-1

I have created a Zap container (inside docker) using the command

docker run -u zap -p 8080:8080 -i owasp/zap2docker-stable zap-x.sh -daemon -host 0.0.0.0 -port 8080 -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config api.key=

With the proper api key. The containet is up and ok.

I made my native application, that is running on docker too, to proxy all the html communication through the Zap container. My aim is that Zap passively analysis all the trafic for security issues.

The question is how can i retrive the data of the passive scanner from this ZAP container without using the UI? What is the command to generate the report for the passive results?

Inter_forever
  • 5
  • 2

1 Answers1

0

The alerts generated by Active or Passive scanning (scripts, addons, etc) or full reports can be retrieved via Zap's API: https://github.com/zaproxy/zaproxy/wiki/ApiDetails

Relevant API endpoints include (but are not necessarily limited to):

  • alert/view/alertsSummary/
  • alert/view/alertsByRisk/
  • alert/view/alerts/
  • alert/view/alertCountsByRisk/
  • core/other/htmlreport/
  • core/other/jsonreport/
  • core/other/mdreport/
  • core/other/xmlreport/
  • core/view/alerts/
  • core/view/alertsSummary/

There are sample API usage programs in both the python and java API github repos. There are also lots of public blog posts, articles, and videos about using ZAP via it's API for various automation scenarios. (All of which is just a quick web search away.)

kingthorin
  • 1,419
  • 9
  • 18