position 2..
2020-08-28T09:02:01.0740737Z ##[warning]Failed to publish test results: Object reference not set to an instance of an object.

[mikedouglasdev]

I started getting this yesterday when I changed the target website. Looking at the file, it includes both the HTTP and HTTPS runs.

I looked at the settings and the site requires HTTPS so it is redirecting the call from HTTP to HTTPS and OWASP thinks it is two different websites. In the report parser that I wrote, I passed in the target site so it would only report on that one site. I think we need to do this here or just use HTTPS when doing the testing. The weird thing is if I change it to HTTPS, I don't get any warnings even though I did before and the JSON report shows port 80. Seems like a different issue.

[mikedouglasdev]

I looked back at the settings and there is a port setting. It must default to port 80. I wish it would use the default HTTP port of the URL. I set this explicitly like below and now everything works properly.

• task: owaspzap@1
  inputs:
  scantype: 'targetedScan'
  url: '$(targetUrl)'
  port: '443'

[pragadeeshraju]

now bumped into another issue, scanner just frozes after, in azure pipeline

2020-09-01T12:55:26.2276439Z 424fa8727c16: Pull complete
2020-09-01T12:55:26.2300003Z Digest: sha256:3563ecc53448ad224262ccea185cff8360c999c52d9c4b78630d9344dc1c3fd6
2020-09-01T12:55:26.2322177Z Status: Downloaded newer image for owasp/zap2docker-stable:latest
2020-09-01T12:55:30.2205741Z 2020-09-01 12:55:30,219 Params: ['zap-x.sh', '-daemon', '-port', '42957', '-host', '0.0.0.0', '-config', 'api.disablekey=true', '-config', 'api.addrs.addr.name=.*', '-config', 'api.addrs.addr.regex=true', '-config', 'spider.maxDuration=0', '-addonupdate', '-addoninstall', 'pscanrulesBeta', '-addoninstall', 'ascanrulesBeta']
2020-09-01T12:55:32.8942493Z Sep 01, 2020 12:55:32 PM java.util.prefs.FileSystemPreferences$1 run
2020-09-01T12:55:32.8943475Z INFO: Created user preferences directory.

but works fine on the seperate run

[pragadeeshraju]

Hi @IvanKirianov,
the initial issue was solved (my app was running on the specified URL(2020-08-25T11:02:42.2410929Z ERROR ZAP failed to access: http://172.17.0.1:8080) - I corrected that)

not sure what issue are you facing now

but now it just hung after

2020-09-01T12:55:26.2322177Z Status: Downloaded newer image for owasp/zap2docker-stable:latest
2020-09-01T12:55:30.2205741Z 2020-09-01 12:55:30,219 Params: ['zap-x.sh', '-daemon', '-port', '42957', '-host', '0.0.0.0', '-config', 'api.disablekey=true', '-config', 'api.addrs.addr.name=.*', '-config', 'api.addrs.addr.regex=true', '-config', 'spider.maxDuration=0', '-addonupdate', '-addoninstall', 'pscanrulesBeta', '-addoninstall', 'ascanrulesBeta']
2020-09-01T12:55:32.8942493Z Sep 01, 2020 12:55:32 PM java.util.prefs.FileSystemPreferences$1 run
2020-09-01T12:55:32.8943475Z INFO: Created user preferences directory.

i even tried in other servers as well.

[tsluyter]

These issues do not necessarily pertain to the Azure DevOps ZAP plugin created by this team.

What's not immediately clear from the plugin is that it mostly relies on the ZAP Docker container. The plugin merely takes a few settings from you and applies them to ZAP running in Docker. One such example is the port number that @mikedouglasdev referred to.

If your issues continue to exist, please provide an update @pragadeeshraju. Otherwise, please consider closing this issue.

[GhassenMaarouf]

I nedd help please
##[error]ENOENT: no such file or directory, open '/home/vsts/work/1/s/owaspzap/report.json'

@polatengin @DariuszPorowski @TsuyoshiUshio @

[ckarcz]

in my case, i had the SSL port specified correctly for an HTTPS only web app. but, it was failing when using a pipeline variable. the error went away once putting the URL directly in Root URL to begin crawling field. ymmv 🍻

[pankaj05854]

@pragadeeshraju

How did you fix initial issue? I am also getting the same issue in yml based pipeline. But in classic mode.

pipeline:-

• task: owaspzap@1
  inputs:
  aggressivemode: false
  port: '8080'
  threshold: 50

Error:-
Automation plan failures:
Job spider failed to access URL http://172.17.0.1:8080/ : Connection refused (Connection refused)
##[error]ENOENT: no such file or directory, open '/home/vsts/work/1/s/owaspzap/report.json'

[pamela032709]

Did you find a solution for the rror ?
I have this one
##[error]The process 'C:\Program Files\Docker\docker.exe' failed with exit code 125
##[error]ENOENT: no such file or directory, open 'D:\a\1\s\owaspzap\report.json'

[kamathnaveen143]

Hi All,

While executing the OWASP ZAP scan in the azure pipeline for the "targeted scan" type, getting below error, Any solution for this issue.

Earliest response is much appreciated , Since because of this we have blocked with few releases.