Options Active Scan screen
This screen allows you to configure the active scan options:
Number of hosts scanned concurrently
The maximum number of hosts that will be scanned at the same time. Increasing this may put extra strain on the computer ZAP is running on.
Concurrent scanning threads per host
The number of threads the scanner will use per host. Increasing the number of threads will speed up the scan but may put extra strain on the computer ZAP is running on and the target host.
Max results to list
The number of results that will be shown in the Active Scan tab. Displaying a large number of results can significantly increase the time a scan takes.
Maximum rule duration (min, 0 is unlimited)
The maximum time any individual rule can run for in minutes. Zero means no limit. This can be used to prevent rules that are taking an excessive amount of time.
Maximum scan duration (min, 0 is unlimited)
The maximum time that the whole scan can run for in minutes. Zero means no limit. This can be used to ensure that a scan is completed around a set time.
Delay when scanning in milliseconds
The delay in milliseconds between each request. Setting this to a non zero value will increase the time an active scan takes, but will put less of a strain on the target host.
Inject plugin ID in header for all active scan requests
If this option is selected the active scanner will inject the request header
X-ZAP-Scan-ID with the ID of the scanner that's sending the HTTP requests.
Handle anti CSRF tokens
If this option is selected then the active scanner will attempt to automatically request anti CSRF tokens when required. Note that this is experimental functionality and will slow down the scanning process as only one thread will be used to ensure that anti CSRF token requests dont get out of step.
In Attack mode prompt to rescan nodes when scope changed
If this option is selected then when you select Attack mode you will be prompted to choose whether to rescan nodes in scope. If the option is not selected then the following option will control whether the nodes are rescanned.
In Attack mode always rescan nodes when scope changed
If this option is selected then when running in Attack mode all nodes in scope will be rescanned if the scope changes. This is not recommended for large sites as it could take a long time.
Default active scan policy
The Scan Policy that is used by default when you start an active scan.
Attack mode scan policy
Max progress chart in mins
The maximum time in minutes for which response codes will be charted in the Scan Progress dialog. To disable the chart the option should be set to zero minutes.
|UI Overview||for an overview of the user interface|
|Options dialogs||for details of the other Options dialog screens|
|Active Scan options|