zaproxy: zap docker stuck after creating CA certificate step.

Describe the bug

We are running zap in docker container. We tried to use various image to diagnose the issue.

Running following command:

zap-x.sh -d -host 0.0.0.0 -port 1001 -config globalexcludeurl.url_list.url.regex='^https?:\/\/.*\/(?:.*ruxitagentjs.*)+$' -config api.disablekey=true -config scanner.attackOnStart=true -config view.mode=attack -config connection.dnsTtlSuccessfulQueries=-1 -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true /dev/null 2>&1 &

Got stuck after this stage.

[ZAP-BootstrapGUI] INFO  org.zaproxy.addon.network.ExtensionNetwork - New root CA certificate created.

Steps to reproduce the behavior

docker run -v $(pwd):/zap/wrk:rw -t owasp/zap2docker-weekly /zap/zap-x.sh -d -host 0.0.0.0 -port 1001 -config globalexcludeurl.url_list.url.regex='^https?:\/\/.*\/(?:.*ruxitagentjs.*)+$' -config api.disablekey=true -config scanner.attackOnStart=true -config view.mode=attack -config connection.dnsTtlSuccessfulQueries=-1 -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true

Expected behavior

zaproxy should be accessible on port 1001

Software versions

Docker Version: 20.10.12 java: 11.0.13+8-Ubuntu-0ubuntu1.20.04

Screenshots

No response

Errors from the zap.log file

No response

Additional context

No response

Would you like to help fix this issue?

  • Yes

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 15 (9 by maintainers)

Most upvoted comments

The /dev/null is being passed as argument to ZAP causing other error, there’s also a dialogue that the user is expected to act upon (i.e. “Do you want to persist the ZAP Session”). If you really want to use the GUI you should pass, e.g. -config database.newsession=3 -config database.newsessionprompt=false to not have that dialogue, although I’d suggest using daemon mode which doesn’t prompt user dialogues (so ZAP start up is never blocked waiting for user’s actions).

+4
thc202 on Mar 2, 2022

@thc202 Thanks a ton and can confirm the above change fixed our issue

+2
gokul-sol on Mar 2, 2022

@thc202 Full logs from console

08:01:05  + docker inspect -f . owasp/zap2docker-weekly
08:01:05  .
08:01:05  [Pipeline] withDockerContainer
08:01:05  ****-****-ubuntu**** does not seem to be running inside a container
08:01:05  $ docker run -t -d -u 1001:1001 -u 0:0 --name zap -p 1001:1001 -v $WORKSPACE:/zap/wrk/:rw -w /opt/jenkins/workspace/S_*****-fix -v /opt/jenkins/workspace/S_*****-fix:/opt/jenkins/workspace/S_****-fix:rw,z -v /opt/jenkins/workspace/S_*****-sec-fix@tmp:/opt/jenkins/workspace/S_*****-fix@tmp:rw,z -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** owasp/zap2docker-weekly cat
08:01:06  $ docker top ****** -eo pid,comm
08:01:06  [Pipeline] {
08:01:06  [Pipeline] sh
08:01:06  + chmod +x security.sh
08:01:06  + ./security.sh
08:01:06  Found Java version 11.0.13
08:01:06  Available memory: 16011 MB
08:01:06  Using JVM args: -Xmx4002m
08:01:07  829 [main] INFO  org.parosproxy.paros.Constant - Copying default configuration to /root/.ZAP_D/config.xml
08:01:07  973 [main] INFO  org.parosproxy.paros.Constant - Creating directory /root/.ZAP_D/session
08:01:07  973 [main] INFO  org.parosproxy.paros.Constant - Creating directory /root/.ZAP_D/dirbuster
08:01:07  973 [main] INFO  org.parosproxy.paros.Constant - Creating directory /root/.ZAP_D/fuzzers
08:01:07  973 [main] INFO  org.parosproxy.paros.Constant - Creating directory /root/.ZAP_D/plugin
08:01:07  1044 [main] INFO  org.zaproxy.zap.GuiBootstrap - OWASP ZAP D-2022-02-28 started 02/03/2022, 08:01:07 with home /root/.ZAP_D/
08:01:07  WARNING: An illegal reflective access operation has occurred
08:01:07  WARNING: Illegal reflective access by org.zaproxy.zap.GuiBootstrap (file:/zap/zap-D-2022-02-28.jar) to field sun.awt.X11.XToolkit.awtAppClassName
08:01:07  WARNING: Please consider reporting this to the maintainers of org.zaproxy.zap.GuiBootstrap
08:01:07  WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
08:01:07  WARNING: All illegal access operations will be denied in a future release
08:01:07  1181 [AWT-EventQueue-0] INFO  org.parosproxy.paros.common.AbstractParam - Setting config api.disablekey = true was null
08:01:07  1182 [AWT-EventQueue-0] INFO  org.parosproxy.paros.common.AbstractParam - Setting config scanner.attackOnStart = true was null
08:01:07  1182 [AWT-EventQueue-0] INFO  org.parosproxy.paros.common.AbstractParam - Setting config view.mode = attack was null
08:01:07  1183 [AWT-EventQueue-0] INFO  org.parosproxy.paros.common.AbstractParam - Setting config connection.dnsTtlSuccessfulQueries = -1 was null
08:01:07  1183 [AWT-EventQueue-0] INFO  org.parosproxy.paros.common.AbstractParam - Setting config api.addrs.addr.name = .* was null
08:01:07  1183 [AWT-EventQueue-0] INFO  org.parosproxy.paros.common.AbstractParam - Setting config api.addrs.addr.regex = true was null
08:01:07  1192 [AWT-EventQueue-0] INFO  org.parosproxy.paros.network.SSLConnector - Reading supported SSL/TLS protocols...
08:01:07  1192 [AWT-EventQueue-0] INFO  org.parosproxy.paros.network.SSLConnector - Using a SSLEngine...
08:01:07  1277 [AWT-EventQueue-0] INFO  org.parosproxy.paros.network.SSLConnector - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3]
08:01:07  1281 [AWT-EventQueue-0] INFO  org.parosproxy.paros.extension.option.OptionsParamCertificate - Unsafe SSL renegotiation disabled.
08:01:08  1673 [AWT-EventQueue-0] INFO  hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open start
08:01:08  1679 [AWT-EventQueue-0] INFO  hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit start
08:01:08  1680 [AWT-EventQueue-0] INFO  hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit end
08:01:08  1681 [AWT-EventQueue-0] INFO  hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open end
08:01:08  2281 [AWT-EventQueue-0] INFO  org.parosproxy.paros.view.View - Initialising View
08:01:09  Mar 02, 2022 8:01:08 AM java.util.prefs.FileSystemPreferences$1 run
08:01:09  INFO: Created user preferences directory.
08:01:11  4798 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.control.ExtensionFactory - Installed add-ons: [[id=accessControl, version=8.0.0], [id=alertFilters, version=14.0.0], [id=ascanrules, version=45.0.0], [id=ascanrulesBeta, version=40.0.0], [id=automation, version=0.14.0], [id=bruteforce, version=12.0.0], [id=callhome, version=0.4.0], [id=commonlib, version=1.8.0], [id=coreLang, version=16.0.0], [id=diff, version=12.0.0], [id=directorylistv1, version=6.0.0], [id=domxss, version=13.0.0], [id=encoder, version=0.7.0], [id=exim, version=0.1.0], [id=formhandler, version=5.0.0], [id=fuzz, version=13.7.0], [id=gettingStarted, version=14.0.0], [id=graaljs, version=0.3.0], [id=graphql, version=0.9.0], [id=help, version=15.0.0], [id=hud, version=0.14.0], [id=invoke, version=12.0.0], [id=network, version=0.2.0], [id=oast, version=0.11.0], [id=onlineMenu, version=10.0.0], [id=openapi, version=27.0.0], [id=plugnhack, version=13.0.0], [id=portscan, version=10.0.0], [id=pscanrules, version=39.0.0], [id=pscanrulesBeta, version=29.0.0], [id=quickstart, version=34.0.0], [id=replacer, version=10.0.0], [id=reports, version=0.13.0], [id=retest, version=0.3.0], [id=retire, version=0.11.0], [id=reveal, version=5.0.0], [id=scripts, version=31.0.0], [id=selenium, version=15.8.0], [id=sequence, version=7.0.0], [id=soap, version=14.0.0], [id=spiderAjax, version=23.8.0], [id=tips, version=10.0.0], [id=webdriverlinux, version=36.0.0], [id=webdrivermacos, version=36.0.0], [id=webdriverwindows, version=36.0.0], [id=websocket, version=25.0.0], [id=zest, version=36.0.0]]
08:01:11  4805 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.control.ExtensionFactory - Loading extensions
08:01:11  5231 [ZAP-BootstrapGUI] INFO  org.zaproxy.addon.network.internal.TlsUtils - Using supported SSL/TLS protocols: [TLSv1.2, TLSv1.3]
08:01:12  5532 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.control.ExtensionFactory - Extensions loaded
08:01:13  6327 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows ZAP to check for updates
08:01:13  6409 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Options Extension
08:01:13  6874 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Edit Menu Extension
08:01:13  6883 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides a rest based API for controlling and accessing ZAP
08:01:13  6921 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Session State Extension
08:01:13  6926 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing History Extension
08:01:13  7097 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Show hidden fields and enable disabled fields
08:01:13  7107 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Search messages for strings and regular expressions
08:01:13  7190 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to intercept and modify requests and responses
08:01:13  7270 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive scanner
08:01:13  7338 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Script Passive Scan Rules
08:01:13  7340 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Stats Passive Scan Rule
08:01:13  7346 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Anti-clickjacking Header
08:01:13  7348 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure
08:01:13  7352 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Re-examine Cache-control Directives
08:01:13  7357 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Charset Mismatch
08:01:13  7360 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: CSP
08:01:13  7366 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing
08:01:13  7369 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag
08:01:13  7372 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Loosely Scoped Cookie
08:01:13  7376 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie without SameSite Attribute
08:01:13  7380 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag
08:01:13  7384 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain Misconfiguration
08:01:13  7388 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion
08:01:13  7391 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Absence of Anti-CSRF Tokens
08:01:13  7395 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure
08:01:13  7398 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite
08:01:13  7401 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Debug Error Messages
08:01:13  7405 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in URL
08:01:13  7408 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header
08:01:13  7411 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Suspicious Comments
08:01:13  7415 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Weak Authentication Method
08:01:13  7418 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Insecure JSF ViewState
08:01:14  7422 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content
08:01:14  7426 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Timestamp Disclosure
08:01:14  7429 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Username Hash Found
08:01:14  7433 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Viewstate
08:01:14  7435 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-AspNet-Version Response Header
08:01:14  7439 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing
08:01:14  7443 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Debug-Token Information Leak
08:01:14  7446 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
08:01:14  7450 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: WSDL File Detection
08:01:14  7453 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Big Redirect Detected (Potential Sensitive Information Leak)
08:01:14  7457 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content Security Policy (CSP) Header Not Set
08:01:14  7460 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Directory Browsing
08:01:14  7464 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Hash Disclosure
08:01:14  7467 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Heartbleed OpenSSL Vulnerability (Indicative)
08:01:14  7470 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP to HTTPS Insecure Transition in Form Post
08:01:14  7473 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTPS to HTTP Insecure Transition in Form Post
08:01:14  7477 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Reverse Tabnabbing
08:01:14  7480 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Modern Web Application
08:01:14  7484 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: PII Disclosure
08:01:14  7487 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Retrieved from Cache
08:01:14  7490 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP Server Response Header
08:01:14  7493 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP Parameter Override
08:01:14  7497 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Strict-Transport-Security Header
08:01:14  7503 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable Charset
08:01:14  7506 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Poisoning
08:01:14  7509 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable HTML Element Attribute (Potential XSS)
08:01:14  7512 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable JavaScript Event (XSS)
08:01:14  7515 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Open Redirect
08:01:14  7518 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Backend-Server Header Information Leak
08:01:14  7520 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-ChromeLogger-Data (XCOLD) Header Information Leak
08:01:14  7524 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Vulnerable JS Library
08:01:14  7565 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to view and manage alerts
08:01:14  7825 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Active scanner, heavily based on the original Paros active scanner, but with additional tests added
08:01:14  7915 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSequence
08:01:14  7917 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider used for automatically finding URIs on a site
08:01:14  8009 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing A set of common popup menus for miscellaneous tasks
08:01:14  8021 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced browsing of files and directories using code from the OWASP DirBuster tool
08:01:14  8066 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Simple but effective port scanner
08:01:14  8092 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Manual Request Editor Extension
08:01:14  8095 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Compares 2 sessions and generates an HTML file showing the differences
08:01:14  8098 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Invoke external applications passing context related information such as URLs and parameters
08:01:14  8117 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles anti cross site request forgery (CSRF) tokens
08:01:14  8139 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Authentication Extension
08:01:14  8159 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.authentication.ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication, JSON-based Authentication]
08:01:14  8162 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Logs errors to the Output tab in development mode only
08:01:14  8164 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Users Extension
08:01:14  8169 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Summarise and analyse FORM and URL parameters as well as cookies
08:01:14  8183 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Script integration
08:01:14  8204 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Scripting console, supports all JSR 223 scripting languages
08:01:15  8650 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced User Extension
08:01:15  8665 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Extension handling HTTP sessions
08:01:15  8726 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Zest is a specialized scripting language, originally, from Mozilla specifically designed to be used in security tools
08:01:15  9083 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDiff
08:01:15  9087 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Post Table View Extension
08:01:15  9097 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds support for scriptable encoders to ZAP.
08:01:15  9160 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Simple browser configuration
08:01:15  9275 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Session Management Extension
08:01:15  9283 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.sessions.ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management, Script-based Session Management]
08:01:15  9285 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Form Table View Extension
08:01:15  9306 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Capture messages from WebSockets with the ability to set breakpoints.
08:01:16  9472 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to import a WSDL file containing operations which ZAP will access, adding them to the Sites tree.
08:01:16  9479 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Core UI related functionality.
08:01:16  9480 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Authorization Extension
08:01:16  9484 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing AJAX Spider, uses Crawljax
08:01:16  9591 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.
08:01:16  9616 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Add-on that adds a set of tools for testing access control in web applications.
08:01:16  9636 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles adding Global Excluded URLs
08:01:16  9648 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds menu item to refresh the Sites tree
08:01:16  9652 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing OWASP ZAP User Guide
08:01:16  9805 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides core networking capabilities.
08:01:16  10124 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to configure which extensions are loaded when ZAP starts
08:01:16  10273 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Combined HTTP Panels Extension
