OWASP ZAP API Raku module
use lib 'lib';
use Zap;
# Config Zap Client
ZapConfig(:apikey<apikey12345>,:port<8081>,:addr<127.0.0.1>);
# send a url to the spider
my $scanId = Zap::Spider.scan(:url<https://perl.org>);
# get the spider status
my $status = Zap::Spider.status(:$scanId);
# wait for the spider to finish then get the result
$*OUT = $*OUT.open(:!buffer);
while Zap::Spider.status(:$scanId) < 100 {
print "Spider progress {Zap::Spider.status(:$scanId)} \r";
}
$*OUT = $*OUT.open(:buffer);
put "URL : $_" for Zap::Spider.results(:$scanId);
my @scans = Zap::Spider.scans; # this needs some work
put "ID , Progress , State";
for @scans -> %scan {
put %scan<id progress state>.fmt("%s",', ')
}
zef install Zap
- Make the code and API Response more easy to handle
- Write a Script to provide a CLI
raku-zapmaybe ? - Write an Interface for the zap CLI
- Automate Spider and Scanners
- Since we are using Cro::HTTP::Client , we can handel the other response formats with
body-parsers(aCro::HTTP::BodyParserclass)
class Zap::Ruleconfig Methods
method resetAllRuleConfigValues() returns MuReset all of the rule configurations
method resetRuleConfigValue(
:$key!
) returns MuReset the specified rule configuration, which must already exist
method setRuleConfigValue(
:$key!,
:$value
) returns MuSet the specified rule configuration, which must already exist
class Zap::Break Methods
method isBreakRequest() returns MuReturns True if ZAP will break on requests
method isBreakResponse() returns MuReturns True if ZAP will break on responses
method waitForHttpBreak(
:$poll,
:$keepalive
) returns MuWaits until an HTTP breakpoint has been hit, at which point it returns the message. Poll is the number of milliseconds ZAP will pause between checking for breakpoints being hit (default 500). If keepalive is zero or less then the response will be returned as a Server Sent Event, otherwise it is used as the frequency in seconds at which 'keepalive' events should be returned and the response is sent as a standard response.
method addHttpBreakpoint(
:$string!,
:$location!,
:$match!,
:$inverse!,
:$ignorecase!
) returns MuAdds a custom HTTP breakpoint. The string is the string to match. Location may be one of: url, request_header, request_body, response_header or response_body. Match may be: contains or regex. Inverse (match) may be true or false. Lastly, ignorecase (when matching the string) may be true or false.
method break(
:$type!,
:$state!,
:$scope
) returns MuControls the global break functionality. The type may be one of: http-all, http-request or http-response. The state may be true (for turning break on for the specified type) or false (for turning break off). Scope is not currently used.
method continue() returns MuSubmits the currently intercepted message and unsets the global request/response breakpoints
method drop() returns MuDrops the currently intercepted message
method removeHttpBreakpoint(
:$string!,
:$location!,
:$match!,
:$inverse!,
:$ignorecase!
) returns MuRemoves the specified breakpoint
method setHttpMessage(
:$httpHeader!,
:$httpBody
) returns MuOverwrites the currently intercepted message with the data provided
method step() returns MuSubmits the currently intercepted message, the next request or response will automatically be intercepted
class Zap::Hud Methods
method hudAlertData(
:$url!
) returns MuReturns the alert summary needed by the HUD for the specified URL
method optionAllowUnsafeEval() returns MuReturns true if the 'Allow unsafe-eval' option is set
method optionBaseDirectory() returns MuReturns the base directory from which the HUD files are loaded
method optionDevelopmentMode() returns MuReturns true if the 'Development mode' option is set
method optionEnableOnDomainMsgs() returns MuNo Doc
method optionEnabledForDaemon() returns MuNo Doc
method optionEnabledForDesktop() returns MuNo Doc
method optionInScopeOnly() returns MuReturns true if the 'In scope only' option is set
method optionRemoveCSP() returns MuReturns true if the 'Remove CSP' option is set
method optionShowWelcomeScreen() returns MuNo Doc
method optionSkipTutorialTasks() returns MuNo Doc
method optionTutorialHost() returns MuNo Doc
method optionTutorialPort() returns MuNo Doc
method optionTutorialTasksDone() returns MuNo Doc
method optionTutorialTestMode() returns MuNo Doc
method optionTutorialUpdates() returns MuNo Doc
method tutorialUpdates() returns MuNo Doc
method upgradedDomains() returns MuNo Doc
method changesInHtml() returns MuReturns the changelog in HTML format
method log(
:$record!
) returns MuUsed by the HUD to log messages from the browser
method recordRequest(
:$header!,
:$body!
) returns MuUsed by the HUD to cache a request the user wants to send in the browser
method resetTutorialTasks() returns MuReset the tutorial tasks so that they must be completed again
method setOptionBaseDirectory(
:$String!
) returns MuSet the base directory from which the HUD files are loaded
method setOptionDevelopmentMode(
:$Boolean!
) returns MuSets the boolean option 'Development mode'
method setOptionEnableOnDomainMsgs(
:$Boolean!
) returns MuNo Doc
method setOptionEnabledForDaemon(
:$Boolean!
) returns MuNo Doc
method setOptionEnabledForDesktop(
:$Boolean!
) returns MuNo Doc
method setOptionInScopeOnly(
:$Boolean!
) returns MuSets the boolean option 'In scope only'
method setOptionRemoveCSP(
:$Boolean!
) returns MuSets the boolean option 'Remove CSP'
method setOptionShowWelcomeScreen(
:$Boolean!
) returns MuNo Doc
method setOptionSkipTutorialTasks(
:$Boolean!
) returns MuNo Doc
method setOptionTutorialTaskDone(
:$String!
) returns MuNo Doc
method setOptionTutorialTestMode(
:$Boolean!
) returns MuNo Doc
method setUiOption(
:$key!,
:$value
) returns MuSets a UI option with the given key and value. The key must be 50 or fewer alphanumeric characters
class Zap::Forceduser Methods
method setForcedUser(
:$contextId!,
:$userId!
) returns MuSets the user (ID) that should be used in 'forced user' mode for the given context (ID)
method setForcedUserModeEnabled(
:$boolean!
) returns MuSets if 'forced user' mode should be enabled or not
class Zap::Stats Methods
method clearStats(
:$keyPrefix
) returns MuClears all of the statistics
method setOptionInMemoryEnabled(
:$Boolean!
) returns MuSets whether in memory statistics are enabled
method setOptionStatsdHost(
:$String!
