ValueError: invalid literal for int() with base 10: 'Does Not Exist'

[alienatix]

I get an error when trying to run an active scan:

zap-cli scanners list
+-------+--------------------------------------------+-------------+-----------+------------+
| ID | Name | Policy ID | Enabled | Strength |
+=======+============================================+
+-------+--------------------------------------------+-------------+-----------+------------+
| 40018 | SQL Injection | 4 | true | DEFAULT |
+-------+--------------------------------------------+-------------+-----------+------------+

$ zap-cli -v active-scan -s 40018 "http://example.com"
[INFO] Running an active scan...
[DEBUG] Disabling all current scanners
[DEBUG] Enabling scanners with IDs 40018
[DEBUG] Scanning target http://example.com...
Traceback (most recent call last):
File "/usr/local/bin/zap-cli", line 9, in
load_entry_point('zapcli==0.1.1', 'console_scripts', 'zap-cli')()
File "/Library/Python/2.7/site-packages/click/core.py", line 664, in call
return self.main(_args, *_kwargs)
File "/Library/Python/2.7/site-packages/click/core.py", line 644, in main
rv = self.invoke(ctx)
File "/Library/Python/2.7/site-packages/click/core.py", line 991, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/Library/Python/2.7/site-packages/click/core.py", line 837, in invoke
return ctx.invoke(self.callback, *_ctx.params)
File "/Library/Python/2.7/site-packages/click/core.py", line 464, in invoke
return callback(_args, *_kwargs)
File "/Library/Python/2.7/site-packages/click/decorators.py", line 26, in new_func
return ctx.invoke(f, ctx.obj, *args[1:], *_kwargs)
File "/Library/Python/2.7/site-packages/click/core.py", line 464, in invoke
return callback(_args, *_kwargs)
File "/Library/Python/2.7/site-packages/zapcli/cli.py", line 179, in active_scan
zap_helper.run_active_scan(url, recursive=recursive)
File "/Library/Python/2.7/site-packages/zapcli/zap_helper.py", line 146, in run_active_scan
while int(self.zap.ascan.status()) < 100:
ValueError: invalid literal for int() with base 10: 'Does Not Exist'

[Grunny]

Hi @alienatix! Can you let me know which version of ZAP you are using?

[alienatix]

version 2.4.2

[Grunny]

Ah, I see, it happens if the URL isn't in site tree, so the error won't happen if you first open the URL, i.e.:

$ zap-cli -v open-url "http://example.com"
$ zap-cli -v active-scan -s 40018 "http://example.com"

Alternatively, you can use quick-scan which opens the URL before launching the scan, so this will work straight away:

$ zap-cli -v quick-scan -s 40018 "http://example.com"
[INFO]            Running a quick scan for http://example.com
[DEBUG]           Disabling all current scanners
[DEBUG]           Enabling scanners with IDs 40018
[DEBUG]           Scanning target http://example.com...
[DEBUG]           Scan progress %: 0
[DEBUG]           Scan #0 completed
[INFO]            Issues found: 0

Does that work for you?

I'll add some better error handling to active-scan for this case (and better documentation for the commands). :)

[alienatix]

Thanks!

[Grunny]

v0.2.0 (now available on PyPI) has better error handling for this. It will now look like this if you try to run an active scan on a URL that isn't in the site tree:

$ zap-cli -v active-scan "http://127.0.0.1"
[INFO]            Running an active scan...
[DEBUG]           Scanning target http://127.0.0.1...
[ERROR]           Error running active scan: "URL Not Found in the Scan Tree". Make sure the URL is in the site tree by using the open-url or scanner commands before running an active scan.