SYNOPSIS
Zap
use lib 'lib';
use Zap;
# Config Zap Client
ZapConfig(:apikey<apikey12345>,:port<8081>,:addr<127.0.0.1>);
# send a url to the spider
my $scanId = Zap::Spider.scan(:url<https://perl.org>);
# get the spider status
my $status = Zap::Spider.status(:$scanId);
# wait for the spider to finish then get the result
$*OUT = $*OUT.open(:!buffer);
while Zap::Spider.status(:$scanId) < 100 {
print "Spider progress {Zap::Spider.status(:$scanId)} \r";
}
$*OUT = $*OUT.open(:buffer);
put "URL : $_" for Zap::Spider.results(:$scanId);
my @scans = Zap::Spider.scans; # this needs some work
put "ID , Progress , State";
for @scans -> %scan {
put %scan<id progress state>.fmt("%s",', ')
}
Installation
zef install Zap
TODO
- Make the code and API Response more easy to handle
- Write a Script to provide a CLI
raku-zap maybe ? - Write an Interface for the zap CLI
- Automate Spider and Scanners
- Since we are using Cro::HTTP::Client , we can handel the other response formats with
body-parsers (a Cro::HTTP::BodyParser class)
Bad Generated Docs (needs more work)
class Zap::Ruleconfig
class Zap::Ruleconfig Methods
method resetAllRuleConfigValues
method resetAllRuleConfigValues() returns Mu
Reset all of the rule configurations
method resetRuleConfigValue
method resetRuleConfigValue(
:$key!
) returns Mu
Reset the specified rule configuration, which must already exist
method setRuleConfigValue
method setRuleConfigValue(
:$key!,
:$value
) returns Mu
Set the specified rule configuration, which must already exist
class Zap::Break
class Zap::Break Methods
method isBreakRequest
method isBreakRequest() returns Mu
Returns True if ZAP will break on requests
method isBreakResponse
method isBreakResponse() returns Mu
Returns True if ZAP will break on responses
method waitForHttpBreak
method waitForHttpBreak(
:$poll,
:$keepalive
) returns Mu
Waits until an HTTP breakpoint has been hit, at which point it returns the message. Poll is the number of milliseconds ZAP will pause between checking for breakpoints being hit (default 500). If keepalive is zero or less then the response will be returned as a Server Sent Event, otherwise it is used as the frequency in seconds at which 'keepalive' events should be returned and the response is sent as a standard response.
method addHttpBreakpoint
method addHttpBreakpoint(
:$string!,
:$location!,
:$match!,
:$inverse!,
:$ignorecase!
) returns Mu
Adds a custom HTTP breakpoint. The string is the string to match. Location may be one of: url, request_header, request_body, response_header or response_body. Match may be: contains or regex. Inverse (match) may be true or false. Lastly, ignorecase (when matching the string) may be true or false.
method break
method break(
:$type!,
:$state!,
:$scope
) returns Mu
Controls the global break functionality. The type may be one of: http-all, http-request or http-response. The state may be true (for turning break on for the specified type) or false (for turning break off). Scope is not currently used.
method continue
method continue() returns Mu
Submits the currently intercepted message and unsets the global request/response breakpoints
method drop
method drop() returns Mu
Drops the currently intercepted message
method removeHttpBreakpoint
method removeHttpBreakpoint(
:$string!,
:$location!,
:$match!,
:$inverse!,
:$ignorecase!
) returns Mu
Removes the specified breakpoint
method setHttpMessage
method setHttpMessage(
:$httpHeader!,
:$httpBody
) returns Mu
Overwrites the currently intercepted message with the data provided
method step
method step() returns Mu
Submits the currently intercepted message, the next request or response will automatically be intercepted
class Zap::Hud
class Zap::Hud Methods
method hudAlertData
method hudAlertData(
:$url!
) returns Mu
Returns the alert summary needed by the HUD for the specified URL
method optionAllowUnsafeEval
method optionAllowUnsafeEval() returns Mu
Returns true if the 'Allow unsafe-eval' option is set
method optionBaseDirectory
method optionBaseDirectory() returns Mu
Returns the base directory from which the HUD files are loaded
method optionDevelopmentMode
method optionDevelopmentMode() returns Mu
Returns true if the 'Development mode' option is set
method optionEnableOnDomainMsgs
method optionEnableOnDomainMsgs() returns Mu
No Doc
method optionEnabledForDaemon
method optionEnabledForDaemon() returns Mu
No Doc
method optionEnabledForDesktop
method optionEnabledForDesktop() returns Mu
No Doc
method optionInScopeOnly
method optionInScopeOnly() returns Mu
Returns true if the 'In scope only' option is set
method optionRemoveCSP
method optionRemoveCSP() returns Mu
Returns true if the 'Remove CSP' option is set
method optionShowWelcomeScreen
method optionShowWelcomeScreen() returns Mu
No Doc
method optionSkipTutorialTasks
method optionSkipTutorialTasks() returns Mu
No Doc
method optionTutorialHost
method optionTutorialHost() returns Mu
No Doc
method optionTutorialPort
method optionTutorialPort() returns Mu
No Doc
method optionTutorialTasksDone
method optionTutorialTasksDone() returns Mu
No Doc
method optionTutorialTestMode
method optionTutorialTestMode() returns Mu
No Doc
method optionTutorialUpdates
method optionTutorialUpdates() returns Mu
No Doc
method tutorialUpdates
method tutorialUpdates() returns Mu
No Doc
method upgradedDomains
method upgradedDomains() returns Mu
No Doc
method changesInHtml
method changesInHtml() returns Mu
Returns the changelog in HTML format
method log
method log(
:$record!
) returns Mu
Used by the HUD to log messages from the browser
method recordRequest
method recordRequest(
:$header!,
:$body!
) returns Mu
Used by the HUD to cache a request the user wants to send in the browser
method resetTutorialTasks
method resetTutorialTasks() returns Mu
Reset the tutorial tasks so that they must be completed again
method setOptionBaseDirectory
method setOptionBaseDirectory(
:$String!
) returns Mu
Set the base directory from which the HUD files are loaded
method setOptionDevelopmentMode
method setOptionDevelopmentMode(
:$Boolean!
) returns Mu
Sets the boolean option 'Development mode'
method setOptionEnableOnDomainMsgs
method setOptionEnableOnDomainMsgs(
:$Boolean!
) returns Mu
No Doc
method setOptionEnabledForDaemon
method setOptionEnabledForDaemon(
:$Boolean!
) returns Mu
No Doc
method setOptionEnabledForDesktop
method setOptionEnabledForDesktop(
:$Boolean!
) returns Mu
No Doc
method setOptionInScopeOnly
method setOptionInScopeOnly(
:$Boolean!
) returns Mu
Sets the boolean option 'In scope only'
method setOptionRemoveCSP
method setOptionRemoveCSP(
:$Boolean!
) returns Mu
Sets the boolean option 'Remove CSP'
method setOptionShowWelcomeScreen
method setOptionShowWelcomeScreen(
:$Boolean!
) returns Mu
No Doc
method setOptionSkipTutorialTasks
method setOptionSkipTutorialTasks(
:$Boolean!
) returns Mu
No Doc
method setOptionTutorialTaskDone
method setOptionTutorialTaskDone(
:$String!
) returns Mu
No Doc
method setOptionTutorialTestMode
method setOptionTutorialTestMode(
:$Boolean!
) returns Mu
No Doc
method setUiOption
method setUiOption(
:$key!,
:$value
) returns Mu
Sets a UI option with the given key and value. The key must be 50 or fewer alphanumeric characters
class Zap::Forceduser
class Zap::Forceduser Methods
method setForcedUser
method setForcedUser(
:$contextId!,
:$userId!
) returns Mu
Sets the user (ID) that should be used in 'forced user' mode for the given context (ID)
method setForcedUserModeEnabled
method setForcedUserModeEnabled(
:$boolean!
) returns Mu
Sets if 'forced user' mode should be enabled or not
class Zap::Stats
class Zap::Stats Methods
method clearStats
method clearStats(
:$keyPrefix
) returns Mu
Clears all of the statistics
method setOptionInMemoryEnabled
method setOptionInMemoryEnabled(
:$Boolean!
) returns Mu
Sets whether in memory statistics are enabled
method setOptionStatsdHost
method setOptionStatsdHost(
:$String!
) returns Mu
Sets the Statsd service hostname, supply an empty string to stop using a Statsd service
method setOptionStatsdPort
method setOptionStatsdPort(
:$Integer!
) returns Mu
Sets the Statsd service port
method setOptionStatsdPrefix
method setOptionStatsdPrefix(
:$String!
) returns Mu
Sets the prefix to be applied to all stats sent to the configured Statsd service
method optionStatsdEnabled
method optionStatsdEnabled() returns Mu
Returns 'true' if a Statsd server has been correctly configured, otherwise returns 'false'
method optionStatsdHost
method optionStatsdHost() returns Mu
Gets the Statsd service hostname
method optionStatsdPort
method optionStatsdPort() returns Mu
Gets the Statsd service port
method optionStatsdPrefix
method optionStatsdPrefix() returns Mu
Gets the prefix to be applied to all stats sent to the configured Statsd service
method siteStats
method siteStats(
:$site!,
:$keyPrefix
) returns Mu
Gets all of the global statistics, optionally filtered by a key prefix
method stats
method stats(
:$keyPrefix
) returns Mu
Statistics
class Zap::Alertfilter
class Zap::Alertfilter Methods
method addAlertFilter
method addAlertFilter(
:$contextId!,
:$ruleId!,
:$newLevel!,
:$url,
:$urlIsRegex,
:$parameter,
:$enabled,
:$parameterIsRegex,
:$attack,
:$attackIsRegex,
:$evidence,
:$evidenceIsRegex
) returns Mu
Adds a new alert filter for the context with the given ID.
method addGlobalAlertFilter
method addGlobalAlertFilter(
:$ruleId!,
:$newLevel!,
:$url,
:$urlIsRegex,
:$parameter,
:$enabled,
:$parameterIsRegex,
:$attack,
:$attackIsRegex,
:$evidence,
:$evidenceIsRegex
) returns Mu
Adds a new global alert filter.
method removeAlertFilter
method removeAlertFilter(
:$contextId!,
:$ruleId!,
:$newLevel!,
:$url,
:$urlIsRegex,
:$parameter,
:$enabled,
:$parameterIsRegex,
:$attack,
:$attackIsRegex,
:$evidence,
:$evidenceIsRegex
) returns Mu
Removes an alert filter from the context with the given ID.
method removeGlobalAlertFilter
method removeGlobalAlertFilter(
:$ruleId!,
:$newLevel!,
:$url,
:$urlIsRegex,
:$parameter,
:$enabled,
:$parameterIsRegex,
:$attack,
:$attackIsRegex,
:$evidence,
:$evidenceIsRegex
) returns Mu
Removes a global alert filter.
class Zap::Ascan
class Zap::Ascan Methods
method addExcludedParam
method addExcludedParam(
:$name!,
:$type,
:$url
) returns Mu
Adds a new parameter excluded from the scan, using the specified name. Optionally sets if the new entry applies to a specific URL (default, all URLs) and sets the ID of the type of the parameter (default, ID of any type). The type IDs can be obtained with the view excludedParamTypes.
method addScanPolicy
method addScanPolicy(
:$scanPolicyName!,
:$alertThreshold,
:$attackStrength
) returns Mu
No Doc
method clearExcludedFromScan
method clearExcludedFromScan() returns Mu
Clears the regexes of URLs excluded from the active scans.
method disableAllScanners
method disableAllScanners(
:$scanPolicyName
) returns Mu
Disables all scanners of the scan policy with the given name, or the default if none given.
method disableScanners
method disableScanners(
:$ids!,
:$scanPolicyName
) returns Mu
Disables the scanners with the given IDs (comma separated list of IDs) of the scan policy with the given name, or the default if none given.
method enableAllScanners
method enableAllScanners(
:$scanPolicyName
) returns Mu
Enables all scanners of the scan policy with the given name, or the default if none given.
method enableScanners
method enableScanners(
:$ids!,
:$scanPolicyName
) returns Mu
Enables the scanners with the given IDs (comma separated list of IDs) of the scan policy with the given name, or the default if none given.
method excludeFromScan
method excludeFromScan(
:$regex!
) returns Mu
Adds a regex of URLs that should be excluded from the active scans.
method importScanPolicy
method importScanPolicy(
:$path!
) returns Mu
Imports a Scan Policy using the given file system path.
method modifyExcludedParam
method modifyExcludedParam(
:$idx!,
:$name,
:$type,
:$url
) returns Mu
Modifies a parameter excluded from the scan. Allows to modify the name, the URL and the type of parameter. The parameter is selected with its index, which can be obtained with the view excludedParams.
method pause
method pause(
:$scanId!
) returns Mu
No Doc
method pauseAllScans
method pauseAllScans() returns Mu
No Doc
method removeAllScans
method removeAllScans() returns Mu
No Doc
method removeExcludedParam
method removeExcludedParam(
:$idx!
) returns Mu
Removes a parameter excluded from the scan, with the given index. The index can be obtained with the view excludedParams.
method removeScan
method removeScan(
:$scanId!
) returns Mu
No Doc
method removeScanPolicy
method removeScanPolicy(
:$scanPolicyName!
) returns Mu
No Doc
method resume
method resume(
:$scanId!
) returns Mu
No Doc
method resumeAllScans
method resumeAllScans() returns Mu
No Doc
method scan
method scan(
:$url,
:$recurse,
:$inScopeOnly,
:$scanPolicyName,
:$method,
:$postData,
:$contextId
) returns Mu
Runs the active scanner against the given URL and/or Context. Optionally, the 'recurse' parameter can be used to scan URLs under the given URL, the parameter 'inScopeOnly' can be used to constrain the scan to URLs that are in scope (ignored if a Context is specified), the parameter 'scanPolicyName' allows to specify the scan policy (if none is given it uses the default scan policy), the parameters 'method' and 'postData' allow to select a given request in conjunction with the given URL.
method scanAsUser
method scanAsUser(
:$url,
:$contextId,
:$userId,
:$recurse,
:$scanPolicyName,
:$method,
:$postData
) returns Mu
Active Scans from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details.
method setEnabledPolicies
method setEnabledPolicies(
:$ids!,
:$scanPolicyName
) returns Mu
No Doc
method setOptionAddQueryParam
method setOptionAddQueryParam(
:$Boolean!
) returns Mu
Sets whether or not the active scanner should add a query param to GET requests which do not have parameters to start with.
method setOptionAllowAttackOnStart
method setOptionAllowAttackOnStart(
:$Boolean!
) returns Mu
No Doc
method setOptionAttackPolicy
method setOptionAttackPolicy(
:$String!
) returns Mu
No Doc
method setOptionDefaultPolicy
method setOptionDefaultPolicy(
:$String!
) returns Mu
No Doc
method setOptionDelayInMs
method setOptionDelayInMs(
:$Integer!
) returns Mu
No Doc
method setOptionHandleAntiCSRFTokens
method setOptionHandleAntiCSRFTokens(
:$Boolean!
) returns Mu
No Doc
method setOptionHostPerScan
method setOptionHostPerScan(
:$Integer!
) returns Mu
No Doc
method setOptionInjectPluginIdInHeader(
:$Boolean!
) returns Mu
Sets whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scanner that's sending the requests.
method setOptionMaxChartTimeInMins
method setOptionMaxChartTimeInMins(
:$Integer!
) returns Mu
No Doc
method setOptionMaxResultsToList
method setOptionMaxResultsToList(
:$Integer!
) returns Mu
No Doc
method setOptionMaxRuleDurationInMins
method setOptionMaxRuleDurationInMins(
:$Integer!
) returns Mu
No Doc
method setOptionMaxScanDurationInMins
method setOptionMaxScanDurationInMins(
:$Integer!
) returns Mu
No Doc
method setOptionMaxScansInUI
method setOptionMaxScansInUI(
:$Integer!
) returns Mu
No Doc
method setOptionPromptInAttackMode
method setOptionPromptInAttackMode(
:$Boolean!
) returns Mu
No Doc
method setOptionPromptToClearFinishedScans
method setOptionPromptToClearFinishedScans(
:$Boolean!
) returns Mu
No Doc
method setOptionRescanInAttackMode
method setOptionRescanInAttackMode(
:$Boolean!
) returns Mu
No Doc
method setOptionScanHeadersAllRequests(
:$Boolean!
