ZAP docker passive scanning results
Question
I have created a Zap container (inside docker) using the command
docker run -u zap -p 8080:8080 -i owasp/zap2docker-stable zap-x.sh -daemon -host 0.0.0.0 -port 8080 -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config api.key=
With the proper api key. The containet is up and ok.
I made my native application, that is running on docker too, to proxy all the html communication through the Zap container. My aim is that Zap passively analysis all the trafic for security issues.
The question is how can i retrive the data of the passive scanner from this ZAP container without using the UI? What is the command to generate the report for the passive results?
1 answers
solution1
0 2019-06-19 19:55:34
The alerts generated by Active or Passive scanning (scripts, addons, etc) or full reports can be retrieved via Zap's API: https://github.com/zaproxy/zaproxy/wiki/ApiDetails
Relevant API endpoints include (but are not necessarily limited to):
- alert/view/alertsSummary/
- alert/view/alertsByRisk/
- alert/view/alerts/
- alert/view/alertCountsByRisk/
- core/other/htmlreport/
- core/other/jsonreport/
- core/other/mdreport/
- core/other/xmlreport/
- core/view/alerts/
- core/view/alertsSummary/
There are sample API usage programs in both the python and java API github repos. There are also lots of public blog posts, articles, and videos about using ZAP via it's API for various automation scenarios. (All of which is just a quick web search away.)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.