How to set attack mode in the Python API

[Mohan PenTest]

Hi Team,

I am creating the automation solution using the Python API.

How to set the Attack mode in the Python API ?

My expectation is set the Attack mode and run the active scan on the website to achive the good scan results.

Please provide your recommendation or example reference.

Advance thanks!!

Regards/Mohan

[Simon Bennetts]

Hi Mohan,

Before I answer this question, one question for you - why?

Attack mode was originally intended as a manual option, where you manually explore the website and that way control what ZAP attacks.

Using the Attack mode with automation is no different to exploring your application first (eg using the spiders, importing API definitions) and then running an active scan.

You may also find that other options we support, such as the packaged docker scans the the Automation Framework are more convenient for you to use: https://www.zaproxy.org/docs/automate/

But if you still really want to use Attack mode then you can use the https://www.zaproxy.org/docs/api/#coreactionsetmode API endpoint.

Cheers,

Simon