java - 如何使用 OWASP ZAP 的 spiderViewStatus Java API 来获取 Spider 完成工作的状态/百分比?
问题描述
我正在关注Using Spider的 API 文档。基于 Java 的代码块效果很好,我得到了输出。
代码:
import java.util.List; import org.zaproxy.clientapi.core.ApiResponse; import org.zaproxy.clientapi.core.ApiResponseElement; import org.zaproxy.clientapi.core.ApiResponseList; import org.zaproxy.clientapi.core.ClientApi; public class SpiderViewStatus { private static final String ZAP_ADDRESS = "localhost"; private static final int ZAP_PORT = 8080; // Change to match the API key set in ZAP, or use NULL if the API key is disabled private static final String ZAP_API_KEY = "93tpvc1c5ek2b94arh0e7c8he"; // The URL of the application to be tested private static final String TARGET = "https://public-firing-range.appspot.com"; //private static final String TARGET = "http://localhost:3000"; //Juice Shop public static void main(String[] args) { ClientApi api = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY); try { // Start spidering the target System.out.println("Spidering target : " + TARGET); ApiResponse resp = api.spider.scan(TARGET, null, null, null, null); String scanID; int progress; // The scan returns a scan id to support concurrent scanning scanID = ((ApiResponseElement) resp).getValue(); // Poll the status until it completes while (true) { Thread.sleep(1000); progress = Integer.parseInt(((ApiResponseElement) api.spider.status(scanID)).getValue()); System.out.println("Spider progress : " + progress + "%"); if (progress >= 100) { break; } } System.out.println("Spider completed"); // If required post process the spider results List<ApiResponse> spiderResults = ((ApiResponseList) api.spider.results(scanID)).getItems(); for (ApiResponse spiderResult:spiderResults) System.out.println(spiderResult); // TODO: Explore the Application more with Ajax Spider or Start scanning the application for vulnerabilities } catch (Exception e) { System.out.println("Exception : " + e.getMessage()); e.printStackTrace(); } } }
输出:
Spidering target : https://public-firing-range.appspot.com Spider progress : 0% Spider progress : 66% Spider progress : 100% Spider completed https://public-firing-range.appspot.com/sitemap.xml https://public-firing-range.appspot.com/robots.txt https://public-firing-range.appspot.com
在查看状态部分中,还提到了执行状态 API以获取蜘蛛完成的工作的状态/百分比。但是,当我附加spiderViewStatus的代码块时:
代码块:
System.out.println("Spider completed"); // If required post process the spider results //spiderViewStatus: https://www.zaproxy.org/docs/api/#spiderviewstatus URL obj = new URL("http://zap/JSON/spider/view/status/"); HttpURLConnection con = (HttpURLConnection) obj.openConnection(); con.setRequestMethod("GET"); int responseCode = con.getResponseCode(); BufferedReader in = new BufferedReader( new InputStreamReader(con.getInputStream())); String inputLine; StringBuffer response = new StringBuffer(); while ((inputLine = in.readLine()) != null) { response.append(inputLine); } in.close(); System.out.println(response.toString()); // TODO: Explore the Application more with Ajax Spider or Start scanning the application for vulnerabilities
我面临java.net.UnknownHostException: zap
如下:
错误堆栈跟踪:
Spidering target : https://public-firing-range.appspot.com Spider progress : 66% Spider progress : 100% Spider completed Exception : zap java.net.UnknownHostException: zap at java.net.AbstractPlainSocketImpl.connect(Unknown Source) at java.net.PlainSocketImpl.connect(Unknown Source) at java.net.SocksSocketImpl.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at sun.net.NetworkClient.doConnect(Unknown Source) at sun.net.www.http.HttpClient.openServer(Unknown Source) at sun.net.www.http.HttpClient.openServer(Unknown Source) at sun.net.www.http.HttpClient.<init>(Unknown Source) at sun.net.www.http.HttpClient.New(Unknown Source) at sun.net.www.http.HttpClient.New(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at java.net.HttpURLConnection.getResponseCode(Unknown Source) at ZAP_tests.SpiderViewStatus.main(SpiderViewStatus.java:52)
我试图http://zap/JSON/spider/view/status/
用http://localhost:8080/JSON/spider/view/status/
同样的错误替换。
谁能帮帮我?
解决方案
您已经在初始代码中使用api.spider.status(scanID)
主机仅在http://zap/
您通过 ZAP 进行代理时才有效,您似乎不在您的第二部分代码中。
推荐阅读
- excel - 为什么在 OLEDBConnection.Refresh 之后没有隐藏列(Range().Columns.Hidden)?
- c++ - 使用 vcpkg 安装 box2d
- javascript - 如何使用 JS 代码脚本在 Photoshop 中暂停/恢复?
- reactjs - 是的,使用动态数据类型(电子邮件或电话号码)验证 loginID
- java - 如何仅按年份从地图中过滤 LocalDate?
- format - 在没有文件系统的情况下读/写磁盘
- r - 使用 R 填充历史 pdf 下载的公司房屋
- objective-c - 如何使用进度指示器单元格 OSX 制作类似可下载文件表的 torrent?Objective-C
- android - 有没有办法在 Espresso 测试期间暂停和恢复活动?
- flutter - 在 TextFormField Flutter 中输入文本时从顶部更改内容填充