) returns MuSets the Statsd service hostname, supply an empty string to stop using a Statsd service
method setOptionStatsdPort(
:$Integer!
) returns MuSets the Statsd service port
method setOptionStatsdPrefix(
:$String!
) returns MuSets the prefix to be applied to all stats sent to the configured Statsd service
method optionStatsdEnabled() returns MuReturns 'true' if a Statsd server has been correctly configured, otherwise returns 'false'
method optionStatsdHost() returns MuGets the Statsd service hostname
method optionStatsdPort() returns MuGets the Statsd service port
method optionStatsdPrefix() returns MuGets the prefix to be applied to all stats sent to the configured Statsd service
method siteStats(
:$site!,
:$keyPrefix
) returns MuGets all of the global statistics, optionally filtered by a key prefix
method stats(
:$keyPrefix
) returns MuStatistics
class Zap::Alertfilter Methods
method addAlertFilter(
:$contextId!,
:$ruleId!,
:$newLevel!,
:$url,
:$urlIsRegex,
:$parameter,
:$enabled,
:$parameterIsRegex,
:$attack,
:$attackIsRegex,
:$evidence,
:$evidenceIsRegex
) returns MuAdds a new alert filter for the context with the given ID.
method addGlobalAlertFilter(
:$ruleId!,
:$newLevel!,
:$url,
:$urlIsRegex,
:$parameter,
:$enabled,
:$parameterIsRegex,
:$attack,
:$attackIsRegex,
:$evidence,
:$evidenceIsRegex
) returns MuAdds a new global alert filter.
method removeAlertFilter(
:$contextId!,
:$ruleId!,
:$newLevel!,
:$url,
:$urlIsRegex,
:$parameter,
:$enabled,
:$parameterIsRegex,
:$attack,
:$attackIsRegex,
:$evidence,
:$evidenceIsRegex
) returns MuRemoves an alert filter from the context with the given ID.
method removeGlobalAlertFilter(
:$ruleId!,
:$newLevel!,
:$url,
:$urlIsRegex,
:$parameter,
:$enabled,
:$parameterIsRegex,
:$attack,
:$attackIsRegex,
:$evidence,
:$evidenceIsRegex
) returns MuRemoves a global alert filter.
class Zap::Ascan Methods
method addExcludedParam(
:$name!,
:$type,
:$url
) returns MuAdds a new parameter excluded from the scan, using the specified name. Optionally sets if the new entry applies to a specific URL (default, all URLs) and sets the ID of the type of the parameter (default, ID of any type). The type IDs can be obtained with the view excludedParamTypes.
method addScanPolicy(
:$scanPolicyName!,
:$alertThreshold,
:$attackStrength
) returns MuNo Doc
method clearExcludedFromScan() returns MuClears the regexes of URLs excluded from the active scans.
method disableAllScanners(
:$scanPolicyName
) returns MuDisables all scanners of the scan policy with the given name, or the default if none given.
method disableScanners(
:$ids!,
:$scanPolicyName
) returns MuDisables the scanners with the given IDs (comma separated list of IDs) of the scan policy with the given name, or the default if none given.
method enableAllScanners(
:$scanPolicyName
) returns MuEnables all scanners of the scan policy with the given name, or the default if none given.
method enableScanners(
:$ids!,
:$scanPolicyName
) returns MuEnables the scanners with the given IDs (comma separated list of IDs) of the scan policy with the given name, or the default if none given.
method excludeFromScan(
:$regex!
) returns MuAdds a regex of URLs that should be excluded from the active scans.
method importScanPolicy(
:$path!
) returns MuImports a Scan Policy using the given file system path.
method modifyExcludedParam(
:$idx!,
:$name,
:$type,
:$url
) returns MuModifies a parameter excluded from the scan. Allows to modify the name, the URL and the type of parameter. The parameter is selected with its index, which can be obtained with the view excludedParams.
method pause(
:$scanId!
) returns MuNo Doc
method pauseAllScans() returns MuNo Doc
method removeAllScans() returns MuNo Doc
method removeExcludedParam(
:$idx!
) returns MuRemoves a parameter excluded from the scan, with the given index. The index can be obtained with the view excludedParams.
method removeScan(
:$scanId!
) returns MuNo Doc
method removeScanPolicy(
:$scanPolicyName!
) returns MuNo Doc
method resume(
:$scanId!
) returns MuNo Doc
method resumeAllScans() returns MuNo Doc
method scan(
:$url,
:$recurse,
:$inScopeOnly,
:$scanPolicyName,
:$method,
:$postData,
:$contextId
) returns MuRuns the active scanner against the given URL and/or Context. Optionally, the 'recurse' parameter can be used to scan URLs under the given URL, the parameter 'inScopeOnly' can be used to constrain the scan to URLs that are in scope (ignored if a Context is specified), the parameter 'scanPolicyName' allows to specify the scan policy (if none is given it uses the default scan policy), the parameters 'method' and 'postData' allow to select a given request in conjunction with the given URL.
method scanAsUser(
:$url,
:$contextId,
:$userId,
:$recurse,
:$scanPolicyName,
:$method,
:$postData
) returns MuActive Scans from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details.
method setEnabledPolicies(
:$ids!,
:$scanPolicyName
) returns MuNo Doc
method setOptionAddQueryParam(
:$Boolean!
) returns MuSets whether or not the active scanner should add a query param to GET requests which do not have parameters to start with.
method setOptionAllowAttackOnStart(
:$Boolean!
) returns MuNo Doc
method setOptionAttackPolicy(
:$String!
) returns MuNo Doc
method setOptionDefaultPolicy(
:$String!
) returns MuNo Doc
method setOptionDelayInMs(
:$Integer!
) returns MuNo Doc
method setOptionHandleAntiCSRFTokens(
:$Boolean!
) returns MuNo Doc
method setOptionHostPerScan(
:$Integer!
) returns MuNo Doc
method setOptionInjectPluginIdInHeader(
:$Boolean!
) returns MuSets whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scanner that's sending the requests.
method setOptionMaxChartTimeInMins(
:$Integer!
) returns MuNo Doc
method setOptionMaxResultsToList(
:$Integer!
) returns MuNo Doc
method setOptionMaxRuleDurationInMins(
:$Integer!
) returns MuNo Doc
method setOptionMaxScanDurationInMins(
:$Integer!
) returns MuNo Doc
method setOptionMaxScansInUI(
:$Integer!
) returns MuNo Doc
method setOptionPromptInAttackMode(
:$Boolean!
) returns MuNo Doc
method setOptionPromptToClearFinishedScans(
:$Boolean!
) returns MuNo Doc
method setOptionRescanInAttackMode(
:$Boolean!
) returns MuNo Doc
method setOptionScanHeadersAllRequests(
:$Boolean!
) returns MuSets whether or not the HTTP Headers of all requests should be scanned. Not just requests that send parameters, through the query or request body.
method setOptionShowAdvancedDialog(
:$Boolean!
) returns MuNo Doc
method setOptionTargetParamsEnabledRPC(
:$Integer!
) returns MuNo Doc
method setOptionTargetParamsInjectable(
:$Integer!
) returns MuNo Doc
method setOptionThreadPerHost(
:$Integer!
) returns MuNo Doc
method setPolicyAlertThreshold(
:$id!,
:$alertThreshold!,
:$scanPolicyName
) returns MuNo Doc
method setPolicyAttackStrength(
:$id!,
:$attackStrength!,
:$scanPolicyName
) returns MuNo Doc
method setScannerAlertThreshold(
:$id!,
:$alertThreshold!,
:$scanPolicyName
) returns MuNo Doc
method setScannerAttackStrength(
:$id!,
:$attackStrength!,
:$scanPolicyName
) returns MuNo Doc
method skipScanner(
:$scanId!,
:$scannerId!
) returns MuSkips the scanner using the given IDs of the scan and the scanner.
method stop(
:$scanId!
) returns MuNo Doc
method stopAllScans() returns MuNo Doc
method updateScanPolicy(
:$scanPolicyName!,
:$alertThreshold,
:$attackStrength
) returns MuNo Doc
method excludedFromScan() returns MuGets the regexes of URLs excluded from the active scans.
method excludedParamTypes() returns MuGets all the types of excluded parameters. For each type the following are shown: the ID and the name.
method excludedParams() returns MuGets all the parameters that are excluded. For each parameter the following are shown: the name, the URL, and the parameter type.
method messagesIds(
:$scanId!
) returns MuGets the IDs of the messages sent during the scan with the given ID. A message can be obtained with 'message' core view.
method optionAddQueryParam() returns MuTells whether or not the active scanner should add a query parameter to GET request that don't have parameters to start with.
method optionAllowAttackOnStart() returns MuNo Doc
method optionAttackPolicy() returns MuNo Doc
method optionDefaultPolicy() returns MuNo Doc
method optionDelayInMs() returns MuNo Doc
method optionExcludedParamList() returns MuUse view excludedParams instead.
method optionHandleAntiCSRFTokens() returns MuNo Doc
method optionHostPerScan() returns MuNo Doc
method optionInjectPluginIdInHeader() returns MuTells whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scanner that's sending the requests.
method optionMaxChartTimeInMins() returns MuNo Doc
method optionMaxResultsToList() returns MuNo Doc
method optionMaxRuleDurationInMins() returns MuNo Doc
method optionMaxScanDurationInMins() returns MuNo Doc
method optionMaxScansInUI() returns MuNo Doc
method optionPromptInAttackMode() returns MuNo Doc
method optionPromptToClearFinishedScans() returns MuNo Doc
method optionRescanInAttackMode() returns MuNo Doc
method optionScanHeadersAllRequests() returns MuTells whether or not the HTTP Headers of all requests should be scanned. Not just requests that send parameters, through the query or request body.
method optionShowAdvancedDialog() returns MuNo Doc
method optionTargetParamsEnabledRPC() returns MuNo Doc
method optionTargetParamsInjectable() returns MuNo Doc
method optionThreadPerHost() returns MuNo Doc
method policies(
:$scanPolicyName,
:$policyId
) returns MuNo Doc
method scanPolicyNames() returns MuNo Doc
method scanProgress(
:$scanId
) returns MuNo Doc
method scanners(
:$scanPolicyName,
:$policyId
) returns MuGets the scanners, optionally, of the given scan policy and/or scanner policy/category ID.
method scans() returns MuNo Doc
method status(
:$scanId
) returns MuNo Doc
class Zap::Spider Methods
method domainsAlwaysInScope() returns MuGets all the domains that are always in scope. For each domain the following are shown: the index, the value (domain), if enabled, and if specified as a regex.
method excludedFromScan() returns MuGets the regexes of URLs excluded from the spider scans.
method fullResults(
:$scanId!
) returns MuNo Doc
method optionAcceptCookies() returns MuGets whether or not a spider process should accept cookies while spidering.
method optionDomainsAlwaysInScope() returns MuUse view domainsAlwaysInScope instead.
method optionDomainsAlwaysInScopeEnabled() returns MuUse view domainsAlwaysInScope instead.
method optionHandleODataParametersVisited() returns MuNo Doc
method optionHandleParameters() returns MuNo Doc
method optionMaxChildren() returns MuGets the maximum number of child nodes (per node) that can be crawled, 0 means no limit.
method optionMaxDepth() returns MuGets the maximum depth the spider can crawl, 0 if unlimited.
method optionMaxDuration() returns MuNo Doc
method optionMaxParseSizeBytes() returns MuGets the maximum size, in bytes, that a response might have to be parsed.
method optionMaxScansInUI() returns MuNo Doc
method optionParseComments() returns MuNo Doc
method optionParseGit() returns MuNo Doc
method optionParseRobotsTxt() returns MuNo Doc
method optionParseSVNEntries() returns MuNo Doc
method optionParseSitemapXml() returns MuNo Doc
method optionPostForm() returns MuNo Doc
method optionProcessForm() returns MuNo Doc
method optionRequestWaitTime() returns MuNo Doc
method optionScope() returns MuNo Doc
method optionScopeText() returns MuNo Doc
method optionSendRefererHeader() returns MuGets whether or not the 'Referer' header should be sent while spidering.
method optionShowAdvancedDialog() returns MuNo Doc
method optionSkipURLString() returns MuNo Doc
method optionThreadCount() returns MuNo Doc
method optionUserAgent() returns MuNo Doc
method results(
:$scanId
) returns MuNo Doc
method scans() returns MuNo Doc
method status(
:$scanId
) returns MuNo Doc
method addDomainAlwaysInScope(
:$value!,
:$isRegex,
:$isEnabled
) returns MuAdds a new domain that's always in scope, using the specified value. Optionally sets if the new entry is enabled (default, true) and whether or not the new value is specified as a regex (default, false).
method clearExcludedFromScan() returns MuClears the regexes of URLs excluded from the spider scans.
method disableAllDomainsAlwaysInScope() returns MuDisables all domains that are always in scope.
method enableAllDomainsAlwaysInScope() returns MuEnables all domains that are always in scope.
method excludeFromScan(
:$regex!
) returns MuAdds a regex of URLs that should be excluded from the spider scans.
method modifyDomainAlwaysInScope(
:$idx!,
:$value,
:$isRegex,
:$isEnabled
) returns MuModifies a domain that's always in scope. Allows to modify the value, if enabled or if a regex. The domain is selected with its index, which can be obtained with the view domainsAlwaysInScope.
method pause(
:$scanId!
) returns MuNo Doc
method pauseAllScans() returns MuNo Doc
method removeAllScans() returns MuNo Doc
method removeDomainAlwaysInScope(
:$idx!
) returns MuRemoves a domain that's always in scope, with the given index. The index can be obtained with the view domainsAlwaysInScope.
method removeScan(
:$scanId!
) returns MuNo Doc
method resume(
:$scanId!
) returns MuNo Doc
method resumeAllScans() returns MuNo Doc
method scan(
:$url,
:$maxChildren,
:$recurse,
:$contextName,
:$subtreeOnly
) returns MuRuns the spider against the given URL (or context). Optionally, the 'maxChildren' parameter can be set to limit the number of children scanned, the 'recurse' parameter can be used to prevent the spider from seeding recursively, the parameter 'contextName' can be used to constrain the scan to a Context and the parameter 'subtreeOnly' allows to restrict the spider under a site's subtree (using the specified 'url').
method scanAsUser(
:$contextId!,
:$userId!,
:$url,
:$maxChildren,
:$recurse,
:$subtreeOnly
) returns MuRuns the spider from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details.
method setOptionAcceptCookies(
:$Boolean!
) returns MuSets whether or not a spider process should accept cookies while spidering.
method setOptionHandleODataParametersVisited(
:$Boolean!
) returns MuNo Doc
method setOptionHandleParameters(
:$String!
) returns MuNo Doc
method setOptionMaxChildren(
:$Integer!
) returns MuSets the maximum number of child nodes (per node) that can be crawled, 0 means no limit.
method setOptionMaxDepth(
:$Integer!
) returns MuSets the maximum depth the spider can crawl, 0 for unlimited depth.
method setOptionMaxDuration(
:$Integer!
) returns MuNo Doc
method setOptionMaxParseSizeBytes(
:$Integer!
) returns MuSets the maximum size, in bytes, that a response might have to be parsed. This allows the spider to skip big responses/files.
method setOptionMaxScansInUI(
:$Integer!
) returns MuNo Doc
method setOptionParseComments(
:$Boolean!
) returns MuNo Doc
method setOptionParseGit(
:$Boolean!
) returns MuNo Doc
method setOptionParseRobotsTxt(
:$Boolean!
) returns MuNo Doc
method setOptionParseSVNEntries(
:$Boolean!
) returns MuNo Doc
method setOptionParseSitemapXml(
:$Boolean!
) returns MuNo Doc
method setOptionPostForm(
:$Boolean!
) returns MuNo Doc
method setOptionProcessForm(
:$Boolean!
) returns MuNo Doc
method setOptionRequestWaitTime(
:$Integer!
) returns MuNo Doc
method setOptionScopeString(
:$String!
) returns MuUse actions [add|modify|remove]DomainAlwaysInScope instead.
method setOptionSendRefererHeader(
:$Boolean!
) returns MuSets whether or not the 'Referer' header should be sent while spidering.
method setOptionShowAdvancedDialog(
:$Boolean!
) returns MuNo Doc
method setOptionSkipURLString(
:$String!
) returns MuNo Doc
method setOptionThreadCount(
:$Integer!
) returns MuNo Doc
method setOptionUserAgent(
:$String!
) returns MuNo Doc
method stop(
:$scanId
) returns MuNo Doc
method stopAllScans() returns MuNo Doc
class Zap::Selenium Methods
method setOptionChromeDriverPath(
:$String!
) returns MuSets the current path to ChromeDriver
method setOptionFirefoxBinaryPath(
:$String!
) returns MuSets the current path to Firefox binary
method setOptionFirefoxDriverPath(
:$String!
) returns MuSets the current path to Firefox driver (geckodriver)
method setOptionIeDriverPath(
:$String!
) returns MuNo Doc
method setOptionPhantomJsBinaryPath(
:$String!
) returns MuSets the current path to PhantomJS binary
method optionFirefoxDriverPath() returns MuReturns the current path to Firefox driver (geckodriver)
method optionIeDriverPath() returns MuNo Doc
method optionPhantomJsBinaryPath() returns MuReturns the current path to PhantomJS binary
class Zap::Httpsessions Methods
method addDefaultSessionToken(
:$sessionToken!,
:$tokenEnabled
) returns MuAdds a default session token with the given name and enabled state.
method addSessionToken(
:$site!,
:$sessionToken!
) returns MuAdds the session token to the given site.
method createEmptySession(
:$site!,
:$session
) returns MuCreates an empty session for the given site. Optionally with the given name.
method removeDefaultSessionToken(
:$sessionToken!
) returns MuRemoves the default session token with the given name.
method removeSession(
:$site!,
:$session!
) returns MuRemoves the session from the given site.
method removeSessionToken(
:$site!,
:$sessionToken!
) returns MuRemoves the session token from the given site.
method renameSession(
:$site!,
:$oldSessionName!,
:$newSessionName!
) returns MuRenames the session of the given site.
method setActiveSession(
:$site!,
:$session!
) returns MuSets the given session as active for the given site.
method setDefaultSessionTokenEnabled(
:$sessionToken!,
:$tokenEnabled!
) returns MuSets whether or not the default session token with the given name is enabled.
method setSessionTokenValue(
:$site!,
:$session!,
:$sessionToken!,
:$tokenValue!
) returns MuSets the value of the session token of the given session for the given site.
method unsetActiveSession(
:$site!
) returns MuUnsets the active session of the given site.
method sessionTokens(
:$site!
) returns MuGets the names of the session tokens for the given site.
method sessions(
:$site!,
:$session
) returns MuGets the sessions for the given site. Optionally returning just the session with the given name.
method sites() returns MuGets all of the sites that have sessions.
class Zap::Localproxies Methods
method removeAdditionalProxy(
:$address!,
:$port!
) returns MuRemoves the additional proxy with the specified address and port.
class Zap::Websocket Methods
method message(
:$channelId!,
:$messageId!
) returns MuReturns full details of the message specified by the channelId and messageId
method messages(
:$channelId,
:$start,
:$count,
:$payloadPreviewLength
) returns MuReturns a list of all of the messages that meet the given criteria (all optional), where channelId is a channel identifier, start is the offset to start returning messages from (starting from 0), count is the number of messages to return (default no limit) and payloadPreviewLength is the maximum number bytes to return for the payload contents
method sendTextMessage(
:$channelId!,
:$outgoing!,
:$message!
) returns MuSends the specified message on the channel specified by channelId, if outgoing is 'True' then the message will be sent to the server and if it is 'False' then it will be sent to the client
method setBreakTextMessage(
:$message!,
:$outgoing!
) returns MuSets the text message for an intercepted websockets message
class Zap::Authentication Methods
method setAuthenticationMethod(
:$contextId!,
:$authMethodName!,
:$authMethodConfigParams
) returns MuSets the authentication method for the context with the given ID.
method setLoggedInIndicator(
:$contextId!,
:$loggedInIndicatorRegex!
) returns MuSets the logged in indicator for the context with the given ID.
method setLoggedOutIndicator(
:$contextId!,
:$loggedOutIndicatorRegex!
) returns MuSets the logged out indicator for the context with the given ID.
method getLoggedInIndicator(
:$contextId!
) returns MuGets the logged in indicator for the context with the given ID.
method getLoggedOutIndicator(
:$contextId!
) returns MuGets the logged out indicator for the context with the given ID.
method getSupportedAuthenticationMethods() returns MuGets the name of the authentication methods.
class Zap::Pscan Methods
method disableAllScanners() returns MuDisables all passive scanners
method disableAllTags() returns MuDisables all passive scan tags.
method disableScanners(
:$ids!
) returns MuDisables all passive scanners with the given IDs (comma separated list of IDs)
method enableAllScanners() returns MuEnables all passive scanners
method enableAllTags() returns MuEnables all passive scan tags.
method enableScanners(
:$ids!
) returns MuEnables all passive scanners with the given IDs (comma separated list of IDs)
method setEnabled(
:$enabled!
) returns MuSets whether or not the passive scanning is enabled (Note: the enabled state is not persisted).
method setMaxAlertsPerRule(
:$maxAlerts!
) returns MuSets the maximum number of alerts a passive scan rule should raise.
method setScanOnlyInScope(
:$onlyInScope!
) returns MuSets whether or not the passive scan should be performed only on messages that are in scope.
method setScannerAlertThreshold(
:$id!,
:$alertThreshold!
) returns MuSets the alert threshold of the passive scanner with the given ID, accepted values for alert threshold: OFF, DEFAULT, LOW, MEDIUM and HIGH
method recordsToScan() returns MuThe number of records the passive scanner still has to scan
method scanOnlyInScope() returns MuTells whether or not the passive scan should be performed only on messages that are in scope.
method scanners() returns MuLists all passive scanners with its ID, name, enabled state and alert threshold.
class Zap::Sessionmanagement Methods
method getSupportedSessionManagementMethods() returns MuGets the name of the session management methods.
method setSessionManagementMethod(
:$contextId!,
:$methodName!,
:$methodConfigParams
) returns MuSets the session management method for the context with the given ID.
class Zap::Script Methods
method globalVar(
:$varKey!
) returns MuGets the value of the global variable with the given key. Returns an API error (DOES_NOT_EXIST) if no value was previously set.
method globalVars() returns MuGets all the global variables (key/value pairs).
method listEngines() returns MuLists the script engines available
method listScripts() returns MuLists the scripts available, with its engine, name, description, type and error state.
method listTypes() returns MuLists the script types available.
method scriptCustomVar(
:$scriptName!,
:$varKey!
) returns MuGets the value (string representation) of a custom variable. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists or if no value was previously set.
method scriptCustomVars(
:$scriptName!
) returns MuGets all the custom variables (key/value pairs, the value is the string representation) of a script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists.
method scriptVar(
:$scriptName!,
:$varKey!
) returns MuGets the value of the variable with the given key for the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists or if no value was previously set.
method scriptVars(
:$scriptName!
) returns MuGets all the variables (key/value pairs) of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists.
method clearGlobalCustomVar(
:$varKey!
) returns MuClears a global custom variable.
method clearGlobalVar(
:$varKey!
) returns MuClears the global variable with the given key.
method clearGlobalVars() returns MuClears the global variables.
method clearScriptCustomVar(
:$scriptName!,
:$varKey!
) returns MuClears a script custom variable.
method clearScriptVar(
:$scriptName!,
:$varKey!
) returns MuClears the variable with the given key of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists.
method clearScriptVars(
:$scriptName!
) returns MuClears the variables of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists.
method disable(
:$scriptName!
) returns MuDisables the script with the given name
method enable(
:$scriptName!
) returns MuEnables the script with the given name
method load(
:$scriptName!,
:$scriptType!,
:$scriptEngine!,
:$fileName!,
:$scriptDescription,
:$charset
) returns MuLoads a script into ZAP from the given local file, with the given name, type and engine, optionally with a description, and a charset name to read the script (the charset name is required if the script is not in UTF-8, for example, in ISO-8859-1).
method remove(
:$scriptName!
) returns MuRemoves the script with the given name
method runStandAloneScript(
:$scriptName!
) returns MuRuns the stand alone script with the given name
method setGlobalVar(
:$varKey!,
:$varValue
) returns MuSets the value of the global variable with the given key.
method setScriptVar(
:$scriptName!,
:$varKey!,
:$varValue
) returns MuSets the value of the variable with the given key of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists.
class Zap::Ajaxspider Methods
method optionBrowserId() returns MuNo Doc
method optionClickDefaultElems() returns MuNo Doc
method optionClickElemsOnce() returns MuNo Doc
method optionEventWait() returns MuNo Doc
method optionMaxCrawlDepth() returns MuNo Doc
method optionMaxCrawlStates() returns MuNo Doc
method optionMaxDuration() returns MuNo Doc
method optionNumberOfBrowsers() returns MuNo Doc
method optionRandomInputs() returns MuNo Doc
method optionReloadWait() returns MuNo Doc
method results(
:$start,
:$count
) returns MuNo Doc
method status() returns MuNo Doc
method scan(
:$url,
:$inScope,
:$contextName,
:$subtreeOnly
) returns MuRuns the spider against the given URL and/or context, optionally, spidering everything in scope. The parameter 'contextName' can be used to constrain the scan to a Context, the option 'in scope' is ignored if a context was also specified. The parameter 'subtreeOnly' allows to restrict the spider under a site's subtree (using the specified 'url').
method scanAsUser(
:$contextName!,
:$userName!,
:$url,
:$subtreeOnly
) returns MuRuns the spider from the perspective of a User, obtained using the given context name and user name. The parameter 'url' allows to specify the starting point for the spider, otherwise it's used an existing URL from the context (if any). The parameter 'subtreeOnly' allows to restrict the spider under a site's subtree (using the specified 'url').
method setOptionBrowserId(
:$String!
) returns MuNo Doc
method setOptionClickDefaultElems(
:$Boolean!
) returns MuNo Doc
method setOptionClickElemsOnce(
:$Boolean!
) returns MuNo Doc
method setOptionEventWait(
:$Integer!
) returns MuNo Doc
method setOptionMaxCrawlDepth(
:$Integer!
) returns MuNo Doc
method setOptionMaxCrawlStates(
:$Integer!
) returns MuNo Doc
method setOptionMaxDuration(
:$Integer!
) returns MuNo Doc
method setOptionNumberOfBrowsers(
:$Integer!
) returns MuNo Doc
method setOptionRandomInputs(
:$Boolean!
) returns MuNo Doc
method setOptionReloadWait(
:$Integer!
) returns MuNo Doc
method stop() returns MuNo Doc
class Zap::Core Methods
method alertsSummary(
:$baseurl
) returns MuGets number of alerts grouped by each risk level, optionally filtering by URL
method childNodes(
:$url
) returns MuGets the child nodes underneath the specified URL in the Sites tree
method excludedFromProxy() returns MuGets the regular expressions, applied to URLs, to exclude from the local proxies.
method homeDirectory() returns MuNo Doc
method hosts() returns MuGets the name of the hosts accessed through/by ZAP
method message(
:$id!
) returns MuGets the HTTP message with the given ID. Returns the ID, request/response headers and bodies, cookies, note, type, RTT, and timestamp.
method messages(
:$baseurl,
:$start,
:$count
) returns MuGets the HTTP messages sent by ZAP, request and response, optionally filtered by URL and paginated with 'start' position and 'count' of messages
method messagesById(
:$ids!
) returns MuGets the HTTP messages with the given IDs.
method mode() returns MuGets the mode
method numberOfAlerts(
:$baseurl,
:$riskId
) returns MuGets the number of alerts, optionally filtering by URL or riskId
method numberOfMessages(
:$baseurl
) returns MuGets the number of messages, optionally filtering by URL
method optionAlertOverridesFilePath() returns MuGets the path to the file with alert overrides.
method optionDefaultUserAgent() returns MuGets the user agent that ZAP should use when creating HTTP messages (for example, spider messages or CONNECT requests to outgoing proxy).
method optionDnsTtlSuccessfulQueries() returns MuGets the TTL (in seconds) of successful DNS queries.
method optionHttpState() returns MuNo Doc
method optionHttpStateEnabled() returns MuNo Doc
method optionMaximumAlertInstances() returns MuGets the maximum number of alert instances to include in a report.
method optionMergeRelatedAlerts() returns MuGets whether or not related alerts will be merged in any reports generated.
method optionProxyChainName() returns MuNo Doc
method optionProxyChainPassword() returns MuNo Doc
method optionProxyChainPort() returns MuNo Doc
method optionProxyChainPrompt() returns MuNo Doc
method optionProxyChainRealm() returns MuNo Doc
method optionProxyChainSkipName() returns MuUse view proxyChainExcludedDomains instead.
method optionProxyChainUserName() returns MuNo Doc
method optionProxyExcludedDomains() returns MuUse view proxyChainExcludedDomains instead.
method optionProxyExcludedDomainsEnabled() returns MuUse view proxyChainExcludedDomains instead.
method optionSingleCookieRequestHeader() returns MuNo Doc
method optionTimeoutInSecs() returns MuGets the connection time out, in seconds.
method optionUseProxyChain() returns MuNo Doc
method optionUseProxyChainAuth() returns MuNo Doc
method proxyChainExcludedDomains() returns MuGets all the domains that are excluded from the outgoing proxy. For each domain the following are shown: the index, the value (domain), if enabled, and if specified as a regex.
method sessionLocation() returns MuGets the location of the current session file
method sites() returns MuGets the sites accessed through/by ZAP (scheme and domain)
method urls(
:$baseurl
) returns MuGets the URLs accessed through/by ZAP, optionally filtering by (base) URL.
method version() returns MuGets ZAP version
method zapHomePath() returns MuGets the path to ZAP's home directory.
method htmlreport() returns MuGenerates a report in HTML format
method jsonreport() returns MuGenerates a report in JSON format
method mdreport() returns MuGenerates a report in Markdown format
method messageHar(
:$id!
) returns MuGets the message with the given ID in HAR format
method messagesHar(
:$baseurl,
:$start,
:$count
) returns MuGets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages
method messagesHarById(
:$ids!
) returns MuGets the HTTP messages with the given IDs, in HAR format.
method proxypac() returns MuNo Doc
method rootcert() returns MuGets the Root CA certificate used by the local proxies.
method sendHarRequest(
:$request!,
:$followRedirects
) returns MuSends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirections), custom manual requests are not allowed in 'Safe' mode nor in 'Protected' mode if out of scope.
method setproxy(
:$proxy!
) returns MuNo Doc
method xmlreport() returns MuGenerates a report in XML format
method accessUrl(
:$url!,
:$followRedirects
) returns MuConvenient and simple action to access a URL, optionally following redirections. Returns the request sent and response received and followed redirections, if any. Other actions are available which offer more control on what is sent, like, 'sendRequest' or 'sendHarRequest'.
method addProxyChainExcludedDomain(
:$value!,
:$isRegex,
:$isEnabled
) returns MuAdds a domain to be excluded from the outgoing proxy, using the specified value. Optionally sets if the new entry is enabled (default, true) and whether or not the new value is specified as a regex (default, false).
method clearExcludedFromProxy() returns MuClears the regexes of URLs excluded from the local proxies.
method deleteAlert(
:$id!
) returns MuDeletes the alert with the given ID.
method deleteAllAlerts() returns MuDeletes all alerts of the current session.
method deleteSiteNode(
:$url!,
:$method,
:$postData
) returns MuDeletes the site node found in the Sites Tree on the basis of the URL, HTTP method, and post data (if applicable and specified).
method disableAllProxyChainExcludedDomains() returns MuDisables all domains excluded from the outgoing proxy.
method disableClientCertificate() returns MuDisables the option for use of client certificates.
method enableAllProxyChainExcludedDomains() returns MuEnables all domains excluded from the outgoing proxy.
method enablePKCS12ClientCertificate(
:$filePath!,
:$password!,
:$index
) returns MuEnables use of a PKCS12 client certificate for the certificate with the given file system path, password, and optional index.
method excludeFromProxy(
:$regex!
