zap scan with REST API's
227 views
Skip to first unread message
Thoni A
Mar 4, 2021, 8:49:07 AM3/4/21
to OWASP ZAP User Group
Hi All,
I have a list of API endpoints and have a apiary and postman json collections.
Is there a way to run api scan with postman json collections?
I am running a 'zap-api-scan.py' from "https://github.com/zaproxy/zaproxy/blob/main/docker/zap-api-scan.py".
Got a below error:
$ python3 zap-api-scan.py -t https://example.com
cli_opts([('-t', 'https://example.com')])
2021-03-03 11:31:55,763 Format must be either 'openapi', 'soap', or 'graphql'
cli_opts([('-t', 'https://example.com')])
2021-03-03 11:31:55,763 Format must be either 'openapi', 'soap', or 'graphql'
I want run a zap scan with my application which has a REST API's. I dont have neither openapi, soap, or graphql.
I have a list of API endpoints and have a apiary and postman json collections.
Is there a way to run api scan with postman json collections?
Thanks
Thoni
Simon Bennetts
Mar 4, 2021, 8:55:21 AM3/4/21
to OWASP ZAP User Group
Hi Thoni,
ZAP does not currently support importing apiary or postman json collections. If anyone fancies adding support to ZAP for those then please get in touch :)
Can you proxy another tool to make API calls through ZAP?
If so thats probably your best alternative, unless anyone else can suggest another option..
Cheers,
Simon
Zachary Conger
Mar 4, 2021, 11:59:54 AM3/4/21
to zaprox...@googlegroups.com
Thoni,
If you are looking for a quick solution, you might try converting your existing documents to OpenAPI. For a fee, there are services like APIMatic that can convert from API Blueprint and Postman collections to OpenAPI. And there are several free or cheap tools to convert from Postman collections such as postman-to-api.
You could also look at generating OpenAPI docs from your application using any of a number of OpenAPI tools for various languages. For instance there is SpringFox for Spring Boot, swagger-docs for Rails, Django REST swagger for Django, swagger-jsdoc, and so forth.
- Zachary
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/74ba9327-989a-400a-a928-b3d742c1332fn%40googlegroups.com.
--
Reply all
Reply to author
Forward
0 new messages