how to export report using owasp zap session - zap

Im trying to generate the zap report using the existing session. Im able to run the scan and save those sessions, with that session i need to create a report in either .html or .pdf
The below code can load the session, but report is not generating.
#!/bin/bash
ZAP_HOME="/Applications/OWASP ZAP.app/Contents/Java"
ZAP=${ZAP_HOME}/zap.sh
# Getting current timestamp to use it in the session name
timestamp="/Users/xxx/ZAP/January-19-12:50.session";
# Getting the report generated in HTML format
sh "${ZAP}" -daemon -quickout /Users/jijesh/report.html -session "$timestamp"

Using -quickout is only applicable if you've used -quickurl.
You can find ZAP's commandline reference here: https://www.zaproxy.org/docs/desktop/cmdline/
For specifics on the -quick* options see: https://www.zaproxy.org/docs/desktop/addons/quick-start/cmdline/
You can find more information about automation with ZAP here: https://www.zaproxy.org/docs/automate/
Really you should avoid using the -quick* mechanisms, they're the oldest and least flexible/useful of the ways to automate ZAP. You'd be much better off leveraging the Automation Framework or interacting with the API programmatically.

Related

Client-side automation using PageSpeed Insights - how to transmit results like <URL>_<metric> into Summary(/Aggregate) Report in JMeter?

I'm thinking on solution to automate client-side using Lighthouse or PageSpeed Insights in JMeter.
With PageSpeed Insights, using requests like
https://pagespeed.web.dev/report?url=%2F&form_factor=mobile
https://pagespeed.web.dev/report?url=%2F&form_factor=desktop
it is possible to get web-page which contains client-side metrics and parse out their values to variables:
URL_First Contentful Paint (FCP)
URL_First Input Delay (FID)
URL_Largest Contentful Paint (LCP)
URL_Cumulative Layout Shift (CLS)
URL_Speed Index
URL_Time to Interactive
URL_Total Blocking Time
...
i.e. URL_metric - as variable name, where both URL and metric could change.
The question is, if I want to see the results statistics in JMeter "Summary Report" or "Aggregate Report" view for each combination of URL and metric, what is the best way to pass these variables names (URL_metric) as Label in JMeter?
You could dump the saved values to a file in usual JMeter output format (JTL):
{timestamp},{duration},{sample_name},200,OK,thread_group_name 1-1,text,true,,0,0,20,65,null,0,0,0\n
Curly brackets denote placeholders.
You already have durations and sample names, timestamps do not matter in your case since you only wish to have aggregated results.
After saving the data to a file you could open it with Summary Report or Aggregate Report.
In order to get client-side metrics you will need a real browser, as per JMeter project main page:
JMeter is not a browser, it works at protocol level. As far as web-services and remote services are concerned, JMeter looks like a browser (or rather, multiple browsers); however JMeter does not perform all the actions supported by browsers. In particular, JMeter does not execute the Javascript found in HTML pages. Nor does it render the HTML pages as a browser does (it's possible to view the response as HTML etc., but the timings are not included in any samples, and only one sample in one thread is ever displayed at a time).
So in order to get client-side metrics from JMeter you need to kick off a real browser, for example take a look at WebDriver Sampler which provides JMeter integration with Selenium browser automation framework, check out Mixing Selenium Into Your Load Scenario for more details.
Once you have the metrics you can store them into JMeter's Sample Variables and plot them in custom charts of the HTML Reporting Dashboard

How to get Webtop Drl of a document via .net application?

Is it possible to retrieve drl ex:https://host:port /ewebtop/drl/objectId/0900a58e80970f7b of document via .net application?.So that when users clicks on this link they can be able to edit the document and when they close the document the document should be autosaved onto documentum.
First of all: a link is a link. What you decide to do with it I u to you. Default handler in browser will just redirect you to webtop application. If you have SSO you can have the document opened for edit. There are some extra arguments that can be provided (view/edit).
The object id is the only varying part of the URL, so you can easily construct this in code.
Secondly: what is your goal? There is no way to make the document upload itself into Documentum repo. You can write a plugin for every application to handle that, but it seems like a big task - especially dealing with security.
The problem is that upon check-in, user must provide some information - at least about the new version number...
If you're building a thick client in .net I would go with DFS - that's the only real option here.

While running event API on Jmeter, the server is updating event on old time frame

What I am doing is, I have recorded a download event from APP on Jmeter, when ever i am running this API on Jmeter, a server where any download event is recorded, is showing OR increment that download on that specific time when it was recorded.
How can I use this to get updated data on server when Jmeter is running.
Also need some information on to how to add different valid users on Jmeter.
Thanks,
Abhi
My expectation is that you pass a hard-coded timestamp as a request parameter so you need to figure out the parameter value and substitute the hard-coded timestamp with __time() function which produces current time in different formats controllable via SimpleDateFormat patterns.
Check out How to Use JMeter Functions article for comprehensive explanation
In regards to adding valid users, normally people stick to users which already exist in the system and use CSV Data Set Config to give each JMeter virtual user unique credentials of the real user.
If your application doesn't have that much users you might want to setup a separate JMeter script to get them created as re-using one login with large number of threads is not a good practice.

How to find the source location of a dynamic token in JMeter?

I've been using Fiddler tool to capture the HTTP request-responses, then manually finding out the source location of a dynamic token (in a recorded page). I'd then use regular expression extractor on that source page to extract and store the value of that dynamic token in a variable, and use that variable in later pages.
Just wondering if there's an easier way for this. Is there any tool in JMeter that can help us find the source location of a dynamic token?
Thank you,
--Ishti
As of may 2015, there's nothing available OOTB except to save request / responses to file with ViewResultsTree and search in resulting file, or search in each response in ViewResultsTree gui.
An option would be to write a BackendListenerClient implementation that writes data in jdbc or ElasticSearch instance and uses it to search through SQL or elastic search queries.
A contribution would be welcome.
It is possible that this is implemented in future releases.

Automate adding entries to a wiki

Once I have my renamed files I need to add them to my project's wiki page. This is a fairly repetitive manual task, so I guess I could script it but I don't know where to start.
The process is:
Got to appropriate page on the wiki
for each team member (DeveloperA, DeveloperB, DeveloperC)
{
for each of two files ('*_current.jpg', '*_lastweek.jpg')
{
Select 'Attach' link on page
Select the 'manage' link next to the file to be updated
Click 'Browse' button
Browse to the relevant file (which has the same name as the previous version)
Click 'Upload file' button
}
}
Not necessarily looking for the full solution as I'd like to give it a go myself.
Where to begin? What language could I use to do this and how difficult would it be?
Check if the wiki you mean to talk to supports XMLRPC, because if it does it should be a snap. I wrote a tool called WikiUp to solve a similar problem (updating a delineated section on a wiki page).
If you're writing in C#, the WebClient classes might be a good place to start. I bet people could give more specific advice if you mentioned which wiki platform you are using, and whether it requires authentication, though.
I'd probably start by downloading fiddler and watching the http requests from doing it manually. Then you could use some simple scripts and regexes to build your http requests for automating the process.
Of course, if your wildly lucky, your wiki would have a backend simple enough that you could just plug them into its db directly. :)
You might find CoScripter useful -- it's a Firefox extension that allows you to automate tasks you perform on websites. I'm not certain how you'd integrate this with the list of files you're changing on your local system, but it can certainly handle the file uploading through a web form.
Better bet is probably using cURL or a similar HTTP library with your programming language of choice. If you're on *nix, you can use the cURL commandline program inside your shell script to get this done fairly easily. (Like #jsight said you will need to analyze the actual forms you're using on the webpage, using Fiddler or just looking at the form elements and re-creating the POST through cURL.)