-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #18 from dreadnode/examples/web-exploitation-zap
chore: wip example zapproxy
- Loading branch information
Showing
1 changed file
with
234 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,234 @@ | ||
| name: OWASP ZAP | ||
| description: | | ||
| OWASP Zed Attack Proxy (ZAP) is a security tool that helps find security vulnerabilities in web applications. | ||
| This integration uses the ZAP API to: | ||
| - Perform automated scans | ||
| - Spider web applications | ||
| - Execute active/passive scanning | ||
| - Generate security reports | ||
| categories: | ||
| - cybersecurity | ||
| - offensive | ||
| - web-exploitation | ||
|
|
||
| functions: | ||
| zap_baseline_scan: | ||
| name: ZAP Quick Scan. Run a baseline target scan with ZAP, it runs the ZAP spider against the specified target for (by default) 1 minute and then waits for the passive scanning to complete before reporting the results. | ||
| description: Perform a quick baseline scan of a target URL | ||
| parameters: | ||
| target: | ||
| description: Target URL to scan | ||
| type: string | ||
| required: true | ||
| examples: | ||
| - https://scanme.nmap.org/ | ||
| container: | ||
| image: zaproxy/zap-stable:latest | ||
| args: | ||
| - --net=host | ||
| platform: linux/amd64 | ||
| force: true | ||
| volumes: | ||
| - ./:/zap/wrk # Use relative path instead of env variable | ||
| cmdline: | ||
| - zaproxy/zap-weekly | ||
| - zap-baseline.py | ||
| - -t | ||
| - ${target} | ||
| - -I | ||
|
|
||
| zap_full_scan: | ||
| name: | | ||
| ZAP Full Scan. It runs the ZAP spider against the specified target (by default with no time limit) followed by an optional ajax spider scan and then a full active scan before reporting the results. | ||
| This means that the script does perform actual ‘attacks’ and can potentially run for a long period of time. | ||
| description: Perform a full active scan with custom configurations | ||
| parameters: | ||
| target: | ||
| description: Target URL to scan | ||
| type: string | ||
| required: true | ||
| examples: | ||
| - https://scanme.nmap.org/ | ||
| min_risk: | ||
| description: Minimum risk level (High, Medium, Low, Informational) | ||
| type: string | ||
| default: Low | ||
| examples: | ||
| - Low | ||
| spider_mins: | ||
| description: Spider duration in minutes | ||
| type: integer | ||
| default: 5 | ||
| examples: | ||
| - 1 | ||
| container: | ||
| image: zaproxy/zap-stable:latest | ||
| platform: linux/amd64 | ||
| force: true | ||
| volumes: | ||
| - ./:/zap/wrk # Use relative path instead of env variable | ||
| cmdline: | ||
| - zaproxy/zap-weekly | ||
| - zap-full-scan.py | ||
| - -t | ||
| - ${target} | ||
| - -l | ||
| - ${min_risk} | ||
| - -m | ||
| - ${spider_mins} | ||
|
|
||
| zap_api_scan: | ||
| name: ZAP API Scan | ||
| description: Scan an API defined by OpenAPI/Swagger specification | ||
| parameters: | ||
| target: | ||
| description: The target open API spec URL. The Target URL has the following format - scheme://authority/path | ||
| type: string | ||
| required: true | ||
| examples: | ||
| - https://api.example.com | ||
| spec_url: | ||
| description: URL or path to OpenAPI/Swagger specification | ||
| type: string | ||
| required: true | ||
| examples: | ||
| - https://api.example.com/swagger.json | ||
| format: | ||
| description: Report format (html, xml, json, md) | ||
| type: string | ||
| default: html | ||
| examples: | ||
| - json | ||
| container: | ||
| image: zaproxy/zap-stable:latest | ||
| platform: linux/amd64 | ||
| force: true | ||
| volumes: | ||
| - ./:/zap/wrk # Use relative path instead of env variable | ||
| cmdline: | ||
| - zaproxy/zap-weekly | ||
| - zap-api-scan.py | ||
| - -t | ||
| - ${target} | ||
| - -f | ||
| - ${spec_url} | ||
