def __init__(self, proxy, port):
"""
ZAP Library can be imported with one argument
Arguments:
- ``proxy``: Proxy is required to initialize the ZAP Proxy at that location. This MUST include the port specification as well
- ``port``: This is a portspecification that will be used across the suite
Examples:
| = Keyword Definition = | = Description = |
| Library `|` RoboZap | proxy | port |
"""
self.zap = ZAP(proxies={"http": proxy, "https": proxy})
self.port = port
def __init__(self, proxy, port):
"""
ZAP Library can be imported with one argument
Arguments:
- ``proxy``: Proxy is required to initialize the ZAP Proxy at that location. This MUST include the port specification as well
- ``port``: This is a portspecification that will be used across the suite
Examples:
| = Keyword Definition = | = Description = |
| Library `|` RoboZap | proxy | port |
"""
self.zap = ZAP(proxies={"http": proxy, "https": proxy})
self.port = port
temp_name = str(uuid.uuid4())
tmp_dir = os.getcwd()
self.session = os.path.join(tmp_dir, temp_name)
self.zap_exe = ""
from getgauge.python import step, before_scenario, Messages, data_store
from zapv2 import ZAPv2 as ZAP
import subprocess
import os
import requests
from time import sleep
import datetime
zap_proxy = {"http": "http://127.0.0.1:8090", "https": "http://127.0.0.1:8090"}
zap = ZAP(proxies=zap_proxy)
# --------------------------
# Gauge step implementations
# --------------------------
@step("Start ZAP and Open URL <target_url>")
def zap_open_url(target_url):
cmd = "/Applications/ZAP_28.app/Contents/Java/zap.sh -config api.disablekey=true -port {0}".format(
8090)
subprocess.Popen(cmd.split(" "), stdout=open(os.devnull, "w"))
while True:
try:
status_req = requests.get("http://127.0.0.1:8090")
if status_req.status_code == 200:
break
except Exception:
pass
zap.urlopen(target_url)
sleep(3)
# Install Python implementation of OWASP ZAP API (if it is not already done)
# pip3 install python-owasp-zap-v2.4
# !/usr/bin/env python3
import time
from zapv2 import ZAPv2 as ZAP
from pprint import pprint
import requests
# The URL of the application to be tested
target = 'http://redacted.com/'
# Change to match the API key set in ZAP, or use None if the API key is disabled
apiKey = 'mysecretapikey'
zap = ZAP(apikey=apiKey)
# By default ZAP API client will connect to port 8080
# Use the line below if ZAP is not listening on port 8080, for example, if listening on port 9090
print("Started ZAP Scan")
zap = ZAP(apikey=apiKey,
proxies={
'http': 'http://127.0.0.1:9090',
'https': 'http://127.0.0.1:9090'
})
# MANDATORY. True to create another ZAP session (overwrite the former if the same name already exists), False to use an existing one
isNewSession = True
# MANDATORY. ZAP Session name
sessionName = 'myappsession'
print("Fetch Customer POST Response")
print(fetch_customer_post.json())
print()
search = {'search': 'dleon'}
search_customer_username = requests.post(
target_url + '/search', json=search, proxies=proxies, headers=auth_header, verify=False)
if search_customer_username.status_code == 200:
print("Search Customer POST Response")
print(search_customer_username.json())
print()
# ZAP Operations
zap = ZAP(proxies={'http': 'http://localhost:8090',
'https': 'http://localhost:8090'})
if 'Light' not in zap.ascan.scan_policy_names:
print("Adding scan policies")
zap.ascan.add_scan_policy(
"Light", alertthreshold="Medium", attackstrength="Low")
active_scan_id = zap.ascan.scan(target_url, scanpolicyname='Light')
print("active scan id: {0}".format(active_scan_id))
# now we can start monitoring the spider's status
while int(zap.ascan.status(active_scan_id)) < 100:
print("Current Status of ZAP Active Scan: {0}%".format(
zap.ascan.status(active_scan_id)))
time.sleep(10)
from zapv2 import ZAPv2 as ZAP #import ZAP library
import time
apikey = 'tmr' # Change to match the API key set in ZAP, or use None if the API key is disabled
zap = ZAP(apikey=apikey,
proxies={
'http': 'http://localhost:8080',
'https': 'http://localhost:8080'
})
#setting the local ZAP instance that is open on your local system
target_site = 'http://example.com'
zap.urlopen(target_site)
#opens up the the target site. Makes a single GET request
spider_id = zap.spider.scan(target_site)
#this line of code kicks off the ZAP Default Spider. This returns an ID value for the spider
print("Spider ID for the initiated spider scan is: {0}".format(spider_id))
#now we can start monitoring the spider's status
while int(zap.spider.status(spider_id)) < 100:
print("Current Status of ZAP Spider: {0}%".format(
zap.spider.status(spider_id)))
time.sleep(4)
active_scan_id = zap.ascan.scan(target_site)
while int(zap.ascan.status(active_scan_id)) < 100: