I am running pen test on asp.net core web app using the tool OWASP ZAP. When I am running the test using the windows app of Owasp ZAP, the tests are running fine and giving results but when I am trying to run the tests using command line I am seeing this exception.
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x000001CCBD907D60>: Failed to establish a new connection: [WinError 10061] No connection could be made because the target machine actively refused it
Why is this happening and how to correct this?
I changed the ZAP_PATH environment variable to the folder where zap.sh is located. Now I am getting a different exception:
raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response
Following the documentation here and here I managed to run the basic scan from Windows command line.
From the directory where the ZAP is installed, in my case C:\Program Files\OWASP\Zed Attack Proxy run the following command:
PS C:\Program Files\OWASP\Zed Attack Proxy> java -jar zap-2.10.0.jar -cmd -quickurl http://example.com/ -quickprogress