) returns Mu
Sets whether or not the HTTP Headers of all requests should be scanned. Not just requests that send parameters, through the query or request body.
method setOptionShowAdvancedDialog
method setOptionShowAdvancedDialog(
:$Boolean!
) returns Mu
No Doc
method setOptionTargetParamsEnabledRPC
method setOptionTargetParamsEnabledRPC(
:$Integer!
) returns Mu
No Doc
method setOptionTargetParamsInjectable
method setOptionTargetParamsInjectable(
:$Integer!
) returns Mu
No Doc
method setOptionThreadPerHost
method setOptionThreadPerHost(
:$Integer!
) returns Mu
No Doc
method setPolicyAlertThreshold
method setPolicyAlertThreshold(
:$id!,
:$alertThreshold!,
:$scanPolicyName
) returns Mu
No Doc
method setPolicyAttackStrength
method setPolicyAttackStrength(
:$id!,
:$attackStrength!,
:$scanPolicyName
) returns Mu
No Doc
method setScannerAlertThreshold
method setScannerAlertThreshold(
:$id!,
:$alertThreshold!,
:$scanPolicyName
) returns Mu
No Doc
method setScannerAttackStrength
method setScannerAttackStrength(
:$id!,
:$attackStrength!,
:$scanPolicyName
) returns Mu
No Doc
method skipScanner
method skipScanner(
:$scanId!,
:$scannerId!
) returns Mu
Skips the scanner using the given IDs of the scan and the scanner.
method stop
method stop(
:$scanId!
) returns Mu
No Doc
method stopAllScans
method stopAllScans() returns Mu
No Doc
method updateScanPolicy
method updateScanPolicy(
:$scanPolicyName!,
:$alertThreshold,
:$attackStrength
) returns Mu
No Doc
method excludedFromScan
method excludedFromScan() returns Mu
Gets the regexes of URLs excluded from the active scans.
method excludedParamTypes
method excludedParamTypes() returns Mu
Gets all the types of excluded parameters. For each type the following are shown: the ID and the name.
method excludedParams
method excludedParams() returns Mu
Gets all the parameters that are excluded. For each parameter the following are shown: the name, the URL, and the parameter type.
method messagesIds
method messagesIds(
:$scanId!
) returns Mu
Gets the IDs of the messages sent during the scan with the given ID. A message can be obtained with 'message' core view.
method optionAddQueryParam
method optionAddQueryParam() returns Mu
Tells whether or not the active scanner should add a query parameter to GET request that don't have parameters to start with.
method optionAllowAttackOnStart
method optionAllowAttackOnStart() returns Mu
No Doc
method optionAttackPolicy
method optionAttackPolicy() returns Mu
No Doc
method optionDefaultPolicy
method optionDefaultPolicy() returns Mu
No Doc
method optionDelayInMs
method optionDelayInMs() returns Mu
No Doc
method optionExcludedParamList
method optionExcludedParamList() returns Mu
Use view excludedParams instead.
method optionHandleAntiCSRFTokens
method optionHandleAntiCSRFTokens() returns Mu
No Doc
method optionHostPerScan
method optionHostPerScan() returns Mu
No Doc
method optionInjectPluginIdInHeader() returns Mu
Tells whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scanner that's sending the requests.
method optionMaxChartTimeInMins
method optionMaxChartTimeInMins() returns Mu
No Doc
method optionMaxResultsToList
method optionMaxResultsToList() returns Mu
No Doc
method optionMaxRuleDurationInMins
method optionMaxRuleDurationInMins() returns Mu
No Doc
method optionMaxScanDurationInMins
method optionMaxScanDurationInMins() returns Mu
No Doc
method optionMaxScansInUI
method optionMaxScansInUI() returns Mu
No Doc
method optionPromptInAttackMode
method optionPromptInAttackMode() returns Mu
No Doc
method optionPromptToClearFinishedScans
method optionPromptToClearFinishedScans() returns Mu
No Doc
method optionRescanInAttackMode
method optionRescanInAttackMode() returns Mu
No Doc
method optionScanHeadersAllRequests() returns Mu
Tells whether or not the HTTP Headers of all requests should be scanned. Not just requests that send parameters, through the query or request body.
method optionShowAdvancedDialog
method optionShowAdvancedDialog() returns Mu
No Doc
method optionTargetParamsEnabledRPC
method optionTargetParamsEnabledRPC() returns Mu
No Doc
method optionTargetParamsInjectable
method optionTargetParamsInjectable() returns Mu
No Doc
method optionThreadPerHost
method optionThreadPerHost() returns Mu
No Doc
method policies
method policies(
:$scanPolicyName,
:$policyId
) returns Mu
No Doc
method scanPolicyNames
method scanPolicyNames() returns Mu
No Doc
method scanProgress
method scanProgress(
:$scanId
) returns Mu
No Doc
method scanners
method scanners(
:$scanPolicyName,
:$policyId
) returns Mu
Gets the scanners, optionally, of the given scan policy and/or scanner policy/category ID.
method scans
method scans() returns Mu
No Doc
method status
method status(
:$scanId
) returns Mu
No Doc
class Zap::Spider
class Zap::Spider Methods
method domainsAlwaysInScope
method domainsAlwaysInScope() returns Mu
Gets all the domains that are always in scope. For each domain the following are shown: the index, the value (domain), if enabled, and if specified as a regex.
method excludedFromScan
method excludedFromScan() returns Mu
Gets the regexes of URLs excluded from the spider scans.
method fullResults
method fullResults(
:$scanId!
) returns Mu
No Doc
method optionAcceptCookies
method optionAcceptCookies() returns Mu
Gets whether or not a spider process should accept cookies while spidering.
method optionDomainsAlwaysInScope
method optionDomainsAlwaysInScope() returns Mu
Use view domainsAlwaysInScope instead.
method optionDomainsAlwaysInScopeEnabled
method optionDomainsAlwaysInScopeEnabled() returns Mu
Use view domainsAlwaysInScope instead.
method optionHandleODataParametersVisited
method optionHandleODataParametersVisited() returns Mu
No Doc
method optionHandleParameters
method optionHandleParameters() returns Mu
No Doc
method optionMaxChildren
method optionMaxChildren() returns Mu
Gets the maximum number of child nodes (per node) that can be crawled, 0 means no limit.
method optionMaxDepth
method optionMaxDepth() returns Mu
Gets the maximum depth the spider can crawl, 0 if unlimited.
method optionMaxDuration
method optionMaxDuration() returns Mu
No Doc
method optionMaxParseSizeBytes
method optionMaxParseSizeBytes() returns Mu
Gets the maximum size, in bytes, that a response might have to be parsed.
method optionMaxScansInUI
method optionMaxScansInUI() returns Mu
No Doc
method optionParseComments() returns Mu
No Doc
method optionParseGit
method optionParseGit() returns Mu
No Doc
method optionParseRobotsTxt
method optionParseRobotsTxt() returns Mu
No Doc
method optionParseSVNEntries
method optionParseSVNEntries() returns Mu
No Doc
method optionParseSitemapXml
method optionParseSitemapXml() returns Mu
No Doc
method optionPostForm
method optionPostForm() returns Mu
No Doc
method optionProcessForm() returns Mu
No Doc
method optionRequestWaitTime
method optionRequestWaitTime() returns Mu
No Doc
method optionScope
method optionScope() returns Mu
No Doc
method optionScopeText
method optionScopeText() returns Mu
No Doc
method optionSendRefererHeader() returns Mu
Gets whether or not the 'Referer' header should be sent while spidering.
method optionShowAdvancedDialog
method optionShowAdvancedDialog() returns Mu
No Doc
method optionSkipURLString
method optionSkipURLString() returns Mu
No Doc
method optionThreadCount
method optionThreadCount() returns Mu
No Doc
method optionUserAgent
method optionUserAgent() returns Mu
No Doc
method results
method results(
:$scanId
) returns Mu
No Doc
method scans
method scans() returns Mu
No Doc
method status
method status(
:$scanId
) returns Mu
No Doc
method addDomainAlwaysInScope
method addDomainAlwaysInScope(
:$value!,
:$isRegex,
:$isEnabled
) returns Mu
Adds a new domain that's always in scope, using the specified value. Optionally sets if the new entry is enabled (default, true) and whether or not the new value is specified as a regex (default, false).
method clearExcludedFromScan
method clearExcludedFromScan() returns Mu
Clears the regexes of URLs excluded from the spider scans.
method disableAllDomainsAlwaysInScope
method disableAllDomainsAlwaysInScope() returns Mu
Disables all domains that are always in scope.
method enableAllDomainsAlwaysInScope
method enableAllDomainsAlwaysInScope() returns Mu
Enables all domains that are always in scope.
method excludeFromScan
method excludeFromScan(
:$regex!
) returns Mu
Adds a regex of URLs that should be excluded from the spider scans.
method modifyDomainAlwaysInScope
method modifyDomainAlwaysInScope(
:$idx!,
:$value,
:$isRegex,
:$isEnabled
) returns Mu
Modifies a domain that's always in scope. Allows to modify the value, if enabled or if a regex. The domain is selected with its index, which can be obtained with the view domainsAlwaysInScope.
method pause
method pause(
:$scanId!
) returns Mu
No Doc
method pauseAllScans
method pauseAllScans() returns Mu
No Doc
method removeAllScans
method removeAllScans() returns Mu
No Doc
method removeDomainAlwaysInScope
method removeDomainAlwaysInScope(
:$idx!
) returns Mu
Removes a domain that's always in scope, with the given index. The index can be obtained with the view domainsAlwaysInScope.
method removeScan
method removeScan(
:$scanId!
) returns Mu
No Doc
method resume
method resume(
:$scanId!
) returns Mu
No Doc
method resumeAllScans
method resumeAllScans() returns Mu
No Doc
method scan
method scan(
:$url,
:$maxChildren,
:$recurse,
:$contextName,
:$subtreeOnly
) returns Mu
Runs the spider against the given URL (or context). Optionally, the 'maxChildren' parameter can be set to limit the number of children scanned, the 'recurse' parameter can be used to prevent the spider from seeding recursively, the parameter 'contextName' can be used to constrain the scan to a Context and the parameter 'subtreeOnly' allows to restrict the spider under a site's subtree (using the specified 'url').
method scanAsUser
method scanAsUser(
:$contextId!,
:$userId!,
:$url,
:$maxChildren,
:$recurse,
:$subtreeOnly
) returns Mu
Runs the spider from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details.
method setOptionAcceptCookies
method setOptionAcceptCookies(
:$Boolean!
) returns Mu
Sets whether or not a spider process should accept cookies while spidering.
method setOptionHandleODataParametersVisited
method setOptionHandleODataParametersVisited(
:$Boolean!
) returns Mu
No Doc
method setOptionHandleParameters
method setOptionHandleParameters(
:$String!
) returns Mu
No Doc
method setOptionMaxChildren
method setOptionMaxChildren(
:$Integer!
) returns Mu
Sets the maximum number of child nodes (per node) that can be crawled, 0 means no limit.
method setOptionMaxDepth
method setOptionMaxDepth(
:$Integer!
) returns Mu
Sets the maximum depth the spider can crawl, 0 for unlimited depth.
method setOptionMaxDuration
method setOptionMaxDuration(
:$Integer!
) returns Mu
No Doc
method setOptionMaxParseSizeBytes
method setOptionMaxParseSizeBytes(
:$Integer!
) returns Mu
Sets the maximum size, in bytes, that a response might have to be parsed. This allows the spider to skip big responses/files.
method setOptionMaxScansInUI
method setOptionMaxScansInUI(
:$Integer!
) returns Mu
No Doc
method setOptionParseComments(
:$Boolean!
) returns Mu
No Doc
method setOptionParseGit
method setOptionParseGit(
:$Boolean!
) returns Mu
No Doc
method setOptionParseRobotsTxt
method setOptionParseRobotsTxt(
:$Boolean!
) returns Mu
No Doc
method setOptionParseSVNEntries
method setOptionParseSVNEntries(
:$Boolean!
) returns Mu
No Doc
method setOptionParseSitemapXml
method setOptionParseSitemapXml(
:$Boolean!
) returns Mu
No Doc
method setOptionPostForm
method setOptionPostForm(
:$Boolean!
) returns Mu
No Doc
method setOptionProcessForm(
:$Boolean!
) returns Mu
No Doc
method setOptionRequestWaitTime
method setOptionRequestWaitTime(
:$Integer!
) returns Mu
No Doc
method setOptionScopeString
method setOptionScopeString(
:$String!
) returns Mu
Use actions [add|modify|remove]DomainAlwaysInScope instead.
method setOptionSendRefererHeader(
:$Boolean!
) returns Mu
Sets whether or not the 'Referer' header should be sent while spidering.
method setOptionShowAdvancedDialog
method setOptionShowAdvancedDialog(
:$Boolean!
) returns Mu
No Doc
method setOptionSkipURLString
method setOptionSkipURLString(
:$String!
) returns Mu
No Doc
method setOptionThreadCount
method setOptionThreadCount(
:$Integer!
) returns Mu
No Doc
method setOptionUserAgent
method setOptionUserAgent(
:$String!
) returns Mu
No Doc
method stop
method stop(
:$scanId
) returns Mu
No Doc
method stopAllScans
method stopAllScans() returns Mu
No Doc
class Zap::Selenium
class Zap::Selenium Methods
method setOptionChromeDriverPath
method setOptionChromeDriverPath(
:$String!
) returns Mu
Sets the current path to ChromeDriver
method setOptionFirefoxBinaryPath
method setOptionFirefoxBinaryPath(
:$String!
) returns Mu
Sets the current path to Firefox binary
method setOptionFirefoxDriverPath
method setOptionFirefoxDriverPath(
:$String!
) returns Mu
Sets the current path to Firefox driver (geckodriver)
method setOptionIeDriverPath
method setOptionIeDriverPath(
:$String!
) returns Mu
No Doc
method setOptionPhantomJsBinaryPath
method setOptionPhantomJsBinaryPath(
:$String!
) returns Mu
Sets the current path to PhantomJS binary
method optionFirefoxDriverPath
method optionFirefoxDriverPath() returns Mu
Returns the current path to Firefox driver (geckodriver)
method optionIeDriverPath
method optionIeDriverPath() returns Mu
No Doc
method optionPhantomJsBinaryPath
method optionPhantomJsBinaryPath() returns Mu
Returns the current path to PhantomJS binary
class Zap::Httpsessions
class Zap::Httpsessions Methods
method addDefaultSessionToken
method addDefaultSessionToken(
:$sessionToken!,
:$tokenEnabled
) returns Mu
Adds a default session token with the given name and enabled state.
method addSessionToken
method addSessionToken(
:$site!,
:$sessionToken!
) returns Mu
Adds the session token to the given site.
method createEmptySession
method createEmptySession(
:$site!,
:$session
) returns Mu
Creates an empty session for the given site. Optionally with the given name.
method removeDefaultSessionToken
method removeDefaultSessionToken(
:$sessionToken!
) returns Mu
Removes the default session token with the given name.
method removeSession
method removeSession(
:$site!,
:$session!
) returns Mu
Removes the session from the given site.
method removeSessionToken
method removeSessionToken(
:$site!,
:$sessionToken!
) returns Mu
Removes the session token from the given site.
method renameSession
method renameSession(
:$site!,
:$oldSessionName!,
:$newSessionName!
) returns Mu
Renames the session of the given site.
method setActiveSession
method setActiveSession(
:$site!,
:$session!
) returns Mu
Sets the given session as active for the given site.
method setDefaultSessionTokenEnabled
method setDefaultSessionTokenEnabled(
:$sessionToken!,
:$tokenEnabled!
) returns Mu
Sets whether or not the default session token with the given name is enabled.
method setSessionTokenValue
method setSessionTokenValue(
:$site!,
:$session!,
:$sessionToken!,
:$tokenValue!
) returns Mu
Sets the value of the session token of the given session for the given site.
method unsetActiveSession
method unsetActiveSession(
:$site!
) returns Mu
Unsets the active session of the given site.
method sessionTokens
method sessionTokens(
:$site!
) returns Mu
Gets the names of the session tokens for the given site.
method sessions
method sessions(
:$site!,
:$session
) returns Mu
Gets the sessions for the given site. Optionally returning just the session with the given name.
method sites
method sites() returns Mu
Gets all of the sites that have sessions.
class Zap::Localproxies
class Zap::Localproxies Methods
method removeAdditionalProxy
method removeAdditionalProxy(
:$address!,
:$port!
) returns Mu
Removes the additional proxy with the specified address and port.
class Zap::Websocket
class Zap::Websocket Methods
method message
method message(
:$channelId!,
:$messageId!
) returns Mu
Returns full details of the message specified by the channelId and messageId
method messages
method messages(
:$channelId,
:$start,
:$count,
:$payloadPreviewLength
) returns Mu
Returns a list of all of the messages that meet the given criteria (all optional), where channelId is a channel identifier, start is the offset to start returning messages from (starting from 0), count is the number of messages to return (default no limit) and payloadPreviewLength is the maximum number bytes to return for the payload contents
method sendTextMessage
method sendTextMessage(
:$channelId!,
:$outgoing!,
:$message!
) returns Mu
Sends the specified message on the channel specified by channelId, if outgoing is 'True' then the message will be sent to the server and if it is 'False' then it will be sent to the client
method setBreakTextMessage
method setBreakTextMessage(
:$message!,
:$outgoing!
) returns Mu
Sets the text message for an intercepted websockets message
class Zap::Authentication
class Zap::Authentication Methods
method setAuthenticationMethod
method setAuthenticationMethod(
:$contextId!,
:$authMethodName!,
:$authMethodConfigParams
) returns Mu
Sets the authentication method for the context with the given ID.
method setLoggedInIndicator
method setLoggedInIndicator(
:$contextId!,
:$loggedInIndicatorRegex!
) returns Mu
Sets the logged in indicator for the context with the given ID.
method setLoggedOutIndicator
method setLoggedOutIndicator(
:$contextId!,
:$loggedOutIndicatorRegex!
) returns Mu
Sets the logged out indicator for the context with the given ID.
method getLoggedInIndicator
method getLoggedInIndicator(
:$contextId!
) returns Mu
Gets the logged in indicator for the context with the given ID.
method getLoggedOutIndicator
method getLoggedOutIndicator(
:$contextId!
) returns Mu
Gets the logged out indicator for the context with the given ID.
method getSupportedAuthenticationMethods
method getSupportedAuthenticationMethods() returns Mu
Gets the name of the authentication methods.
class Zap::Pscan
class Zap::Pscan Methods
method disableAllScanners
method disableAllScanners() returns Mu
Disables all passive scanners
method disableAllTags() returns Mu
Disables all passive scan tags.
method disableScanners
method disableScanners(
:$ids!
) returns Mu
Disables all passive scanners with the given IDs (comma separated list of IDs)
method enableAllScanners
method enableAllScanners() returns Mu
Enables all passive scanners
method enableAllTags() returns Mu
Enables all passive scan tags.
method enableScanners
method enableScanners(
:$ids!
) returns Mu
Enables all passive scanners with the given IDs (comma separated list of IDs)
method setEnabled
method setEnabled(
:$enabled!
) returns Mu
Sets whether or not the passive scanning is enabled (Note: the enabled state is not persisted).
method setMaxAlertsPerRule
method setMaxAlertsPerRule(
:$maxAlerts!
) returns Mu
Sets the maximum number of alerts a passive scan rule should raise.
method setScanOnlyInScope
method setScanOnlyInScope(
:$onlyInScope!
) returns Mu
Sets whether or not the passive scan should be performed only on messages that are in scope.
method setScannerAlertThreshold
method setScannerAlertThreshold(
:$id!,
:$alertThreshold!
) returns Mu
Sets the alert threshold of the passive scanner with the given ID, accepted values for alert threshold: OFF, DEFAULT, LOW, MEDIUM and HIGH
method recordsToScan
method recordsToScan() returns Mu
The number of records the passive scanner still has to scan
method scanOnlyInScope
method scanOnlyInScope() returns Mu
Tells whether or not the passive scan should be performed only on messages that are in scope.
method scanners
method scanners() returns Mu
Lists all passive scanners with its ID, name, enabled state and alert threshold.
class Zap::Sessionmanagement
class Zap::Sessionmanagement Methods
method getSupportedSessionManagementMethods
method getSupportedSessionManagementMethods() returns Mu
Gets the name of the session management methods.
method setSessionManagementMethod
method setSessionManagementMethod(
:$contextId!,
:$methodName!,
:$methodConfigParams
) returns Mu
Sets the session management method for the context with the given ID.
class Zap::Script
class Zap::Script Methods
method globalVar
method globalVar(
:$varKey!
) returns Mu
Gets the value of the global variable with the given key. Returns an API error (DOES_NOT_EXIST) if no value was previously set.
method globalVars
method globalVars() returns Mu
Gets all the global variables (key/value pairs).
method listEngines
method listEngines() returns Mu
Lists the script engines available
method listScripts
method listScripts() returns Mu
Lists the scripts available, with its engine, name, description, type and error state.
method listTypes
method listTypes() returns Mu
Lists the script types available.
method scriptCustomVar
method scriptCustomVar(
:$scriptName!,
:$varKey!
) returns Mu
Gets the value (string representation) of a custom variable. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists or if no value was previously set.
method scriptCustomVars
method scriptCustomVars(
:$scriptName!
) returns Mu
Gets all the custom variables (key/value pairs, the value is the string representation) of a script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists.
method scriptVar
method scriptVar(
:$scriptName!,
:$varKey!
) returns Mu
Gets the value of the variable with the given key for the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists or if no value was previously set.
method scriptVars
method scriptVars(
:$scriptName!
) returns Mu
Gets all the variables (key/value pairs) of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists.
method clearGlobalCustomVar
method clearGlobalCustomVar(
:$varKey!
) returns Mu
Clears a global custom variable.
method clearGlobalVar
method clearGlobalVar(
:$varKey!
) returns Mu
Clears the global variable with the given key.
method clearGlobalVars
method clearGlobalVars() returns Mu
Clears the global variables.
method clearScriptCustomVar
method clearScriptCustomVar(
:$scriptName!,
:$varKey!
) returns Mu
Clears a script custom variable.
method clearScriptVar
method clearScriptVar(
:$scriptName!,
:$varKey!
) returns Mu
Clears the variable with the given key of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists.
method clearScriptVars
method clearScriptVars(
:$scriptName!
) returns Mu
Clears the variables of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists.
method disable
method disable(
:$scriptName!
) returns Mu
Disables the script with the given name
method enable
method enable(
:$scriptName!
) returns Mu
Enables the script with the given name
method load
method load(
:$scriptName!,
:$scriptType!,
:$scriptEngine!,
:$fileName!,
:$scriptDescription,
:$charset
) returns Mu
Loads a script into ZAP from the given local file, with the given name, type and engine, optionally with a description, and a charset name to read the script (the charset name is required if the script is not in UTF-8, for example, in ISO-8859-1).
method remove
method remove(
:$scriptName!
) returns Mu
Removes the script with the given name
method runStandAloneScript
method runStandAloneScript(
:$scriptName!
) returns Mu
Runs the stand alone script with the given name
method setGlobalVar
method setGlobalVar(
:$varKey!,
:$varValue
) returns Mu
Sets the value of the global variable with the given key.
method setScriptVar
method setScriptVar(
:$scriptName!,
:$varKey!,
:$varValue
) returns Mu
Sets the value of the variable with the given key of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists.
class Zap::Ajaxspider
class Zap::Ajaxspider Methods
method optionBrowserId
method optionBrowserId() returns Mu
No Doc
method optionClickDefaultElems
method optionClickDefaultElems() returns Mu
No Doc
method optionClickElemsOnce
method optionClickElemsOnce() returns Mu
No Doc
method optionEventWait
method optionEventWait() returns Mu
No Doc
method optionMaxCrawlDepth
method optionMaxCrawlDepth() returns Mu
No Doc
method optionMaxCrawlStates
method optionMaxCrawlStates() returns Mu
No Doc
method optionMaxDuration
method optionMaxDuration() returns Mu
No Doc
method optionNumberOfBrowsers
method optionNumberOfBrowsers() returns Mu
No Doc
method optionRandomInputs() returns Mu
No Doc
method optionReloadWait
method optionReloadWait() returns Mu
No Doc
method results
method results(
:$start,
:$count
) returns Mu
No Doc
method status
method status() returns Mu
No Doc
method scan
method scan(
:$url,
:$inScope,
:$contextName,
:$subtreeOnly
) returns Mu
Runs the spider against the given URL and/or context, optionally, spidering everything in scope. The parameter 'contextName' can be used to constrain the scan to a Context, the option 'in scope' is ignored if a context was also specified. The parameter 'subtreeOnly' allows to restrict the spider under a site's subtree (using the specified 'url').
method scanAsUser
method scanAsUser(
:$contextName!,
:$userName!,
:$url,
:$subtreeOnly
) returns Mu
Runs the spider from the perspective of a User, obtained using the given context name and user name. The parameter 'url' allows to specify the starting point for the spider, otherwise it's used an existing URL from the context (if any). The parameter 'subtreeOnly' allows to restrict the spider under a site's subtree (using the specified 'url').
method setOptionBrowserId
method setOptionBrowserId(
:$String!
) returns Mu
No Doc
method setOptionClickDefaultElems
method setOptionClickDefaultElems(
:$Boolean!
) returns Mu
No Doc
method setOptionClickElemsOnce
method setOptionClickElemsOnce(
:$Boolean!
) returns Mu
No Doc
method setOptionEventWait
method setOptionEventWait(
:$Integer!
) returns Mu
No Doc
method setOptionMaxCrawlDepth
method setOptionMaxCrawlDepth(
:$Integer!
) returns Mu
No Doc
method setOptionMaxCrawlStates
method setOptionMaxCrawlStates(
:$Integer!
) returns Mu
No Doc
method setOptionMaxDuration
method setOptionMaxDuration(
:$Integer!
) returns Mu
No Doc
method setOptionNumberOfBrowsers
method setOptionNumberOfBrowsers(
:$Integer!
) returns Mu
No Doc
method setOptionRandomInputs(
:$Boolean!
) returns Mu
No Doc
method setOptionReloadWait
method setOptionReloadWait(
:$Integer!
) returns Mu
No Doc
method stop
method stop() returns Mu
No Doc
class Zap::Core
class Zap::Core Methods
method alertsSummary
method alertsSummary(
:$baseurl
) returns Mu
Gets number of alerts grouped by each risk level, optionally filtering by URL
method childNodes
method childNodes(
:$url
) returns Mu
Gets the child nodes underneath the specified URL in the Sites tree
method excludedFromProxy
method excludedFromProxy() returns Mu
Gets the regular expressions, applied to URLs, to exclude from the local proxies.
method homeDirectory
method homeDirectory() returns Mu
No Doc
method hosts
method hosts() returns Mu
Gets the name of the hosts accessed through/by ZAP
method message
method message(
:$id!
) returns Mu
Gets the HTTP message with the given ID. Returns the ID, request/response headers and bodies, cookies, note, type, RTT, and timestamp.
method messages
method messages(
:$baseurl,
:$start,
:$count
) returns Mu
Gets the HTTP messages sent by ZAP, request and response, optionally filtered by URL and paginated with 'start' position and 'count' of messages
method messagesById
method messagesById(
:$ids!
) returns Mu
Gets the HTTP messages with the given IDs.
method mode
method mode() returns Mu
Gets the mode
method numberOfAlerts
method numberOfAlerts(
:$baseurl,
:$riskId
) returns Mu
Gets the number of alerts, optionally filtering by URL or riskId
method numberOfMessages
method numberOfMessages(
:$baseurl
) returns Mu
Gets the number of messages, optionally filtering by URL
method optionAlertOverridesFilePath
method optionAlertOverridesFilePath() returns Mu
Gets the path to the file with alert overrides.
method optionDefaultUserAgent
method optionDefaultUserAgent() returns Mu
Gets the user agent that ZAP should use when creating HTTP messages (for example, spider messages or CONNECT requests to outgoing proxy).
method optionDnsTtlSuccessfulQueries
method optionDnsTtlSuccessfulQueries() returns Mu
Gets the TTL (in seconds) of successful DNS queries.
method optionHttpState
method optionHttpState() returns Mu
No Doc
method optionHttpStateEnabled
method optionHttpStateEnabled() returns Mu
No Doc
method optionMaximumAlertInstances
method optionMaximumAlertInstances() returns Mu
Gets the maximum number of alert instances to include in a report.
method optionMergeRelatedAlerts() returns Mu
Gets whether or not related alerts will be merged in any reports generated.
method optionProxyChainName
method optionProxyChainName() returns Mu
No Doc
method optionProxyChainPassword
method optionProxyChainPassword() returns Mu
No Doc
method optionProxyChainPort
method optionProxyChainPort() returns Mu
No Doc
method optionProxyChainPrompt
method optionProxyChainPrompt() returns Mu
No Doc
method optionProxyChainRealm
method optionProxyChainRealm() returns Mu
No Doc
method optionProxyChainSkipName
method optionProxyChainSkipName() returns Mu
Use view proxyChainExcludedDomains instead.
method optionProxyChainUserName
method optionProxyChainUserName() returns Mu
No Doc
method optionProxyExcludedDomains
method optionProxyExcludedDomains() returns Mu
Use view proxyChainExcludedDomains instead.
method optionProxyExcludedDomainsEnabled
method optionProxyExcludedDomainsEnabled() returns Mu
Use view proxyChainExcludedDomains instead.
method optionSingleCookieRequestHeader() returns Mu
No Doc
method optionTimeoutInSecs
method optionTimeoutInSecs() returns Mu
Gets the connection time out, in seconds.
method optionUseProxyChain
method optionUseProxyChain() returns Mu
No Doc
method optionUseProxyChainAuth
method optionUseProxyChainAuth() returns Mu
No Doc
method proxyChainExcludedDomains
method proxyChainExcludedDomains() returns Mu
Gets all the domains that are excluded from the outgoing proxy. For each domain the following are shown: the index, the value (domain), if enabled, and if specified as a regex.
method sessionLocation
method sessionLocation() returns Mu
Gets the location of the current session file
method sites
method sites() returns Mu
Gets the sites accessed through/by ZAP (scheme and domain)
method urls
method urls(
:$baseurl
) returns Mu
Gets the URLs accessed through/by ZAP, optionally filtering by (base) URL.
method version
method version() returns Mu
Gets ZAP version
method zapHomePath
method zapHomePath() returns Mu
Gets the path to ZAP's home directory.
method htmlreport
method htmlreport() returns Mu
Generates a report in HTML format
method jsonreport
method jsonreport() returns Mu
Generates a report in JSON format
method mdreport
method mdreport() returns Mu
Generates a report in Markdown format
method messageHar
method messageHar(
:$id!
) returns Mu
Gets the message with the given ID in HAR format
method messagesHar
method messagesHar(
:$baseurl,
:$start,
:$count
) returns Mu
Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages
method messagesHarById
method messagesHarById(
:$ids!
) returns Mu
Gets the HTTP messages with the given IDs, in HAR format.
method proxypac
method proxypac() returns Mu
No Doc
method rootcert
method rootcert() returns Mu
Gets the Root CA certificate used by the local proxies.
method sendHarRequest
method sendHarRequest(
:$request!,
:$followRedirects
) returns Mu
Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirections), custom manual requests are not allowed in 'Safe' mode nor in 'Protected' mode if out of scope.
method setproxy
method setproxy(
:$proxy!
) returns Mu
No Doc
method xmlreport
method xmlreport() returns Mu
Generates a report in XML format
method accessUrl
method accessUrl(
:$url!,
:$followRedirects
) returns Mu
Convenient and simple action to access a URL, optionally following redirections. Returns the request sent and response received and followed redirections, if any. Other actions are available which offer more control on what is sent, like, 'sendRequest' or 'sendHarRequest'.
method addProxyChainExcludedDomain
method addProxyChainExcludedDomain(
:$value!,
:$isRegex,
:$isEnabled
) returns Mu
Adds a domain to be excluded from the outgoing proxy, using the specified value. Optionally sets if the new entry is enabled (default, true) and whether or not the new value is specified as a regex (default, false).
method clearExcludedFromProxy
method clearExcludedFromProxy() returns Mu
Clears the regexes of URLs excluded from the local proxies.
method deleteAlert
method deleteAlert(
:$id!
) returns Mu
Deletes the alert with the given ID.
method deleteAllAlerts
method deleteAllAlerts() returns Mu
Deletes all alerts of the current session.
method deleteSiteNode
method deleteSiteNode(
:$url!,
:$method,
:$postData
) returns Mu
Deletes the site node found in the Sites Tree on the basis of the URL, HTTP method, and post data (if applicable and specified).
method disableAllProxyChainExcludedDomains
method disableAllProxyChainExcludedDomains() returns Mu
Disables all domains excluded from the outgoing proxy.
method disableClientCertificate
method disableClientCertificate() returns Mu
Disables the option for use of client certificates.
method enableAllProxyChainExcludedDomains
method enableAllProxyChainExcludedDomains() returns Mu
Enables all domains excluded from the outgoing proxy.
method enablePKCS12ClientCertificate
method enablePKCS12ClientCertificate(
:$filePath!,
:$password!,
:$index
) returns Mu
Enables use of a PKCS12 client certificate for the certificate with the given file system path, password, and optional index.
method excludeFromProxy
method excludeFromProxy(
:$regex!
) returns Mu
Adds a regex of URLs that should be excluded from the local proxies.
method generateRootCA
method generateRootCA() returns Mu
Generates a new Root CA certificate for the local proxies.
method loadSession
method loadSession(
:$name!
) returns Mu
Loads the session with the given name. If a relative path is specified it will be resolved against the "session" directory in ZAP "home" dir.
method modifyProxyChainExcludedDomain
method modifyProxyChainExcludedDomain(
:$idx!,
:$value,
:$isRegex,
:$isEnabled
) returns Mu
Modifies a domain excluded from the outgoing proxy. Allows to modify the value, if enabled or if a regex. The domain is selected with its index, which can be obtained with the view proxyChainExcludedDomains.
method newSession
method newSession(
:$name,
:$overwrite
) returns Mu
Creates a new session, optionally overwriting existing files. If a relative path is specified it will be resolved against the "session" directory in ZAP "home" dir.
method removeProxyChainExcludedDomain
method removeProxyChainExcludedDomain(
:$idx!
) returns Mu
Removes a domain excluded from the outgoing proxy, with the given index. The index can be obtained with the view proxyChainExcludedDomains.
method runGarbageCollection
method runGarbageCollection() returns Mu
No Doc
method saveSession
method saveSession(
:$name!,
:$overwrite
) returns Mu
Saves the session.
method sendRequest
method sendRequest(
:$request!,
:$followRedirects
) returns Mu
Sends the HTTP request, optionally following redirections. Returns the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirections), custom manual requests are not allowed in 'Safe' mode nor in 'Protected' mode if out of scope.
method setHomeDirectory
method setHomeDirectory(
:$dir!
) returns Mu
No Doc
method setMode
method setMode(
:$mode!
) returns Mu
Sets the mode, which may be one of [safe, protect, standard, attack]
method setOptionAlertOverridesFilePath
method setOptionAlertOverridesFilePath(
:$filePath
) returns Mu
Sets (or clears, if empty) the path to the file with alert overrides.
method setOptionDefaultUserAgent
method setOptionDefaultUserAgent(
:$String!
) returns Mu
Sets the user agent that ZAP should use when creating HTTP messages (for example, spider messages or CONNECT requests to outgoing proxy).
method setOptionDnsTtlSuccessfulQueries
method setOptionDnsTtlSuccessfulQueries(
:$Integer!
) returns Mu
Sets the TTL (in seconds) of successful DNS queries (applies after ZAP restart).
method setOptionHttpStateEnabled
method setOptionHttpStateEnabled(
:$Boolean!
) returns Mu
No Doc
method setOptionMaximumAlertInstances
method setOptionMaximumAlertInstances(
:$numberOfInstances!
) returns Mu
Sets the maximum number of alert instances to include in a report. A value of zero is treated as unlimited.
method setOptionMergeRelatedAlerts(
:$enabled!
) returns Mu
Sets whether or not related alerts will be merged in any reports generated.
method setOptionProxyChainName
method setOptionProxyChainName(
:$String!
) returns Mu
No Doc
method setOptionProxyChainPassword
method setOptionProxyChainPassword(
:$String!
) returns Mu
No Doc
method setOptionProxyChainPort
method setOptionProxyChainPort(
:$Integer!
) returns Mu
No Doc
method setOptionProxyChainPrompt
method setOptionProxyChainPrompt(
:$Boolean!
) returns Mu
No Doc
method setOptionProxyChainRealm
method setOptionProxyChainRealm(
:$String!
) returns Mu
No Doc
method setOptionProxyChainSkipName
method setOptionProxyChainSkipName(
:$String!
) returns Mu
Use actions [add|modify|remove]ProxyChainExcludedDomain instead.
method setOptionProxyChainUserName
method setOptionProxyChainUserName(
:$String!
) returns Mu
No Doc
method setOptionSingleCookieRequestHeader(
:$Boolean!
) returns Mu
No Doc
method setOptionTimeoutInSecs
method setOptionTimeoutInSecs(
:$Integer!
) returns Mu
Sets the connection time out, in seconds.
method setOptionUseProxyChain
method setOptionUseProxyChain(
:$Boolean!
) returns Mu
Sets whether or not the outgoing proxy should be used. The address/hostname of the outgoing proxy must be set to enable this option.
method setOptionUseProxyChainAuth
method setOptionUseProxyChainAuth(
:$Boolean!
) returns Mu
No Doc
method shutdown
method shutdown() returns Mu
Shuts down ZAP
method snapshotSession
method snapshotSession(
:$name,
:$overwrite
) returns Mu
Snapshots the session, optionally with the given name, and overwriting existing files. If no name is specified the name of the current session with a timestamp appended is used. If a relative path is specified it will be resolved against the "session" directory in ZAP "home" dir.
class Zap::Users
class Zap::Users Methods
method newUser
method newUser(
:$contextId!,
:$name!
) returns Mu
Creates a new user with the given name for the context with the given ID.
method removeUser
method removeUser(
:$contextId!,
:$userId!
) returns Mu
Removes the user with the given ID that belongs to the context with the given ID.
method setAuthenticationCredentials
method setAuthenticationCredentials(
:$contextId!,
:$userId!,
:$authCredentialsConfigParams
) returns Mu
Sets the authentication credentials for the user with the given ID that belongs to the context with the given ID.
method setUserEnabled
method setUserEnabled(
:$contextId!,
:$userId!,
:$enabled!
) returns Mu
Sets whether or not the user, with the given ID that belongs to the context with the given ID, should be enabled.
method setUserName
method setUserName(
:$contextId!,
:$userId!,
:$name!
) returns Mu
Renames the user with the given ID that belongs to the context with the given ID.
method getUserById
method getUserById(
:$contextId!,
:$userId!
) returns Mu
Gets the data of the user with the given ID that belongs to the context with the given ID.
method usersList
method usersList(
:$contextId
) returns Mu
Gets a list of users that belong to the context with the given ID, or all users if none provided.
class Zap::Acsrf
class Zap::Acsrf Methods
method removeOptionToken
method removeOptionToken(
:$String!
) returns Mu
Removes the anti-CSRF token with the given name
method genForm(
:$hrefId!
) returns Mu
Generate a form for testing lack of anti-CSRF tokens - typically invoked via ZAP
class Zap::Search
class Zap::Search Methods
method harByHeaderRegex(
:$regex!,
:$baseurl,
:$start,
:$count
) returns Mu
Returns the HTTP messages, in HAR format, that match the given regular expression in the header(s) optionally filtered by URL and paginated with 'start' position and 'count' of messages.
method harByRequestRegex
method harByRequestRegex(
:$regex!,
:$baseurl,
:$start,
:$count
) returns Mu
Returns the HTTP messages, in HAR format, that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages.
method harByResponseRegex
method harByResponseRegex(
:$regex!,
:$baseurl,
:$start,
:$count
) returns Mu
Returns the HTTP messages, in HAR format, that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages.
method harByUrlRegex
method harByUrlRegex(
:$regex!,
:$baseurl,
:$start,
:$count
) returns Mu
Returns the HTTP messages, in HAR format, that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages.
method messagesByResponseRegex
method messagesByResponseRegex(
:$regex!,
:$baseurl,
:$start,
:$count
) returns Mu
Returns the HTTP messages that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages.
method messagesByUrlRegex
method messagesByUrlRegex(
:$regex!,
:$baseurl,
:$start,
:$count
) returns Mu
Returns the HTTP messages that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages.
method urlsByHeaderRegex(
:$regex!,
:$baseurl,
:$start,
:$count
) returns Mu
Returns the URLs of the HTTP messages that match the given regular expression in the header(s) optionally filtered by URL and paginated with 'start' position and 'count' of messages.
method urlsByRequestRegex
method urlsByRequestRegex(
:$regex!,
:$baseurl,
:$start,
:$count
) returns Mu
Returns the URLs of the HTTP messages that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages.
method urlsByResponseRegex
method urlsByResponseRegex(
:$regex!,
:$baseurl,
:$start,
:$count
) returns Mu
Returns the URLs of the HTTP messages that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages.
method urlsByUrlRegex
method urlsByUrlRegex(
:$regex!,
:$baseurl,
:$start,
:$count
) returns Mu
Returns the URLs of the HTTP messages that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages.
class Zap::Replacer
class Zap::Replacer Methods
method removeRule
method removeRule(
:$description!
) returns Mu
Removes the rule with the given description
method setEnabled
method setEnabled(
:$description!,
:$bool!
) returns Mu
Enables or disables the rule with the given description based on the bool parameter
class Zap::Context
class Zap::Context Methods
method excludeAllContextTechnologies
method excludeAllContextTechnologies(
:$contextName!
) returns Mu
Excludes all built in technologies from a context
method excludeContextTechnologies
method excludeContextTechnologies(
:$contextName!,
:$technologyNames!
) returns Mu
Excludes technologies with the given names, separated by a comma, from a context
method excludeFromContext
method excludeFromContext(
:$contextName!,
:$regex!
) returns Mu
Add exclude regex to context
method exportContext
method exportContext(
:$contextName!,
:$contextFile!
) returns Mu
Exports the context with the given name to a file. If a relative file path is specified it will be resolved against the "contexts" directory in ZAP "home" dir.
method importContext
method importContext(
:$contextFile!
) returns Mu
Imports a context from a file. If a relative file path is specified it will be resolved against the "contexts" directory in ZAP "home" dir.
method includeAllContextTechnologies
method includeAllContextTechnologies(
:$contextName!
) returns Mu
Includes all built in technologies in to a context
method includeContextTechnologies
method includeContextTechnologies(
:$contextName!,
:$technologyNames!
) returns Mu
Includes technologies with the given names, separated by a comma, to a context
method includeInContext
method includeInContext(
:$contextName!,
:$regex!
) returns Mu
Add include regex to context
method newContext
method newContext(
:$contextName!
) returns Mu
Creates a new context with the given name in the current session
method removeContext
method removeContext(
:$contextName!
) returns Mu
Removes a context in the current session
method setContextInScope
method setContextInScope(
:$contextName!,
:$booleanInScope!
) returns Mu
Sets a context to in scope (contexts are in scope by default)
method setContextRegexs
method setContextRegexs(
:$contextName!,
:$incRegexs!,
:$excRegexs!
) returns Mu
Set the regexs to include and exclude for a context, both supplied as JSON string arrays
method excludeRegexs
method excludeRegexs(
:$contextName!
) returns Mu
List excluded regexs for context
method excludedTechnologyList
method excludedTechnologyList(
:$contextName!
) returns Mu
Lists the names of all technologies excluded from a context
method includeRegexs
method includeRegexs(
:$contextName!
) returns Mu
List included regexs for context
method includedTechnologyList
method includedTechnologyList(
:$contextName!
) returns Mu
Lists the names of all technologies included in a context
method technologyList
method technologyList() returns Mu
Lists the names of all built in technologies
method urls
method urls(
:$contextName!
) returns Mu
Lists the URLs accessed through/by ZAP, that belong to the context with the given name.
class Zap::Autoupdate
class Zap::Autoupdate Methods
method downloadLatestRelease
method downloadLatestRelease() returns Mu
Downloads the latest release, if any
method installAddon
method installAddon(
:$id!
) returns Mu
Installs or updates the specified add-on, returning when complete (i.e. not asynchronously)
method setOptionCheckAddonUpdates
method setOptionCheckAddonUpdates(
:$Boolean!
) returns Mu
No Doc
method setOptionCheckOnStart
method setOptionCheckOnStart(
:$Boolean!
) returns Mu
No Doc
method setOptionDownloadNewRelease
method setOptionDownloadNewRelease(
:$Boolean!
) returns Mu
No Doc
method setOptionInstallAddonUpdates
method setOptionInstallAddonUpdates(
:$Boolean!
) returns Mu
No Doc
method setOptionInstallScannerRules
method setOptionInstallScannerRules(
:$Boolean!
) returns Mu
No Doc
method setOptionReportAlphaAddons
method setOptionReportAlphaAddons(
:$Boolean!
) returns Mu
No Doc
method setOptionReportBetaAddons
method setOptionReportBetaAddons(
:$Boolean!
) returns Mu
No Doc
method setOptionReportReleaseAddons
method setOptionReportReleaseAddons(
:$Boolean!
) returns Mu
No Doc
method uninstallAddon
method uninstallAddon(
:$id!
) returns Mu
Uninstalls the specified add-on
method latestVersionNumber
method latestVersionNumber() returns Mu
Returns the latest version number
method localAddons
method localAddons() returns Mu
Returns a list with all local add-ons, installed or not.
method marketplaceAddons
method marketplaceAddons() returns Mu
Return a list of all of the add-ons on the ZAP Marketplace (this information is read once and then cached)
method newAddons
method newAddons() returns Mu
Return a list of any add-ons that have been added to the Marketplace since the last check for updates
method optionAddonDirectories
method optionAddonDirectories() returns Mu
No Doc
method optionCheckAddonUpdates
method optionCheckAddonUpdates() returns Mu
No Doc
method optionCheckOnStart
method optionCheckOnStart() returns Mu
No Doc
method optionDayLastChecked
method optionDayLastChecked() returns Mu
No Doc
method optionDayLastInstallWarned
method optionDayLastInstallWarned() returns Mu
No Doc
method optionDayLastUpdateWarned
method optionDayLastUpdateWarned() returns Mu
No Doc
method optionDownloadDirectory
method optionDownloadDirectory() returns Mu
No Doc
method optionDownloadNewRelease
method optionDownloadNewRelease() returns Mu
No Doc
method optionInstallAddonUpdates
method optionInstallAddonUpdates() returns Mu
No Doc
method optionInstallScannerRules
method optionInstallScannerRules() returns Mu
No Doc
method optionReportAlphaAddons
method optionReportAlphaAddons() returns Mu
No Doc
method optionReportBetaAddons
method optionReportBetaAddons() returns Mu
No Doc
method optionReportReleaseAddons
method optionReportReleaseAddons() returns Mu
No Doc
method updatedAddons
method updatedAddons() returns Mu
Return a list of any add-ons that have been changed in the Marketplace since the last check for updates
class Zap::Alert
class Zap::Alert Methods
method addAlert
method addAlert(
:$messageId!,
:$name!,
:$riskId!,
:$confidenceId!,
:$description!,
:$param,
:$attack,
:$otherInfo,
:$solution,
:$references,
:$evidence,
:$cweId,
:$wascId
) returns Mu
Add an alert associated with the given message ID, with the provided details. (The ID of the created alert is returned.)
method deleteAlert
method deleteAlert(
:$id!
) returns Mu
Deletes the alert with the given ID.
method deleteAllAlerts
method deleteAllAlerts() returns Mu
Deletes all alerts of the current session.
method updateAlert
method updateAlert(
:$id!,
:$name!,
:$riskId!,
:$confidenceId!,
:$description!,
:$param,
:$attack,
:$otherInfo,
:$solution,
:$references,
:$evidence,
:$cweId,
:$wascId
) returns Mu
Update the alert with the given ID, with the provided details.
method alerts
method alerts(
:$baseurl,
:$start,
:$count,
:$riskId
) returns Mu
Gets the alerts raised by ZAP, optionally filtering by URL or riskId, and paginating with 'start' position and 'count' of alerts
method alertsByRisk
method alertsByRisk(
:$url,
:$recurse
) returns Mu
Gets a summary of the alerts, optionally filtered by a 'url'. If 'recurse' is true then all alerts that apply to urls that start with the specified 'url' will be returned, otherwise only those on exactly the same 'url' (ignoring url parameters)
method alertsSummary
method alertsSummary(
:$baseurl
) returns Mu
Gets number of alerts grouped by each risk level, optionally filtering by URL
method numberOfAlerts
method numberOfAlerts(
:$baseurl,
:$riskId
) returns Mu
Gets the number of alerts, optionally filtering by URL or riskId