diff --git a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/OptionsPassiveScan.java b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/OptionsPassiveScan.java
index d9cb7b45bec..17348d6a55a 100644
--- a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/OptionsPassiveScan.java
+++ b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/OptionsPassiveScan.java
@@ -87,7 +87,7 @@ public void saveParam(Object obj) throws Exception {
@Override
public String getHelpIndex() {
- return "ui.dialogs.options.pscan";
+ return "addon.pscan.options.tags";
}
private static class ScannersMultipleOptionsPanel
diff --git a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/PassiveScannerOptionsPanel.java b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/PassiveScannerOptionsPanel.java
index 107888eff60..9bfa3c5c165 100644
--- a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/PassiveScannerOptionsPanel.java
+++ b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/PassiveScannerOptionsPanel.java
@@ -114,6 +114,6 @@ public void saveParam(Object obj) throws Exception {
@Override
public String getHelpIndex() {
- return "ui.dialogs.options.pscan.main";
+ return "addon.pscan.options.scanner";
}
}
diff --git a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/PolicyPassiveScanPanel.java b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/PolicyPassiveScanPanel.java
index 753f4d5ce5a..dcfb89e7bf2 100644
--- a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/PolicyPassiveScanPanel.java
+++ b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/PolicyPassiveScanPanel.java
@@ -247,6 +247,6 @@ public void setPassiveScanTableModel(PolicyPassiveScanTableModel categoryTableMo
@Override
public String getHelpIndex() {
- return "ui.dialogs.options.pscanrules";
+ return "addon.pscan.options.rules";
}
}
diff --git a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/common/map.jhm b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/common/map.jhm
index c49382c778d..25436824b28 100644
--- a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/common/map.jhm
+++ b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/common/map.jhm
@@ -6,7 +6,12 @@
diff --git a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/api.html b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/api.html
new file mode 100644
index 00000000000..e538a0b2da4
--- /dev/null
+++ b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/api.html
@@ -0,0 +1,86 @@
+
+
+
+
+Passive Scanner API
+
+
+ Passive Scanner API
+ The following operations are added to the API:
+
+ Actions
+
+ -
+ clearQueue: Clears the passive scan queue.
+
+ -
+ disableAllScanners: Disables all passive scan rules.
+
+ -
+ disableAllTags: Disables all passive scan tags.
+
+ -
+ disableScanners (ids*): Disables passive scan rules.
+
+ - ids: A comma separated list of scan rule IDs.
+
+
+ -
+ enableAllScanners: Enables all passive scan rules.
+
+ -
+ enableAllTags: Enables all passive scan tags.
+
+ -
+ enableScanners (ids*): Enables passive scan rules.
+
+ - ids: A comma separated list of scan rule IDs.
+
+
+ -
+ setEnabled (enabled*): Sets whether or not the passive scanning is enabled (Note: the enabled state is not persisted).
+
+ - enabled: The enabled state, true or false.
+
+
+ -
+ setMaxAlertsPerRule (maxAlerts*): Sets the maximum number of alerts a passive scan rule can raise.
+
+ - maxAlerts: The maximum number of alerts.
+
+
+ -
+ setScanOnlyInScope (onlyInScope*): Sets whether or not the passive scan should be performed only on messages that are in scope.
+
+ - onlyInScope: The scan state, true or false.
+
+
+ -
+ setScannerAlertThreshold (id* alertThreshold*): Sets the alert threshold of a passive scan rule.
+
+ - id: The ID of the scan rule.
+ - alertThreshold: The alert threshold: OFF, DEFAULT, LOW, MEDIUM and HIGH
+
+
+
+
+ Views
+
+ - currentTasks: Shows information about the passive scan tasks currently being run (if any).
+ - maxAlertsPerRule: Gets the maximum number of alerts a passive scan rule should raise.
+ - recordsToScan: The number of records the passive scanner still has to scan.
+ - scanOnlyInScope: Tells whether or not the passive scan should be performed only on messages that are in scope.
+ - scanners: Lists all passive scan rules with their ID, name, enabled state, and alert threshold.
+
+
+ See also
+
+
+
+
diff --git a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/options.html b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/options.html
new file mode 100644
index 00000000000..7910b15ecc5
--- /dev/null
+++ b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/options.html
@@ -0,0 +1,39 @@
+
+
+
+
+Options
+
+
+ Options
+
+ The Passive Scanner add-on provides the following options screens:
+
+
+ See also
+
+
+
+
diff --git a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/rules.html b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/rules.html
new file mode 100644
index 00000000000..31f0a463514
--- /dev/null
+++ b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/rules.html
@@ -0,0 +1,32 @@
+
+
+
+
+
+Passive Scan Rules
+
+
+
+Passive Scan Rules
+
+This screen allows you to configure the passive scan rules.
+
+Threshold
+This controls how likely ZAP is to report potential vulnerabilities.
+
+ - If you select Off then the scan rule won't run.
+ - If you select Low then more potential issues will be raised which may increase the number of false positives.
+ - If you select High then fewer potential issues will be raised which may mean that some real issues are missed (false negatives).
+
+
+See also
+
+
+
+
diff --git a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/scanner.html b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/scanner.html
new file mode 100644
index 00000000000..8ca158489b5
--- /dev/null
+++ b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/scanner.html
@@ -0,0 +1,73 @@
+
+
+
+
+Passive Scanner
+
+
+ Passive Scanner
+
+ This screen allows you to configure the passive scanner.
+
+
Configuration Options
+
+
+ | Field |
+ Details |
+ Default |
+ Config File |
+
+
+ | Only scan messages in scope |
+ Sets whether or not the passive scan should be performed only on messages that
+ are in scope.
+ |
+ Deselected |
+ Key: pscans.scanOnlyInScope
Values: true or false |
+
+
+ | Include traffic from the Fuzzer when passive scanning |
+ Sets whether or not the passive scanning should be performed on messages generated by the Fuzzer. |
+ Deselected |
+ Key: pscans.scanFuzzerMessages
Values: true or false |
+
+
+ | Max alerts any rule can raise |
+ Sets the maximum number of alerts a passive scan rule should raise. This may be slightly exceeded due to threading.
+ This setting is typically only useful for automated scanning. Scan rules that exceed this value will be disabled
+ and will need to be manually enabled if a new session is started.
+ |
+ 0 (unset) |
+ Key: pscans.maxAlertsPerRule
Values: 0: unset or the maximum number of alerts |
+
+
+ | Max body size in bytes to scan |
+ Sets the maximum size request or response body size in bytes that the passive scanner will scan.
+ This can be used if passive scan rules take too long scanning very large requests or responses.
+ If set the number of ignored requests and responses are recorded in the stats using the keys
+ stats.pscan.reqBodyTooBig and stats.pscan.respBodyTooBig respectively.
+ | 0 (unset) |
+ Key: pscans.maxBodySizeInBytes
Values: 0: unset or the maximum body size in bytes |
+
+
+
+ | Clear Queue |
+ Empties the passive scan queue without passively scanning the messages.
+ Currently running rules will run to completion but new rules will only be run when new messages are added to the queue.
+ | |
+ |
+
+
+
+
+ See also
+
+
+
+
diff --git a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/tags.html b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/tags.html
new file mode 100644
index 00000000000..f9cc500f93c
--- /dev/null
+++ b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/tags.html
@@ -0,0 +1,48 @@
+
+
+
+
+
+Passive Scan Tags
+
+
+
+Passive Scan Tags
+
+This screen allows you to configure the tags that are added by the passive scanner.
+
+You can add, modify and remove the tags via the appropriate buttons.
+
+Tag Interpolation
+In order to allow some flexibility in Tag creation and content it is possible for the user to specify a regular expression with capturing groups
+which will be used to replace the group identifiers (ex: $1) in the resulting tag.
+
+For example, a tag could be defined as follows:
+
+
+ | Field | Value | Note |
+
+
+ | Name: | Test | |
+
+
+ | Tag: | $1-SOMETAG | |
+
+
+ | Response Body Regex: | (\d{3}) | Find strings of 3 numbers, using a capturing group (round brackets). |
+
+
+Result: When 3 digit strings are passively identified in response body content (the regex matches) the messages will be
+tagged such as "123-SOMETAG", "345-SOMETAG", etc.
+
+See also
+
+
+
+
diff --git a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/pscan.html b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/pscan.html
index 99cdf66f053..a872e383c46 100644
--- a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/pscan.html
+++ b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/pscan.html
@@ -14,5 +14,49 @@ Passive Scanner Add-on
This add-on supports the Automation Framework.
+Passive Scan
+
+ZAP by default passively scans all messages (e.g. HTTP, WebSocket) sent to the web application being tested.
+Passive scanning does not change the messages in any way and is therefore safe to use.
+Scanning is performed in the background to ensure that it does not slow down the exploration of an application.
+
+
+The (main) behaviour of the passive scanner can be configured using the Options Passive Scanner Screen.
+
+
+Passive scanning can also be used for automatically adding tags
+and raising alerts for potential issues.
+A set of rules for automatic tagging are provided by default. These can be changed, deleted or
+added to via the Options Passive Scan Tags screen.
+
+
+
+The alerts raised by passive scan rules can be configured using the Options Passive Scan Rules screen.
+
+
+Official Videos
+
+
+See also
+
+