diff --git a/cybersecurity/offensive/web-exploitation/zap.yml b/cybersecurity/offensive/web-exploitation/zap.yml new file mode 100644 index 0000000..1f45378 --- /dev/null +++ b/cybersecurity/offensive/web-exploitation/zap.yml @@ -0,0 +1,234 @@ +name: OWASP ZAP +description: | + OWASP Zed Attack Proxy (ZAP) is a security tool that helps find security vulnerabilities in web applications. + This integration uses the ZAP API to: + - Perform automated scans + - Spider web applications + - Execute active/passive scanning + - Generate security reports + +categories: + - cybersecurity + - offensive + - web-exploitation + +functions: + zap_baseline_scan: + name: ZAP Quick Scan. Run a baseline target scan with ZAP, it runs the ZAP spider against the specified target for (by default) 1 minute and then waits for the passive scanning to complete before reporting the results. + description: Perform a quick baseline scan of a target URL + parameters: + target: + description: Target URL to scan + type: string + required: true + examples: + - https://scanme.nmap.org/ + container: + image: zaproxy/zap-stable:latest + args: + - --net=host + platform: linux/amd64 + force: true + volumes: + - ./:/zap/wrk # Use relative path instead of env variable + cmdline: + - zaproxy/zap-weekly + - zap-baseline.py + - -t + - ${target} + - -I + + zap_full_scan: + name: | + ZAP Full Scan. It runs the ZAP spider against the specified target (by default with no time limit) followed by an optional ajax spider scan and then a full active scan before reporting the results. + This means that the script does perform actual ‘attacks’ and can potentially run for a long period of time. + + description: Perform a full active scan with custom configurations + parameters: + target: + description: Target URL to scan + type: string + required: true + examples: + - https://scanme.nmap.org/ + min_risk: + description: Minimum risk level (High, Medium, Low, Informational) + type: string + default: Low + examples: + - Low + spider_mins: + description: Spider duration in minutes + type: integer + default: 5 + examples: + - 1 + container: + image: zaproxy/zap-stable:latest + platform: linux/amd64 + force: true + volumes: + - ./:/zap/wrk # Use relative path instead of env variable + cmdline: + - zaproxy/zap-weekly + - zap-full-scan.py + - -t + - ${target} + - -l + - ${min_risk} + - -m + - ${spider_mins} + + zap_api_scan: + name: ZAP API Scan + description: Scan an API defined by OpenAPI/Swagger specification + parameters: + target: + description: The target open API spec URL. The Target URL has the following format - scheme://authority/path + type: string + required: true + examples: + - https://api.example.com + spec_url: + description: URL or path to OpenAPI/Swagger specification + type: string + required: true + examples: + - https://api.example.com/swagger.json + format: + description: Report format (html, xml, json, md) + type: string + default: html + examples: + - json + container: + image: zaproxy/zap-stable:latest + platform: linux/amd64 + force: true + volumes: + - ./:/zap/wrk # Use relative path instead of env variable + cmdline: + - zaproxy/zap-weekly + - zap-api-scan.py + - -t + - ${target} + - -f + - ${spec_url} + - -f + - ${format} + + zap_authenticated_scan: + name: ZAP Authenticated Scan + description: Perform a scan with authentication + parameters: + target: + description: Target URL to scan + type: string + required: true + examples: + - https://scanme.nmap.org/ + auth_script: + description: Path to authentication script + type: string + required: true + context_file: + description: Path to context file + type: string + required: true + container: + image: zaproxy/zap-stable:latest + platform: linux/amd64 + force: true + volumes: + - ./:/zap/wrk # Use relative path instead of env variable + - "${HOME}/${auth_script}:/zap/wrk/auth.js" + - "${HOME}/${context_file}:/zap/wrk/context.xml" + cmdline: + - zaproxy/zap-weekly + - zap-full-scan.py + - -t + - ${target} + - -n + - /zap/wrk/context.xml + - -s + - /zap/wrk/auth.js + + zap_scan_host_os_app: + description: Run a baseline target scan with ZAP on a host OS app. + parameters: + localhost_app: + type: string + description: IP addresses like localhost and 127.0.0.1 cannot be used to access an app running on the host OS from within a docker container. To get around this you can use the following code to get an IP address that will work. + examples: + - $(ip -f inet -o addr show docker0 | awk '{print $4}' | cut -d '/' -f 1) + container: + image: zaproxy/zap-stable:latest + args: + - --net=host + volumes: + - ./:/zap/wrk # Use relative path instead of env variable + + cmdline: # https://www.zaproxy.org/docs/docker/about/s + - zaproxy/zap-weekly + - zap-baseline.py + - -t + - ${localhost_app} + + zap_scan_host_container: + description: Scan another container running on the host OS with ZAP. + parameters: + target: + type: string + description: Other container running on the host OS. + examples: + - sagikazarmark/dvwa + + container: + image: zaproxy/zap-stable:latest + args: + - --net=zapnet + + cmdline: # https://www.zaproxy.org/docs/docker/about/ + - zaproxy/zap-weekly + - zap-baseline.py + - -t + - ${target} + +examples: + - name: Quick baseline scan + command: robopages run zap_baseline_scan --target https://example.com + description: Performs a baseline scan against a target website + + - name: Full scan with custom settings + command: | + robopages run zap_full_scan \ + --target https://example.com \ + --min_risk Medium \ + --spider_mins 10 + description: Performs a detailed scan with custom risk levels and spider duration + + - name: API scan + command: | + robopages run zap_api_scan \ + --target https://api.example.com \ + --spec_url https://api.example.com/swagger.json \ + --format json + description: Scans an API using its OpenAPI/Swagger specification + + - name: Authenticated scan + command: | + robopages run zap_authenticated_scan \ + --target https://example.com \ + --auth_script auth.js \ + --context_file context.xml + description: Performs a scan with authentication using custom scripts and context + +references: + - name: Official Documentation + url: https://www.zaproxy.org/docs/ + - name: ZAP API Documentation + url: https://www.zaproxy.org/docs/api/ + - name: Docker Hub + url: https://hub.docker.com/r/zaproxy/zap-stable + - name: Authentication Examples + url: https://www.zaproxy.org/docs/authentication/