08:01:16  10309 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Hex View Extension
08:01:16  10337 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Image View Extension
08:01:16  10342 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Query Table View Extension
08:01:16  10359 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Syntax Highlighter View Extension
08:01:17  10447 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds support for configurable keyboard shortcuts for all of the ZAP menus.
08:01:17  10457 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Active and passive rule configuration
08:01:17  10468 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Statistics
08:01:17  10477 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.stats.ExtensionStats - Start recording in memory stats
08:01:17  10478 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Custom Pages Definition
08:01:17  10484 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.
08:01:17  10491 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz HTTP messages.
08:01:17  10542 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules - beta
08:01:17  10545 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules
08:01:17  10547 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing The Online menu links
08:01:17  10552 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing The ZAP Getting Started Guide
08:01:17  10555 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Context alert rules filter
08:01:17  10569 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Alert Filters Automation Framework Integration
08:01:17  10575 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules
08:01:17  10576 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Automation Framework
08:01:17  10621 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles all of the calls to ZAP services
08:01:17  10630 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Ajax Spider Automation Framework Integration
08:01:17  10640 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Report Generation
08:01:17  10649 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Report Generation Automation Integration
08:01:17  10653 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Tips and Tricks
08:01:17  10654 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing The Retest add-on allows to verify the presence/absence of certain alerts.
08:01:17  10659 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Import and Export functionality supporting multiple formats.
08:01:17  10671 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Heads Up Display
08:01:17  10869 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHUDlaunch
08:01:17  10873 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to spider and import OpenAPI (Swagger) definitions 
08:01:17  10889 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing OpenAPI Automation Framework Integration
08:01:17  10892 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to inspect and attack GraphQL endpoints.
08:01:17  10908 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing GraphQL Automation Framework Integration
08:01:17  10913 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing SOAP Automation Framework Integration
08:01:17  10915 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides the GraalVM JavaScript engine for ZAP scripting.
08:01:17  11150 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules - beta
08:01:17  11153 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing This extension allows a user to change the default values used by ZAP Spiders.
08:01:17  11170 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds the Quick Start panel for scanning and exploring applications
08:01:17  11342 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Add the option to use the Ajax Spider in the Quick Start scan
08:01:17  11367 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Launch browsers proxying through ZAP
08:01:17  11370 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Launch browsers proxying through ZAP
08:01:18  11445 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing DOM XSS Active Scan Rule
08:01:18  11528 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Easy way to replace strings in requests and responses
08:01:18  11542 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Scripts Automation
08:01:18  11550 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Translations of the core language files
08:01:18  11551 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing org.zaproxy.addon.commonlib.ExtensionCommonlib
08:01:18  11553 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz WebSocket messages.
08:01:18  11555 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionOast
08:01:18  11624 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds OAST scripts.
08:01:18  11684 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.extension.keyboard.ExtensionKeyboard - Initializing keyboard shortcuts
08:01:18  11719 [ZAP-BootstrapGUI] INFO  org.zaproxy.addon.oast.services.callback.CallbackService - Started callback service on 0.0.0.0:46545
08:01:18  11797 [ZAP-BootstrapGUI] INFO  org.zaproxy.addon.network.ExtensionNetwork - Creating new root CA certificate.
08:01:19  12634 [ZAP-BootstrapGUI] INFO  org.zaproxy.addon.network.ExtensionNetwork - New root CA certificate created.
+1
gokul-sol on Mar 2, 2022

@thc202 we tried removing -d but still no luck… and can confirm do have the add-on, example logs from console…

08:01:07  1044 [main] INFO  org.zaproxy.zap.GuiBootstrap - OWASP ZAP D-2022-02-28 started 02/03/2022, 08:01:07 with home /root/.ZAP_D/
08:01:07  WARNING: An illegal reflective access operation has occurred
08:01:07  WARNING: Illegal reflective access by org.zaproxy.zap.GuiBootstrap (file:/zap/zap-D-2022-02-28.jar) to field sun.awt.X11.XToolkit.awtAppClassName
08:01:07  WARNING: Please consider reporting this to the maintainers of org.zaproxy.zap.GuiBootstrap
08:01:07  WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
08:01:07  WARNING: All illegal access operations will be denied in a future release
08:01:07  1181 [AWT-EventQueue-0] INFO  org.parosproxy.paros.common.AbstractParam - Setting config api.disablekey = true was null
08:01:07  1182 [AWT-EventQueue-0] INFO  org.parosproxy.paros.common.AbstractParam - Setting config scanner.attackOnStart = true was null
08:01:07  1182 [AWT-EventQueue-0] INFO  org.parosproxy.paros.common.AbstractParam - Setting config view.mode = attack was null
08:01:07  1183 [AWT-EventQueue-0] INFO  org.parosproxy.paros.common.AbstractParam - Setting config connection.dnsTtlSuccessfulQueries = -1 was null
08:01:07  1183 [AWT-EventQueue-0] INFO  org.parosproxy.paros.common.AbstractParam - Setting config api.addrs.addr.name = .* was null
08:01:07  1183 [AWT-EventQueue-0] INFO  org.parosproxy.paros.common.AbstractParam - Setting config api.addrs.addr.regex = true was null
08:01:07  1192 [AWT-EventQueue-0] INFO  org.parosproxy.paros.network.SSLConnector - Reading supported SSL/TLS protocols...
08:01:07  1192 [AWT-EventQueue-0] INFO  org.parosproxy.paros.network.SSLConnector - Using a SSLEngine...
08:01:07  1277 [AWT-EventQueue-0] INFO  org.parosproxy.paros.network.SSLConnector - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3]
08:01:07  1281 [AWT-EventQueue-0] INFO  org.parosproxy.paros.extension.option.OptionsParamCertificate - Unsafe SSL renegotiation disabled.
08:01:08  1673 [AWT-EventQueue-0] INFO  hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open start
08:01:08  1679 [AWT-EventQueue-0] INFO  hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit start
08:01:08  1680 [AWT-EventQueue-0] INFO  hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit end
08:01:08  1681 [AWT-EventQueue-0] INFO  hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open end
08:01:08  2281 [AWT-EventQueue-0] INFO  org.parosproxy.paros.view.View - Initialising View
08:01:09  Mar 02, 2022 8:01:08 AM java.util.prefs.FileSystemPreferences$1 run
08:01:09  INFO: Created user preferences directory.
08:01:11  4798 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.control.ExtensionFactory - Installed add-ons: [[id=accessControl, version=8.0.0], [id=alertFilters, version=14.0.0], [id=ascanrules, version=45.0.0], [id=ascanrulesBeta, version=40.0.0], [id=automation, version=0.14.0], [id=bruteforce, version=12.0.0], [id=callhome, version=0.4.0], [id=commonlib, version=1.8.0], [id=coreLang, version=16.0.0], [id=diff, version=12.0.0], [id=directorylistv1, version=6.0.0], [id=domxss, version=13.0.0], [id=encoder, version=0.7.0], [id=exim, version=0.1.0], [id=formhandler, version=5.0.0], [id=fuzz, version=13.7.0], [id=gettingStarted, version=14.0.0], [id=graaljs, version=0.3.0], [id=graphql, version=0.9.0], [id=help, version=15.0.0], [id=hud, version=0.14.0], [id=invoke, version=12.0.0], [id=network, version=0.2.0], [id=oast, version=0.11.0], [id=onlineMenu, version=10.0.0], [id=openapi, version=27.0.0], [id=plugnhack, version=13.0.0], [id=portscan, version=10.0.0], [id=pscanrules, version=39.0.0], [id=pscanrulesBeta, version=29.0.0], [id=quickstart, version=34.0.0], [id=replacer, version=10.0.0], [id=reports, version=0.13.0], [id=retest, version=0.3.0], [id=retire, version=0.11.0], [id=reveal, version=5.0.0], [id=scripts, version=31.0.0], [id=selenium, version=15.8.0], [id=sequence, version=7.0.0], [id=soap, version=14.0.0], [id=spiderAjax, version=23.8.0], [id=tips, version=10.0.0], [id=webdriverlinux, version=36.0.0], [id=webdrivermacos, version=36.0.0], [id=webdriverwindows, version=36.0.0], [id=websocket, version=25.0.0], [id=zest, version=36.0.0]]
08:01:11  4805 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.control.ExtensionFactory - Loading extensions
08:01:11  5231 [ZAP-BootstrapGUI] INFO  org.zaproxy.addon.network.internal.TlsUtils - Using supported SSL/TLS protocols: [TLSv1.2, TLSv1.3]
08:01:12  5532 [ZAP-BootstrapGUI] INFO  org.zaproxy.zap.control.ExtensionFactory - Extensions loaded
08:01:13  6327 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows ZAP to check for updates
08:01:13  6409 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Options Extension
08:01:13  6874 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Edit Menu Extension
08:01:13  6883 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides a rest based API for controlling and accessing ZAP
08:01:13  6921 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Session State Extension
08:01:13  6926 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing History Extension
08:01:13  7097 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Show hidden fields and enable disabled fields
08:01:13  7107 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Search messages for strings and regular expressions
08:01:13  7190 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to intercept and modify requests and responses
08:01:13  7270 [ZAP-BootstrapGUI] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive scanner
+1
gokul-sol on Mar 2, 2022

Not sure if the command was not fully pasted, you are starting ZAP with GUI not in daemon mode (-d is not a valid argument).

+1
thc202 on Mar 1, 2022
Read more comments on GitHub
← zaproxy: "The provided browser was not found" while it is effectively installed
zaproxy: ZAP does not shutdown in command line mode if AJAX Spider fails to start the browser →