Question 39250 in Ubuntu Question posted in
The official Ubuntu documentation can be found here.

Install & Run OWASP ZAP via Ubuntu command line

I’m using a shell script to install & run ZAP on an Ubuntu image.

sudo apt update
sudo apt install default-jre -y
sudo apt install snapd -y
sudo snap install zaproxy --classic

cd /snap/zaproxy/current
java -jar ./zap-2.11.1.jar -cmd -quickurl https://www.website.com/ -quickprogress -quickout ~/report.xml

The Spider works fine, but a little while after the Active Scan starts, it throws the following error:

java.io.EOFException
    at java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2353)
    at java.io.ObjectInputStream$BlockDataInputStream.readShort(ObjectInputStream.java:2822)
    at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:804)
    at java.io.ObjectInputStream.<init>(ObjectInputStream.java:301)
    at hudson.remoting.ObjectInputStreamEx.<init>(ObjectInputStreamEx.java:49)
    at hudson.remoting.Command.readFrom(Command.java:142)
    at hudson.remoting.Command.readFrom(Command.java:128)
    at hudson.remoting.AbstractSynchronousByteArrayCommandTransport.read(AbstractSynchronousByteArrayCommandTransport.java:35)
    at hudson.remoting.SynchronousCommandTransport$ReaderThread.run(SynchronousCommandTransport.java:61)
Caused: java.io.IOException: Unexpected termination of the channel
    at hudson.remoting.SynchronousCommandTransport$ReaderThread.run(SynchronousCommandTransport.java:75)
Caused: java.io.IOException: Backing channel 'jenkins-zap-t6s4nu' is disconnected.

I saw in another question that java.io.EOFException happens when you try to read an empty file. The shell script works fine when it’s running on a PC or VM, so I’m thinking maybe there’s a hidden dependency that isn’t installed by default on the barebones Ubuntu image.

Is there a portion of this shell script that’s missing or incorrect?

Tags:

3

Answers


  1. Chosen as BEST ANSWER
    0

    It turns out that the problem was with our server, not with ZAP! We had a rogue Jenkins controller that believed it needed to kill all agents it had not started.

    If someone else runs into this problem in the future, definitely try running server diagnostics.


  2. 0

    Instead of manually launching the jar try using zap.sh

    Login or Signup to reply.
  3. 0

    Run the below commands to install owasp zap

    echo 'deb http://download.opensuse.org/repositories/home:/cabelo/xUbuntu_22.10/ /' | sudo tee /etc/apt/sources.list.d/home:cabelo.list
curl -fsSL https://download.opensuse.org/repositories/home:cabelo/xUbuntu_22.10/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_cabelo.gpg > /dev/null
sudo apt update
sudo apt install owasp-zap
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search