) returns MuAdds a regex of URLs that should be excluded from the local proxies.
method generateRootCA() returns MuGenerates a new Root CA certificate for the local proxies.
method loadSession(
:$name!
) returns MuLoads the session with the given name. If a relative path is specified it will be resolved against the "session" directory in ZAP "home" dir.
method modifyProxyChainExcludedDomain(
:$idx!,
:$value,
:$isRegex,
:$isEnabled
) returns MuModifies a domain excluded from the outgoing proxy. Allows to modify the value, if enabled or if a regex. The domain is selected with its index, which can be obtained with the view proxyChainExcludedDomains.
method newSession(
:$name,
:$overwrite
) returns MuCreates a new session, optionally overwriting existing files. If a relative path is specified it will be resolved against the "session" directory in ZAP "home" dir.
method removeProxyChainExcludedDomain(
:$idx!
) returns MuRemoves a domain excluded from the outgoing proxy, with the given index. The index can be obtained with the view proxyChainExcludedDomains.
method runGarbageCollection() returns MuNo Doc
method saveSession(
:$name!,
:$overwrite
) returns MuSaves the session.
method sendRequest(
:$request!,
:$followRedirects
) returns MuSends the HTTP request, optionally following redirections. Returns the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirections), custom manual requests are not allowed in 'Safe' mode nor in 'Protected' mode if out of scope.
method setHomeDirectory(
:$dir!
) returns MuNo Doc
method setMode(
:$mode!
) returns MuSets the mode, which may be one of [safe, protect, standard, attack]
method setOptionAlertOverridesFilePath(
:$filePath
) returns MuSets (or clears, if empty) the path to the file with alert overrides.
method setOptionDefaultUserAgent(
:$String!
) returns MuSets the user agent that ZAP should use when creating HTTP messages (for example, spider messages or CONNECT requests to outgoing proxy).
method setOptionDnsTtlSuccessfulQueries(
:$Integer!
) returns MuSets the TTL (in seconds) of successful DNS queries (applies after ZAP restart).
method setOptionHttpStateEnabled(
:$Boolean!
) returns MuNo Doc
method setOptionMaximumAlertInstances(
:$numberOfInstances!
) returns MuSets the maximum number of alert instances to include in a report. A value of zero is treated as unlimited.
method setOptionMergeRelatedAlerts(
:$enabled!
) returns MuSets whether or not related alerts will be merged in any reports generated.
method setOptionProxyChainName(
:$String!
) returns MuNo Doc
method setOptionProxyChainPassword(
:$String!
) returns MuNo Doc
method setOptionProxyChainPort(
:$Integer!
) returns MuNo Doc
method setOptionProxyChainPrompt(
:$Boolean!
) returns MuNo Doc
method setOptionProxyChainRealm(
:$String!
) returns MuNo Doc
method setOptionProxyChainSkipName(
:$String!
) returns MuUse actions [add|modify|remove]ProxyChainExcludedDomain instead.
method setOptionProxyChainUserName(
:$String!
) returns MuNo Doc
method setOptionSingleCookieRequestHeader(
:$Boolean!
) returns MuNo Doc
method setOptionTimeoutInSecs(
:$Integer!
) returns MuSets the connection time out, in seconds.
method setOptionUseProxyChain(
:$Boolean!
) returns MuSets whether or not the outgoing proxy should be used. The address/hostname of the outgoing proxy must be set to enable this option.
method setOptionUseProxyChainAuth(
:$Boolean!
) returns MuNo Doc
method shutdown() returns MuShuts down ZAP
method snapshotSession(
:$name,
:$overwrite
) returns MuSnapshots the session, optionally with the given name, and overwriting existing files. If no name is specified the name of the current session with a timestamp appended is used. If a relative path is specified it will be resolved against the "session" directory in ZAP "home" dir.
class Zap::Users Methods
method newUser(
:$contextId!,
:$name!
) returns MuCreates a new user with the given name for the context with the given ID.
method removeUser(
:$contextId!,
:$userId!
) returns MuRemoves the user with the given ID that belongs to the context with the given ID.
method setAuthenticationCredentials(
:$contextId!,
:$userId!,
:$authCredentialsConfigParams
) returns MuSets the authentication credentials for the user with the given ID that belongs to the context with the given ID.
method setUserEnabled(
:$contextId!,
:$userId!,
:$enabled!
) returns MuSets whether or not the user, with the given ID that belongs to the context with the given ID, should be enabled.
method setUserName(
:$contextId!,
:$userId!,
:$name!
) returns MuRenames the user with the given ID that belongs to the context with the given ID.
method getUserById(
:$contextId!,
:$userId!
) returns MuGets the data of the user with the given ID that belongs to the context with the given ID.
method usersList(
:$contextId
) returns MuGets a list of users that belong to the context with the given ID, or all users if none provided.
class Zap::Acsrf Methods
method removeOptionToken(
:$String!
) returns MuRemoves the anti-CSRF token with the given name
method genForm(
:$hrefId!
) returns MuGenerate a form for testing lack of anti-CSRF tokens - typically invoked via ZAP
class Zap::Search Methods
method harByHeaderRegex(
:$regex!,
:$baseurl,
:$start,
:$count
) returns MuReturns the HTTP messages, in HAR format, that match the given regular expression in the header(s) optionally filtered by URL and paginated with 'start' position and 'count' of messages.
method harByRequestRegex(
:$regex!,
:$baseurl,
:$start,
:$count
) returns MuReturns the HTTP messages, in HAR format, that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages.
method harByResponseRegex(
:$regex!,
:$baseurl,
:$start,
:$count
) returns MuReturns the HTTP messages, in HAR format, that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages.
method harByUrlRegex(
:$regex!,
:$baseurl,
:$start,
:$count
) returns MuReturns the HTTP messages, in HAR format, that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages.
method messagesByResponseRegex(
:$regex!,
:$baseurl,
:$start,
:$count
) returns MuReturns the HTTP messages that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages.
method messagesByUrlRegex(
:$regex!,
:$baseurl,
:$start,
:$count
) returns MuReturns the HTTP messages that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages.
method urlsByHeaderRegex(
:$regex!,
:$baseurl,
:$start,
:$count
) returns MuReturns the URLs of the HTTP messages that match the given regular expression in the header(s) optionally filtered by URL and paginated with 'start' position and 'count' of messages.
method urlsByRequestRegex(
:$regex!,
:$baseurl,
:$start,
:$count
) returns MuReturns the URLs of the HTTP messages that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages.
method urlsByResponseRegex(
:$regex!,
:$baseurl,
:$start,
:$count
) returns MuReturns the URLs of the HTTP messages that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages.
method urlsByUrlRegex(
:$regex!,
:$baseurl,
:$start,
:$count
) returns MuReturns the URLs of the HTTP messages that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages.
class Zap::Replacer Methods
method removeRule(
:$description!
) returns MuRemoves the rule with the given description
method setEnabled(
:$description!,
:$bool!
) returns MuEnables or disables the rule with the given description based on the bool parameter
class Zap::Context Methods
method excludeAllContextTechnologies(
:$contextName!
) returns MuExcludes all built in technologies from a context
method excludeContextTechnologies(
:$contextName!,
:$technologyNames!
) returns MuExcludes technologies with the given names, separated by a comma, from a context
method excludeFromContext(
:$contextName!,
:$regex!
) returns MuAdd exclude regex to context
method exportContext(
:$contextName!,
:$contextFile!
) returns MuExports the context with the given name to a file. If a relative file path is specified it will be resolved against the "contexts" directory in ZAP "home" dir.
method importContext(
:$contextFile!
) returns MuImports a context from a file. If a relative file path is specified it will be resolved against the "contexts" directory in ZAP "home" dir.
method includeAllContextTechnologies(
:$contextName!
) returns MuIncludes all built in technologies in to a context
method includeContextTechnologies(
:$contextName!,
:$technologyNames!
) returns MuIncludes technologies with the given names, separated by a comma, to a context
method includeInContext(
:$contextName!,
:$regex!
) returns MuAdd include regex to context
method newContext(
:$contextName!
) returns MuCreates a new context with the given name in the current session
method removeContext(
:$contextName!
) returns MuRemoves a context in the current session
method setContextInScope(
:$contextName!,
:$booleanInScope!
) returns MuSets a context to in scope (contexts are in scope by default)
method setContextRegexs(
:$contextName!,
:$incRegexs!,
:$excRegexs!
) returns MuSet the regexs to include and exclude for a context, both supplied as JSON string arrays
method excludeRegexs(
:$contextName!
) returns MuList excluded regexs for context
method excludedTechnologyList(
:$contextName!
) returns MuLists the names of all technologies excluded from a context
method includeRegexs(
:$contextName!
) returns MuList included regexs for context
method includedTechnologyList(
:$contextName!
) returns MuLists the names of all technologies included in a context
method technologyList() returns MuLists the names of all built in technologies
method urls(
:$contextName!
) returns MuLists the URLs accessed through/by ZAP, that belong to the context with the given name.
class Zap::Autoupdate Methods
method downloadLatestRelease() returns MuDownloads the latest release, if any
method installAddon(
:$id!
) returns MuInstalls or updates the specified add-on, returning when complete (i.e. not asynchronously)
method setOptionCheckAddonUpdates(
:$Boolean!
) returns MuNo Doc
method setOptionCheckOnStart(
:$Boolean!
) returns MuNo Doc
method setOptionDownloadNewRelease(
:$Boolean!
) returns MuNo Doc
method setOptionInstallAddonUpdates(
:$Boolean!
) returns MuNo Doc
method setOptionInstallScannerRules(
:$Boolean!
) returns MuNo Doc
method setOptionReportAlphaAddons(
:$Boolean!
) returns MuNo Doc
method setOptionReportBetaAddons(
:$Boolean!
) returns MuNo Doc
method setOptionReportReleaseAddons(
:$Boolean!
) returns MuNo Doc
method uninstallAddon(
:$id!
) returns MuUninstalls the specified add-on
method latestVersionNumber() returns MuReturns the latest version number
method localAddons() returns MuReturns a list with all local add-ons, installed or not.
method marketplaceAddons() returns MuReturn a list of all of the add-ons on the ZAP Marketplace (this information is read once and then cached)
method newAddons() returns MuReturn a list of any add-ons that have been added to the Marketplace since the last check for updates
method optionAddonDirectories() returns MuNo Doc
method optionCheckAddonUpdates() returns MuNo Doc
method optionCheckOnStart() returns MuNo Doc
method optionDayLastChecked() returns MuNo Doc
method optionDayLastInstallWarned() returns MuNo Doc
method optionDayLastUpdateWarned() returns MuNo Doc
method optionDownloadDirectory() returns MuNo Doc
method optionDownloadNewRelease() returns MuNo Doc
method optionInstallAddonUpdates() returns MuNo Doc
method optionInstallScannerRules() returns MuNo Doc
method optionReportAlphaAddons() returns MuNo Doc
method optionReportBetaAddons() returns MuNo Doc
method optionReportReleaseAddons() returns MuNo Doc
method updatedAddons() returns MuReturn a list of any add-ons that have been changed in the Marketplace since the last check for updates
class Zap::Alert Methods
method addAlert(
:$messageId!,
:$name!,
:$riskId!,
:$confidenceId!,
:$description!,
:$param,
:$attack,
:$otherInfo,
:$solution,
:$references,
:$evidence,
:$cweId,
:$wascId
) returns MuAdd an alert associated with the given message ID, with the provided details. (The ID of the created alert is returned.)
method deleteAlert(
:$id!
) returns MuDeletes the alert with the given ID.
method deleteAllAlerts() returns MuDeletes all alerts of the current session.
method updateAlert(
:$id!,
:$name!,
:$riskId!,
:$confidenceId!,
:$description!,
:$param,
:$attack,
:$otherInfo,
:$solution,
:$references,
:$evidence,
:$cweId,
:$wascId
) returns MuUpdate the alert with the given ID, with the provided details.
method alerts(
:$baseurl,
:$start,
:$count,
:$riskId
) returns MuGets the alerts raised by ZAP, optionally filtering by URL or riskId, and paginating with 'start' position and 'count' of alerts
method alertsByRisk(
:$url,
:$recurse
) returns MuGets a summary of the alerts, optionally filtered by a 'url'. If 'recurse' is true then all alerts that apply to urls that start with the specified 'url' will be returned, otherwise only those on exactly the same 'url' (ignoring url parameters)
method alertsSummary(
:$baseurl
) returns MuGets number of alerts grouped by each risk level, optionally filtering by URL
method numberOfAlerts(
:$baseurl,
:$riskId
) returns MuGets the number of alerts, optionally filtering by URL or riskId