| - -f | ||
| - ${format} | ||
|
|
||
| zap_authenticated_scan: | ||
| name: ZAP Authenticated Scan | ||
| description: Perform a scan with authentication | ||
| parameters: | ||
| target: | ||
| description: Target URL to scan | ||
| type: string | ||
| required: true | ||
| examples: | ||
| - https://scanme.nmap.org/ | ||
| auth_script: | ||
| description: Path to authentication script | ||
| type: string | ||
| required: true | ||
| context_file: | ||
| description: Path to context file | ||
| type: string | ||
| required: true | ||
| container: | ||
| image: zaproxy/zap-stable:latest | ||
| platform: linux/amd64 | ||
| force: true | ||
| volumes: | ||
| - ./:/zap/wrk # Use relative path instead of env variable | ||
| - "${HOME}/${auth_script}:/zap/wrk/auth.js" | ||
| - "${HOME}/${context_file}:/zap/wrk/context.xml" | ||
| cmdline: | ||
| - zaproxy/zap-weekly | ||
| - zap-full-scan.py | ||
| - -t | ||
| - ${target} | ||
| - -n | ||
| - /zap/wrk/context.xml | ||
| - -s | ||
| - /zap/wrk/auth.js | ||
|
|
||
| zap_scan_host_os_app: | ||
| description: Run a baseline target scan with ZAP on a host OS app. | ||
| parameters: | ||
| localhost_app: | ||
| type: string | ||
| description: IP addresses like localhost and 127.0.0.1 cannot be used to access an app running on the host OS from within a docker container. To get around this you can use the following code to get an IP address that will work. | ||
| examples: | ||
| - $(ip -f inet -o addr show docker0 | awk '{print $4}' | cut -d '/' -f 1) | ||
| container: | ||
| image: zaproxy/zap-stable:latest | ||
| args: | ||
| - --net=host | ||
| volumes: | ||
| - ./:/zap/wrk # Use relative path instead of env variable | ||
|
|
||
| cmdline: # https://www.zaproxy.org/docs/docker/about/s | ||
| - zaproxy/zap-weekly | ||
| - zap-baseline.py | ||
| - -t | ||
| - ${localhost_app} | ||
|
|
||
| zap_scan_host_container: | ||
| description: Scan another container running on the host OS with ZAP. | ||
| parameters: | ||
| target: | ||
| type: string | ||
| description: Other container running on the host OS. | ||
| examples: | ||
| - sagikazarmark/dvwa | ||
|
|
||
| container: | ||
| image: zaproxy/zap-stable:latest | ||
| args: | ||
| - --net=zapnet | ||
|
|
||
| cmdline: # https://www.zaproxy.org/docs/docker/about/ | ||
| - zaproxy/zap-weekly | ||
| - zap-baseline.py | ||
| - -t | ||
| - ${target} | ||
|
|
||
| examples: | ||
| - name: Quick baseline scan | ||
| command: robopages run zap_baseline_scan --target https://example.com | ||
| description: Performs a baseline scan against a target website | ||
|
|
||
| - name: Full scan with custom settings | ||
| command: | | ||
| robopages run zap_full_scan \ | ||
| --target https://example.com \ | ||
| --min_risk Medium \ | ||
| --spider_mins 10 | ||
| description: Performs a detailed scan with custom risk levels and spider duration | ||
|
|
||
| - name: API scan | ||
| command: | | ||
| robopages run zap_api_scan \ | ||
| --target https://api.example.com \ | ||
| --spec_url https://api.example.com/swagger.json \ | ||
| --format json | ||
| description: Scans an API using its OpenAPI/Swagger specification | ||
|
|
||
| - name: Authenticated scan | ||
| command: | | ||
| robopages run zap_authenticated_scan \ | ||
| --target https://example.com \ | ||
| --auth_script auth.js \ | ||
| --context_file context.xml | ||
| description: Performs a scan with authentication using custom scripts and context | ||
|
|
||
| references: | ||
| - name: Official Documentation | ||
| url: https://www.zaproxy.org/docs/ | ||
| - name: ZAP API Documentation | ||
| url: https://www.zaproxy.org/docs/api/ | ||
| - name: Docker Hub | ||
| url: https://hub.docker.com/r/zaproxy/zap-stable | ||
| - name: Authentication Examples | ||
| url: https://www.zaproxy.org/docs/authentication/ |