How to generate full report in owasp zap in any format

3,498 views
Skip to first unread message

manikanda prabhu

unread,
Apr 6, 2017, 5:23:40 AM4/6/17
to OWASP ZAP User Group

When i try to generate report in HTML,.XML or PDF I'm getting only alerts in the report. I would like to get all the information including passed attack also in the report.

For example in active scan there is around 500+ combination of URL being used but I'm getting only fee of them. I need all the 500+ URL and its results in the report


I had asked same query in stackoverflow also

Simon Bennetts

unread,
Apr 6, 2017, 5:28:09 AM4/6/17
to OWASP ZAP User Group
I'll start with my answer to your question on Stackoverflow :)

We dont generate that as a 'standard' report as no ones asked for that to date. However we do expose pretty much everything via the ZAP API, and if theres anything we dont currently expose then let us know and we'll fix that. To get started with the API point your browser at the host:port that ZAP is listening on and follow the link to the API UI which will allow you to invoke any of the end points. We also have some info on the wiki: https://github.com/zaproxy/zaproxy/wiki/ApiDetails


Do you have any more specific questions you'd like answers to?

Cheers,

Simon

manikanda prabhu

unread,
Apr 6, 2017, 5:31:44 AM4/6/17
to OWASP ZAP User Group
Thanks for the response.

i've tried ZAP API with ruby, i didn't get the report that I want. (entire results into a file)

Is there any other alternative option to do that?

Simon Bennetts

unread,
Apr 6, 2017, 5:37:20 AM4/6/17
to OWASP ZAP User Group
Yes, using the rest of the API.
As I said before, the report generated by ZAP doesnt include the information you want, no matter whether its generated from the UI or the API.
However the API does provide access to pretty much all of the data maintained by ZAP.
A good place to start would be the core component: https://github.com/zaproxy/zaproxy/wiki/ApiGen_core
The 'messages' view allows you to page through all of the messages send and received by ZAP.

manikanda prabhu

unread,
Apr 6, 2017, 5:59:32 AM4/6/17
to OWASP ZAP User Group
Hi Simon,

could you help me on how to use ZAP API with ruby, i didn't see any ZAP API samples in the below URL's

https://github.com/zaproxy/zaproxy/wiki/ApiGen_core
https://code.google.com/archive/p/zaproxy/wikis/ApiDetails.wiki

Regards,
Mani.

Simon Bennetts

unread,
Apr 6, 2017, 10:37:13 AM4/6/17
to OWASP ZAP User Group
Hi Mani,

I'm afraid we dont officially support Ruby, but there are a couple of 3rd party clients listed on https://github.com/zaproxy/zaproxy/wiki/ApiDetails
However you can just call the relevant URLs directly and parse the JSON / XML - its not that hard.

Btw if anyone fancies working on an official Ruby (or any other language) client then please get in touch.
Most of the client code is auto-generated so its not as much work as you might think. You just need some code that calls parameterised endpoints and to write a code generator - we have various examples available.

Cheers,

Simon
Reply all
Reply to author
Forward
0 new messages