A command line tool that:
- Launches OWASP ZAP
- Spiders the target URL
- Scans the responses for a variety of vulnerabilities
- Presents the results either as a human friendly table or as JSON
Note that you need to install OWASP ZAP before using Zapr.
zapr http://example.com/
The above will output a JSON document of all the alerts for you to do with as you choose. Note the environment variable setting the location of the ZAP script. Alternatively output a nicely formatted table:
zapr --summary http://example.com/
If in doubt enable the full debugging output to see what is going on under the hood.
zapr --debug http://example.com/
The full usage instructions are as follows:
Usage:
zapr [OPTIONS] TARGET
Parameters:
TARGET Web address to scan and attack with ZAP
Options:
--debug More verbose output (default: false)
--summary Output a summary of the results instead of JSON (default: false)
--zap-path PATH Path to zap.sh startup script (default: $ZAP_PATH)
--timeout TIMEOUT Timeout for spider and scan (default: $ZAPR_TIMEOUT, or 300)
-h, --help print help
An example of Zapr running on Travis against Railsgoat can be found at garethr/zapr-example.
Add this line to your application's Gemfile:
gem 'zapr'
And then execute:
$ bundle
Or install it yourself as:
$ gem install zapr
- Fork it ( http://github.com/garethr/zapr/fork )
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request