Due to some maintenance issues, this service has been switched in read-only mode, you can find more information about the why

and how to migrate your plugin documentation in this blogpost

Skip to end of metadata
Go to start of metadata

Attack Mode

  1. Starting Point
     
    • The starting point is the request you desire from which you would like all attacks to originate from.

      Info: Specify a URL as the starting point in the form of:
       
      e.g. http://localhost:8180/bodgeit/

      Info: Accepts System Environment Variables, Build Variables as well as Environment Inject Plugin Variables(cannot be used during pre-build).

  2. Spider Scan(info) Evaluates URL for Passive Alerts.
     
    • Recurse(info) Default: True

      Info: If you select 'Recurse' then all of the nodes underneath the one specified will also be used to seed the spider.

    • Subtree Only(info) Default: False

      Info: If you select 'Subtree Only' the spider will only access resources that are under the starting point (URI). When evaluating if a resource is found within the specified subtree, the spider considers only the scheme, host, port, and path components of the URI.

    • Max Children to Crawl(info) Default: 0

      Info: Specify the 'Max Children to Crawl'. This parameter limits the number of children that will be crawled at every node in the tree. This is useful for data driven applications that have large numbers of 'pages' that are in fact exactly the same code but containing different data, for example from a database. By default this is set to zero which means there are no limits applied to the number of child nodes crawled.

  3. AJAX Spider
     
    • In Scope Only(info) Default: False

      Info: If you select 'In Scope Only' then any URLs which are out of scope will be ignored.

      Notice: Does not support authentication.

  4. Active Scan(info) Evaluates URL for Active Alerts.
     
    • Policy

      Info: Select a ZAP policy to use for the Active Scan. The policies must be stored in the Path provided for 'ZAP Settings'. "Default Policy" is used if no policy is specified.

    • Recurse(info) Default: True

      Info: If you select 'Recurse' then all of the nodes underneath the one selected will also be scanned. Custom input vectors are only supported if this option is not selected.

  • No labels