The following alpha status active scan rules are included in this add-on:
This implements an example active scan rule that loads strings from a file that the user can edit.
For more details see: Hacking ZAP Part 4: Active Scan Rules.
Latest code: ExampleFileActiveScanRule.java
This implements a very simple example active scan rule.
For more details see: Hacking ZAP Part 4: Active Scan Rules.
Latest code: ExampleSimpleActiveScanRule.java
LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.
Latest code: LdapInjectionScanRule.java
This rule attempts to identify MongoDB specific NoSQL Injection vulnerabilities. It attempts various types of attacks including: boolean based, error based, time based, and authentication bypass. It will also attempt JSON parameter specific payloads if the scan is configured to include JSON parameter variants.
Latest code: MongoDbInjectionScanRule.java
This rule attempts to identify Web Cache Deception vulnerabilities. It checks whether a static path appended to original URIs can be used to leak sensitive user information or not.
Latest code: WebCacheDeceptionScanRule.java