API tools faq
paste
Advertisement
irobust

OWASP ZAP Container

irobust
Aug 15th, 2019
318
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.98 KB | None | 0 0
raw download clone embed print report
  1. === Web Swing ===
  2. docker run --rm -u zap -p 8080:8080 -p 8090:8090 owasp/zap2docker-stable zap-webswing.sh
  3.  
  4. === Python script ====
  5. docker run --rm -it owasp/zap2docker-stable sh
  6. docker run --rm owasp/zap2docker-stable
  7. zap-baseline.py -t demo.testfire.net
  8.  
  9. === Zap Cli ===
  10. docker run --rm owasp/zap2docker-stable
  11. zap-cli --zap-url http://host.docker.internal -p 8080 spider http://demo.testfire.net
  12. docker run --rm owasp/zap2docker-stable
  13. zap-cli spider http://demo.testfire.net
  14. docker run --rm owasp/zap2docker-stable
  15. zap-cli quick-scan http://demo.testfire.net
  16. docker run --rm owasp/zap2docker-stable
  17. zap-cli passive-scan http://demo.testfire.net
  18.  
  19. docker run --rm owasp/zap2docker-stable
  20. zap-cli alerts -l Medium
  21.  
  22. === Zap Headless ===
  23. docker run -p 8090:8090 owasp/zap2docker-stable zap.sh -daemon -host 0.0.0.0 -port 8090 -config api.disablekey=true -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true
  24.  
  25. === CURL ===
  26. 1. Run spider
  27. curl http://localhost:8090/JSON/spider/action/scan?url=http%3A%2F%2fdemo.testfire.net&recurse=false
  28. 2. View spider results
  29. curl http://localhost:8090/JSON/spider/view/results
  30. 3. Run active scan
  31. curl http://localhost:8090/JSON/ascan/action/scan?url=http%3A%2F%2fdemo.testfire.net&recurse=false
  32. 4. View results in alerts tab
  33. curl http://localhost:8090/JSON/core/view/alerts
  34. 5. Export HTML
  35. curl http://localhost:8090/OTHER/core/other/htmlreport > zap-report.html
  36.  
  37. # list all context
  38. $ curl -s "http://localhost:8090/JSON/context/view/contextList/?apikey=12345"
  39.  
  40. # create context
  41. $ curl -s "http://localhost:8090/JSON/context/action/newContext/?apikey=12345&contextName=Default+Context"
  42. # show specific context
  43. $ curl -s "http://localhost:8090/JSON/context/view/context/?apikey=12345&contextName=Default+Context"
  44.  
  45. # add regex into includeInContext
  46. $ curl -s "http://localhost:8090/JSON/context/action/includeInContext/?apikey=12345&contextName=Default+Context&regex=https://www.webscantest.com.*"
  47.  
  48. # list all includeRegexs
  49. $ curl -s "http://localhost:8090/JSON/context/view/includeRegexs/?apikey=12345&contextName=Default+Context"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!