zap_parameters="-I -a -d --hook=/zap/auth_hook.py -r $scan_output_filename"
The parameters are injected without any problem as you can see in bellow logs (sanitized):
2022-07-07 10:37:19,696 Extra params passed by ZAP: ['-config', 'spider.maxDuration=1', '-addonupdate', '-addoninstall',
'pscanrulesBeta', '-addoninstall', 'pscanrulesAlpha', 'auth.loginurl=https://mywebsite.com/sessions/new?return_to=%2F',
'auth.username_field=login', 'auth.password_field=password', 'auth.submit_field=submit', 'auth.username=validUsername', 'auth.password=validPassword']
Although the scan does work, there is no authentication to the website (hence it's only scanning the login page).
From looking at the output I do not see any errors except this one:
Hi, I'm trying to scan a website with an authentication step, I'm using the latest docker image and I ran this command:
With:
The parameters are injected without any problem as you can see in bellow logs (sanitized):
Although the scan does work, there is no authentication to the website (hence it's only scanning the login page). From looking at the output I do not see any errors except this one: