Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- === Web Swing ===
- docker run --rm -u zap -p 8080:8080 -p 8090:8090 owasp/zap2docker-stable zap-webswing.sh
- === Python script ====
- docker run --rm -it owasp/zap2docker-stable sh
- docker run --rm owasp/zap2docker-stable
- zap-baseline.py -t demo.testfire.net
- === Zap Cli ===
- docker run --rm owasp/zap2docker-stable
- zap-cli --zap-url http://host.docker.internal -p 8080 spider http://demo.testfire.net
- docker run --rm owasp/zap2docker-stable
- zap-cli spider http://demo.testfire.net
- docker run --rm owasp/zap2docker-stable
- zap-cli quick-scan http://demo.testfire.net
- docker run --rm owasp/zap2docker-stable
- zap-cli passive-scan http://demo.testfire.net
- docker run --rm owasp/zap2docker-stable
- zap-cli alerts -l Medium
- === Zap Headless ===
- docker run -p 8090:8090 owasp/zap2docker-stable zap.sh -daemon -host 0.0.0.0 -port 8090 -config api.disablekey=true -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true
- === CURL ===
- 1. Run spider
- curl http://localhost:8090/JSON/spider/action/scan?url=http%3A%2F%2fdemo.testfire.net&recurse=false
- 2. View spider results
- curl http://localhost:8090/JSON/spider/view/results
- 3. Run active scan
- curl http://localhost:8090/JSON/ascan/action/scan?url=http%3A%2F%2fdemo.testfire.net&recurse=false
- 4. View results in alerts tab
- curl http://localhost:8090/JSON/core/view/alerts
- 5. Export HTML
- curl http://localhost:8090/OTHER/core/other/htmlreport > zap-report.html
- # list all context
- $ curl -s "http://localhost:8090/JSON/context/view/contextList/?apikey=12345"
- # create context
- $ curl -s "http://localhost:8090/JSON/context/action/newContext/?apikey=12345&contextName=Default+Context"
- # show specific context
- $ curl -s "http://localhost:8090/JSON/context/view/context/?apikey=12345&contextName=Default+Context"
- # add regex into includeInContext
- $ curl -s "http://localhost:8090/JSON/context/action/includeInContext/?apikey=12345&contextName=Default+Context®ex=https://www.webscantest.com.*"
- # list all includeRegexs
- $ curl -s "http://localhost:8090/JSON/context/view/includeRegexs/?apikey=12345&contextName=Default+Context"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement