search

iriusrisk / bdd-security

BDD Automated Security Tests for Web Applications
http://www.continuumsecurity.net/bdd-intro.html
GNU Affero General Public License v3.0
559 stars 177 forks source link

BDD unable to limit or exclude sites/link from scanning #108

Open CustosClarus opened 3 years ago

CustosClarus commented 3 years ago

Hello,

I'm trying to filter "zap" to scan in-scope (target) site but instead it seems to scan all other links e.g twitter, Instagram and google.com

I try to change this behavior by making following changes:-

  1. edited the app_scan.features file see attached also Background: Given a new scanning session And a scanner with all policies disabled And all existing alerts are deleted Given the following URL regular expressions are excluded from the scanner |regex | |.github.| |.gstatic.| |.getbootstrap.| |.w3.| |.googleapis.| And the application is navigated And the application is spidered

but output did not changed see attach it still managed to crawl to excluded links.

thanks.

regards asad

CustosClarus commented 3 years ago

Pls find files here https://gofile.io/d/QSXX4l

CustosClarus commented 3 years ago

???