python-3.x - 在 Python ZAP 模块中运行 AjaxSpider 时,“no_implementor”是什么意思?
问题描述
1.) 使用的代码
如果使用AjaxSpider:
# Ajax Spider the target URL
pprint('Start Ajax Spider -> ' + ajax.scan(url=target, inscope=None))
# Give the Ajax spider a chance to start
time.sleep(10)
while (ajax.status != 'stopped'):
print('Ajax Spider is ' + ajax.status)
time.sleep(5)
for url in applicationURL:
# Ajax Spider every url configured
pprint('Ajax Spider the URL: ' + url + ' -> ' +
ajax.scan(url=url, inscope=None))
# Give the Ajax spider a chance to start
time.sleep(10)
while (ajax.status != 'stopped'):
print('Ajax Spider is ' + ajax.status)
time.sleep(5)
print('Ajax Spider scan completed')
2.) 进入无限循环
'Ajay Spider 不是执行者'
解决方案
您应该查看 ZAP 的新 API 文档:https ://www.zaproxy.org/docs/api/#using-ajax-spider
"no_implementor" "No Implementor" 可能意味着您没有安装 AjaxSpider 插件。(这意味着,您没有任何东西可以实现您尝试使用的功能。)
#!/usr/bin/env python
import time
from zapv2 import ZAPv2
# The URL of the application to be tested
target = 'https://public-firing-range.appspot.com'
# Change to match the API key set in ZAP, or use None if the API key is disabled
apiKey = 'changeme'
# By default ZAP API client will connect to port 8080
zap = ZAPv2(apikey=apiKey)
# Use the line below if ZAP is not listening on port 8080, for example, if listening on port 8090
# zap = ZAPv2(apikey=apikey, proxies={'http': 'http://127.0.0.1:8090', 'https': 'http://127.0.0.1:8090'})
print('Ajax Spider target {}'.format(target))
scanID = zap.ajaxSpider.scan(target)
timeout = time.time() + 60*2 # 2 minutes from now
# Loop until the ajax spider has finished or the timeout has exceeded
while zap.ajaxSpider.status == 'running':
if time.time() > timeout:
break
print('Ajax Spider status' + zap.ajaxSpider.status)
time.sleep(2)
print('Ajax Spider completed')
ajaxResults = zap.ajaxSpider.results(start=0, count=10)
# If required perform additional operations with the Ajax Spider results
# TODO: Start scanning the application to find vulnerabilities
推荐阅读
- javascript - 从层次结构 MySQL 表生成 HTML 列表
- javascript - 如何使用 JavaScript 修复侧边栏错误
- sql-server - 从 DataGridView 获取当前单元格值
- pandas - 基于两列的邻接矩阵
- python - Pandas 中每组的滚动相关性和平均值(最后 3 个)
- iis - IIS 10不能用80端口加载图片,但可以用8080端口加载
- javascript - javascript从php访问图像数组
- java - java中的台球游戏如何放15个球
- python - 评估允许其运算符是复合表达式的组合
- google-apps-script - 如何在 Google Apps 脚本中获取参数?