Installation steps for zaproxy command line.
1,819 views
Skip to first unread message
skzaproxy
Feb 19, 2016, 10:40:38 AM2/19/16
to OWASP ZAP User Group
I am new to zaproxy, have tried using zaproxy using windows UI. Need to know steps to install zaproxy command line and python APIs to test a web server.
My current requirement is to use zaproxy using command line and write python scripts that call zaproxy to test web servers and generate reports.
Please let me know your inputs on how to proceed with the above requirement.
Thanks in advance.
Simon Bennetts
Feb 19, 2016, 10:52:26 AM2/19/16
to OWASP ZAP User Group
Hiya,
ZAP can be run as a desktop tool with a UI, as a headless daemon and as an inline command line tool.
The inline command options are pretty limited, so I'd recommend using the daemon.
You dont need to download or install anything new, just run ZAP using the zap.cmd script and specify -daemon as a parameter.
If you point your browser at the host/port ZAP is listening on then you'll see a link to a web UI for the API. Its basic looking but fully functional and may help you find your way around the API.
The ZAP python API is on PyPI and we have some documentation here: https://github.com/zaproxy/zaproxy/wiki/ApiPython
We use the python API for testing ZAP against vulnerable web apps like wavsep - have a look at this script: https://github.com/zapbot/zap-mgmt-scripts/blob/master/wavsep/wavsep-1.5-spider-scan.py
Hopefully that will help get you started, but we know the documentation is somewhat lacking so please ask questions on this group when you have them ;)
Cheers,
Simon
ZAP can be run as a desktop tool with a UI, as a headless daemon and as an inline command line tool.
The inline command options are pretty limited, so I'd recommend using the daemon.
You dont need to download or install anything new, just run ZAP using the zap.cmd script and specify -daemon as a parameter.
If you point your browser at the host/port ZAP is listening on then you'll see a link to a web UI for the API. Its basic looking but fully functional and may help you find your way around the API.
The ZAP python API is on PyPI and we have some documentation here: https://github.com/zaproxy/zaproxy/wiki/ApiPython
We use the python API for testing ZAP against vulnerable web apps like wavsep - have a look at this script: https://github.com/zapbot/zap-mgmt-scripts/blob/master/wavsep/wavsep-1.5-spider-scan.py
Hopefully that will help get you started, but we know the documentation is somewhat lacking so please ask questions on this group when you have them ;)
Cheers,
Simon
skzaproxy
Feb 20, 2016, 9:59:15 AM2/20/16
to OWASP ZAP User Group
I am using following option:
zap.bat -daemon.
Could you please share the zap.cmd script.
Regards
Simon Bennetts
Feb 21, 2016, 10:10:53 AM2/21/16
to OWASP ZAP User Group
Sorry, my bad - it _is_ zap.bat not zap.cmd ;)
Mufaddal Manasawala
May 5, 2016, 6:27:56 AM5/5/16
to OWASP ZAP User Group
I used this command in commad line
zap.bat -quickurl http://localhost:30324
This is giving me error.
My zap is configured at localhost:8090 so do my browser.
How can i perform active scanning, spidering through command line?
How can i generate report for the same?
Simon Bennetts
May 5, 2016, 6:50:49 AM5/5/16
to OWASP ZAP User Group
Please dont ask the same question in multiple places.
It makes it difficult for both the people answering the question and for other people looking for answers.
I'll answer the other thread you started.
Simon
It makes it difficult for both the people answering the question and for other people looking for answers.
I'll answer the other thread you started.
Simon
Reply all
Reply to author
Forward
0 new messages