Skip to content

HelpUiDialogsOptionsAscan

psiinon edited this page Mar 29, 2017 · 3 revisions

Options Active Scan screen

This screen allows you to configure the active scan options:

Number of hosts scanned concurrently

The maximum number of hosts that will be scanned at the same time. Increasing this may put extra strain on the computer ZAP is running on.

Concurrent scanning threads per host

The number of threads the scanner will use per host. Increasing the number of threads will speed up the scan but may put extra strain on the computer ZAP is running on and the target host.

Max results to list

The number of results that will be shown in the Active Scan tab. Displaying a large number of results can significantly increase the time a scan takes.

Maximum rule duration (min, 0 is unlimited)

The maximum time any individual rule can run for in minutes. Zero means no limit. This can be used to prevent rules that are taking an excessive amount of time.

Maximum scan duration (min, 0 is unlimited)

The maximum time that the whole scan can run for in minutes. Zero means no limit. This can be used to ensure that a scan is completed around a set time.

Delay when scanning in milliseconds

The delay in milliseconds between each request. Setting this to a non zero value will increase the time an active scan takes, but will put less of a strain on the target host.

Inject plugin ID in header for all active scan requests

If this option is selected the active scanner will inject the request header X-ZAP-Scan-ID with the ID of the scanner that's sending the HTTP requests.

Handle anti CSRF tokens

If this option is selected then the active scanner will attempt to automatically request anti CSRF tokens when required. Note that this is experimental functionality and will slow down the scanning process as only one thread will be used to ensure that anti CSRF token requests dont get out of step.

In Attack mode prompt to rescan nodes when scope changed

If this option is selected then when you select Attack mode you will be prompted to choose whether to rescan nodes in scope. If the option is not selected then the following option will control whether the nodes are rescanned.

In Attack mode always rescan nodes when scope changed

If this option is selected then when running in Attack mode all nodes in scope will be rescanned if the scope changes. This is not recommended for large sites as it could take a long time.

Default active scan policy

The Scan Policy that is used by default when you start an active scan.

Attack mode scan policy

The Scan Policy that is used for scanning in Attack mode.

Max progress chart in mins

The maximum time in minutes for which response codes will be charted in the Scan Progress dialog. To disable the chart the option should be set to zero minutes.

See also

     UI Overview for an overview of the user interface
     Options dialogs for details of the other Options dialog screens
     Active Scan options
Clone this wiki locally
You can’t perform that action at this time.