def __init__(self, proxy, port): """ ZAP Library can be imported with one argument Arguments: - ``proxy``: Proxy is required to initialize the ZAP Proxy at that location. This MUST include the port specification as well - ``port``: This is a portspecification that will be used across the suite Examples: | = Keyword Definition = | = Description = | | Library `|` RoboZap | proxy | port | """ self.zap = ZAP(proxies={"http": proxy, "https": proxy}) self.port = port
def __init__(self, proxy, port): """ ZAP Library can be imported with one argument Arguments: - ``proxy``: Proxy is required to initialize the ZAP Proxy at that location. This MUST include the port specification as well - ``port``: This is a portspecification that will be used across the suite Examples: | = Keyword Definition = | = Description = | | Library `|` RoboZap | proxy | port | """ self.zap = ZAP(proxies={"http": proxy, "https": proxy}) self.port = port temp_name = str(uuid.uuid4()) tmp_dir = os.getcwd() self.session = os.path.join(tmp_dir, temp_name) self.zap_exe = ""
from getgauge.python import step, before_scenario, Messages, data_store from zapv2 import ZAPv2 as ZAP import subprocess import os import requests from time import sleep import datetime zap_proxy = {"http": "http://127.0.0.1:8090", "https": "http://127.0.0.1:8090"} zap = ZAP(proxies=zap_proxy) # -------------------------- # Gauge step implementations # -------------------------- @step("Start ZAP and Open URL <target_url>") def zap_open_url(target_url): cmd = "/Applications/ZAP_28.app/Contents/Java/zap.sh -config api.disablekey=true -port {0}".format( 8090) subprocess.Popen(cmd.split(" "), stdout=open(os.devnull, "w")) while True: try: status_req = requests.get("http://127.0.0.1:8090") if status_req.status_code == 200: break except Exception: pass zap.urlopen(target_url) sleep(3)
# Install Python implementation of OWASP ZAP API (if it is not already done) # pip3 install python-owasp-zap-v2.4 # !/usr/bin/env python3 import time from zapv2 import ZAPv2 as ZAP from pprint import pprint import requests # The URL of the application to be tested target = 'http://redacted.com/' # Change to match the API key set in ZAP, or use None if the API key is disabled apiKey = 'mysecretapikey' zap = ZAP(apikey=apiKey) # By default ZAP API client will connect to port 8080 # Use the line below if ZAP is not listening on port 8080, for example, if listening on port 9090 print("Started ZAP Scan") zap = ZAP(apikey=apiKey, proxies={ 'http': 'http://127.0.0.1:9090', 'https': 'http://127.0.0.1:9090' }) # MANDATORY. True to create another ZAP session (overwrite the former if the same name already exists), False to use an existing one isNewSession = True # MANDATORY. ZAP Session name sessionName = 'myappsession'
print("Fetch Customer POST Response") print(fetch_customer_post.json()) print() search = {'search': 'dleon'} search_customer_username = requests.post( target_url + '/search', json=search, proxies=proxies, headers=auth_header, verify=False) if search_customer_username.status_code == 200: print("Search Customer POST Response") print(search_customer_username.json()) print() # ZAP Operations zap = ZAP(proxies={'http': 'http://localhost:8090', 'https': 'http://localhost:8090'}) if 'Light' not in zap.ascan.scan_policy_names: print("Adding scan policies") zap.ascan.add_scan_policy( "Light", alertthreshold="Medium", attackstrength="Low") active_scan_id = zap.ascan.scan(target_url, scanpolicyname='Light') print("active scan id: {0}".format(active_scan_id)) # now we can start monitoring the spider's status while int(zap.ascan.status(active_scan_id)) < 100: print("Current Status of ZAP Active Scan: {0}%".format( zap.ascan.status(active_scan_id))) time.sleep(10)
from zapv2 import ZAPv2 as ZAP #import ZAP library import time apikey = 'tmr' # Change to match the API key set in ZAP, or use None if the API key is disabled zap = ZAP(apikey=apikey, proxies={ 'http': 'http://localhost:8080', 'https': 'http://localhost:8080' }) #setting the local ZAP instance that is open on your local system target_site = 'http://example.com' zap.urlopen(target_site) #opens up the the target site. Makes a single GET request spider_id = zap.spider.scan(target_site) #this line of code kicks off the ZAP Default Spider. This returns an ID value for the spider print("Spider ID for the initiated spider scan is: {0}".format(spider_id)) #now we can start monitoring the spider's status while int(zap.spider.status(spider_id)) < 100: print("Current Status of ZAP Spider: {0}%".format( zap.spider.status(spider_id))) time.sleep(4) active_scan_id = zap.ascan.scan(target_site) while int(zap.ascan.status(active_scan_id)) < 100: