From cea3484d95f3d7b8b2f0fb044d0b3dfdac8d0f84 Mon Sep 17 00:00:00 2001 From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com> Date: Thu, 7 Nov 2024 16:30:51 -0500 Subject: [PATCH 1/3] chore: wip example zapproxy --- .../offensive/web-exploitation/zap.yml | 70 +++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 cybersecurity/offensive/web-exploitation/zap.yml diff --git a/cybersecurity/offensive/web-exploitation/zap.yml b/cybersecurity/offensive/web-exploitation/zap.yml new file mode 100644 index 0000000..e2d8a49 --- /dev/null +++ b/cybersecurity/offensive/web-exploitation/zap.yml @@ -0,0 +1,70 @@ +description: The Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. + +categories: + - cybersecurity + - offensive + - web-exploitation + +functions: + zap_baseline_scan: + description: Run a baseline target scan with ZAP, it runs the ZAP spider against the specified target for (by default) 1 minute and then waits for the passive scanning to complete before reporting the results. + parameters: + target: + type: string + description: The URL of the target to scan. + examples: + - https://scanme.nmap.org/ + container: + image: zaproxy/zap-stable + args: + - --net=host + volumes: + - "${HOME}:/zap/wrk" + + cmdline: # https://www.zaproxy.org/docs/docker/about/ + - zaproxy/zap-weekly + - zap-baseline.py + - -t + - ${target} + - zap_headless_scan + + zap_scan_host_os_app: + description: Run a baseline target scan with ZAP on a host OS app. + parameters: + localhost_app: + type: string + description: IP addresses like localhost and 127.0.0.1 cannot be used to access an app running on the host OS from within a docker container. To get around this you can use the following code to get an IP address that will work. + examples: + - "$(ip -f inet -o addr show docker0 | awk '{print $4}' | cut -d '/' -f 1)" + container: + image: zaproxy/zap-stable + args: + - --net=host + volumes: + - "$(pwd):/zap/wrk" + + cmdline: # https://www.zaproxy.org/docs/docker/about/s + - zaproxy/zap-weekly + - zap-baseline.py + - -t + - ${localhost_app} + + zap_scan_other_container: + description: Scan another container running on the host OS with ZAP. + parameters: + target: + type: string + description: Other container running on the host OS. + examples: + - sagikazarmark/dvwa + + container: + image: zaproxy/zap-stable + args: + - --net=zapnet + + cmdline: # https://www.zaproxy.org/docs/docker/about/ + - zaproxy/zap-weekly + - zap-baseline.py + - -t + - ${target} From f1e5100a9072d18c835fefab89dbee1490d01f1b Mon Sep 17 00:00:00 2001 From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com> Date: Thu, 7 Nov 2024 19:51:44 -0500 Subject: [PATCH 2/3] fix: fix existing functions and add others --- .../offensive/web-exploitation/zap.yml | 186 ++++++++++++++++-- 1 file changed, 175 insertions(+), 11 deletions(-) diff --git a/cybersecurity/offensive/web-exploitation/zap.yml b/cybersecurity/offensive/web-exploitation/zap.yml index e2d8a49..4fe8334 100644 --- a/cybersecurity/offensive/web-exploitation/zap.yml +++ b/cybersecurity/offensive/web-exploitation/zap.yml @@ -1,4 +1,11 @@ -description: The Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. +name: OWASP ZAP +description: | + OWASP Zed Attack Proxy (ZAP) is a security tool that helps find security vulnerabilities in web applications. + This integration uses the ZAP API to: + - Perform automated scans + - Spider web applications + - Execute active/passive scanning + - Generate security reports categories: - cybersecurity @@ -7,26 +14,144 @@ categories: functions: zap_baseline_scan: - description: Run a baseline target scan with ZAP, it runs the ZAP spider against the specified target for (by default) 1 minute and then waits for the passive scanning to complete before reporting the results. + name: ZAP Quick Scan. Run a baseline target scan with ZAP, it runs the ZAP spider against the specified target for (by default) 1 minute and then waits for the passive scanning to complete before reporting the results. + description: Perform a quick baseline scan of a target URL parameters: target: + description: Target URL to scan type: string - description: The URL of the target to scan. + required: true examples: - https://scanme.nmap.org/ container: - image: zaproxy/zap-stable + image: zaproxy/zap-stable:latest args: - --net=host + platform: linux/amd64 + force: true volumes: - - "${HOME}:/zap/wrk" - - cmdline: # https://www.zaproxy.org/docs/docker/about/ + - ./:/zap/wrk # Use relative path instead of env variable + cmdline: - zaproxy/zap-weekly - zap-baseline.py - -t - ${target} - - zap_headless_scan + - -I + + zap_full_scan: + name: | + ZAP Full Scan. It runs the ZAP spider against the specified target (by default with no time limit) followed by an optional ajax spider scan and then a full active scan before reporting the results. + This means that the script does perform actual ‘attacks’ and can potentially run for a long period of time. + + description: Perform a full active scan with custom configurations + parameters: + target: + description: Target URL to scan + type: string + required: true + examples: + - https://scanme.nmap.org/ + min_risk: + description: Minimum risk level (High, Medium, Low, Informational) + type: string + default: Low + examples: + - Low + spider_mins: + description: Spider duration in minutes + type: integer + default: 5 + examples: + - 1 + container: + image: zaproxy/zap-stable:latest + platform: linux/amd64 + force: true + volumes: + - ./:/zap/wrk # Use relative path instead of env variable + cmdline: + - zaproxy/zap-weekly + - zap-full-scan.py + - -t + - ${target} + - -l + - ${min_risk} + - -m + - ${spider_mins} + + zap_api_scan: + name: ZAP API Scan + description: Scan an API defined by OpenAPI/Swagger specification + parameters: + target: + description: The target open API spec URL. The Target URL has the following format - scheme://authority/path + type: string + required: true + examples: + - https://api.example.com + spec_url: + description: URL or path to OpenAPI/Swagger specification + type: string + required: true + examples: + - https://api.example.com/swagger.json + format: + description: Report format (html, xml, json, md) + type: string + default: html + examples: + - json + container: + image: zaproxy/zap-stable:latest + platform: linux/amd64 + force: true + volumes: + - ./:/zap/wrk # Use relative path instead of env variable + cmdline: + - zaproxy/zap-weekly + - zap-api-scan.py + - -t + - ${target} + - -f + - ${spec_url} + - -f + - ${format} + + zap_authenticated_scan: + name: ZAP Authenticated Scan + description: Perform a scan with authentication + parameters: + target: + description: Target URL to scan + type: string + required: true + examples: + - https://scanme.nmap.org/ + auth_script: + description: Path to authentication script + type: string + required: true + context_file: + description: Path to context file + type: string + required: true + container: + image: zaproxy/zap-stable:latest + platform: linux/amd64 + force: true + volumes: + - ./:/zap/wrk # Use relative path instead of env variable + - "${HOME}/${auth_script}:/zap/wrk/auth.js" + - "${HOME}/${context_file}:/zap/wrk/context.xml" + cmdline: + - zaproxy/zap-weekly + - zap-full-scan.py + - -t + - ${target} + - -n + - /zap/wrk/context.xml + - -s + - /zap/wrk/auth.js zap_scan_host_os_app: description: Run a baseline target scan with ZAP on a host OS app. @@ -35,13 +160,13 @@ functions: type: string description: IP addresses like localhost and 127.0.0.1 cannot be used to access an app running on the host OS from within a docker container. To get around this you can use the following code to get an IP address that will work. examples: - - "$(ip -f inet -o addr show docker0 | awk '{print $4}' | cut -d '/' -f 1)" + - $(ip -f inet -o addr show docker0 | awk '{print $4}' | cut -d '/' -f 1) container: image: zaproxy/zap-stable args: - --net=host volumes: - - "$(pwd):/zap/wrk" + - ./:/zap/wrk # Use relative path instead of env variable cmdline: # https://www.zaproxy.org/docs/docker/about/s - zaproxy/zap-weekly @@ -49,7 +174,7 @@ functions: - -t - ${localhost_app} - zap_scan_other_container: + zap_scan_host_container: description: Scan another container running on the host OS with ZAP. parameters: target: @@ -68,3 +193,42 @@ functions: - zap-baseline.py - -t - ${target} + +examples: + - name: Quick baseline scan + command: robopages run zap_baseline_scan --target https://example.com + description: Performs a baseline scan against a target website + + - name: Full scan with custom settings + command: | + robopages run zap_full_scan \ + --target https://example.com \ + --min_risk Medium \ + --spider_mins 10 + description: Performs a detailed scan with custom risk levels and spider duration + + - name: API scan + command: | + robopages run zap_api_scan \ + --target https://api.example.com \ + --spec_url https://api.example.com/swagger.json \ + --format json + description: Scans an API using its OpenAPI/Swagger specification + + - name: Authenticated scan + command: | + robopages run zap_authenticated_scan \ + --target https://example.com \ + --auth_script auth.js \ + --context_file context.xml + description: Performs a scan with authentication using custom scripts and context + +references: + - name: Official Documentation + url: https://www.zaproxy.org/docs/ + - name: ZAP API Documentation + url: https://www.zaproxy.org/docs/api/ + - name: Docker Hub + url: https://hub.docker.com/r/zaproxy/zap-stable + - name: Authentication Examples + url: https://www.zaproxy.org/docs/authentication/ From 8c358f80dd66282603bf6f7e4b850d09cecccf4c Mon Sep 17 00:00:00 2001 From: Ads Dawson <104169244+GangGreenTemperTatum@users.noreply.github.com> Date: Thu, 7 Nov 2024 19:55:02 -0500 Subject: [PATCH 3/3] chore: missing tag --- cybersecurity/offensive/web-exploitation/zap.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cybersecurity/offensive/web-exploitation/zap.yml b/cybersecurity/offensive/web-exploitation/zap.yml index 4fe8334..1f45378 100644 --- a/cybersecurity/offensive/web-exploitation/zap.yml +++ b/cybersecurity/offensive/web-exploitation/zap.yml @@ -162,7 +162,7 @@ functions: examples: - $(ip -f inet -o addr show docker0 | awk '{print $4}' | cut -d '/' -f 1) container: - image: zaproxy/zap-stable + image: zaproxy/zap-stable:latest args: - --net=host volumes: @@ -184,7 +184,7 @@ functions: - sagikazarmark/dvwa container: - image: zaproxy/zap-stable + image: zaproxy/zap-stable:latest args: - --net=zapnet