Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: wip example zapproxy #18

Merged
merged 3 commits into from
Nov 8, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
234 changes: 234 additions & 0 deletions cybersecurity/offensive/web-exploitation/zap.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,234 @@
name: OWASP ZAP
description: |
OWASP Zed Attack Proxy (ZAP) is a security tool that helps find security vulnerabilities in web applications.
This integration uses the ZAP API to:
- Perform automated scans
- Spider web applications
- Execute active/passive scanning
- Generate security reports

categories:
- cybersecurity
- offensive
- web-exploitation

functions:
zap_baseline_scan:
name: ZAP Quick Scan. Run a baseline target scan with ZAP, it runs the ZAP spider against the specified target for (by default) 1 minute and then waits for the passive scanning to complete before reporting the results.
description: Perform a quick baseline scan of a target URL
parameters:
target:
description: Target URL to scan
type: string
required: true
examples:
- https://scanme.nmap.org/
container:
image: zaproxy/zap-stable:latest
args:
- --net=host
platform: linux/amd64
force: true
volumes:
- ./:/zap/wrk # Use relative path instead of env variable
cmdline:
- zaproxy/zap-weekly
- zap-baseline.py
- -t
- ${target}
- -I

zap_full_scan:
name: |
ZAP Full Scan. It runs the ZAP spider against the specified target (by default with no time limit) followed by an optional ajax spider scan and then a full active scan before reporting the results.
This means that the script does perform actual ‘attacks’ and can potentially run for a long period of time.

description: Perform a full active scan with custom configurations
parameters:
target:
description: Target URL to scan
type: string
required: true
examples:
- https://scanme.nmap.org/
min_risk:
description: Minimum risk level (High, Medium, Low, Informational)
type: string
default: Low
examples:
- Low
spider_mins:
description: Spider duration in minutes
type: integer
default: 5
examples:
- 1
container:
image: zaproxy/zap-stable:latest
platform: linux/amd64
force: true
volumes:
- ./:/zap/wrk # Use relative path instead of env variable
cmdline:
- zaproxy/zap-weekly
- zap-full-scan.py
- -t
- ${target}
- -l
- ${min_risk}
- -m
- ${spider_mins}

zap_api_scan:
name: ZAP API Scan
description: Scan an API defined by OpenAPI/Swagger specification
parameters:
target:
description: The target open API spec URL. The Target URL has the following format - scheme://authority/path
type: string
required: true
examples:
- https://api.example.com
spec_url:
description: URL or path to OpenAPI/Swagger specification
type: string
required: true
examples:
- https://api.example.com/swagger.json
format:
description: Report format (html, xml, json, md)
type: string
default: html
examples:
- json
container:
image: zaproxy/zap-stable:latest
platform: linux/amd64
force: true
volumes:
- ./:/zap/wrk # Use relative path instead of env variable
cmdline:
- zaproxy/zap-weekly
- zap-api-scan.py
- -t
- ${target}
- -f
- ${spec_url}
- -f
- ${format}

zap_authenticated_scan:
name: ZAP Authenticated Scan
description: Perform a scan with authentication
parameters:
target:
description: Target URL to scan
type: string
required: true
examples:
- https://scanme.nmap.org/
auth_script:
description: Path to authentication script
type: string
required: true
context_file:
description: Path to context file
type: string
required: true
container:
image: zaproxy/zap-stable:latest
platform: linux/amd64
force: true
volumes:
- ./:/zap/wrk # Use relative path instead of env variable
- "${HOME}/${auth_script}:/zap/wrk/auth.js"
- "${HOME}/${context_file}:/zap/wrk/context.xml"
cmdline:
- zaproxy/zap-weekly
- zap-full-scan.py
- -t
- ${target}
- -n
- /zap/wrk/context.xml
- -s
- /zap/wrk/auth.js

zap_scan_host_os_app:
description: Run a baseline target scan with ZAP on a host OS app.
parameters:
localhost_app:
type: string
description: IP addresses like localhost and 127.0.0.1 cannot be used to access an app running on the host OS from within a docker container. To get around this you can use the following code to get an IP address that will work.
examples:
- $(ip -f inet -o addr show docker0 | awk '{print $4}' | cut -d '/' -f 1)
container:
image: zaproxy/zap-stable:latest
args:
- --net=host
volumes:
- ./:/zap/wrk # Use relative path instead of env variable

cmdline: # https://www.zaproxy.org/docs/docker/about/s
- zaproxy/zap-weekly
- zap-baseline.py
- -t
- ${localhost_app}

zap_scan_host_container:
description: Scan another container running on the host OS with ZAP.
parameters:
target:
type: string
description: Other container running on the host OS.
examples:
- sagikazarmark/dvwa

container:
image: zaproxy/zap-stable:latest
args:
- --net=zapnet

cmdline: # https://www.zaproxy.org/docs/docker/about/
- zaproxy/zap-weekly
- zap-baseline.py
- -t
- ${target}

examples:
- name: Quick baseline scan
command: robopages run zap_baseline_scan --target https://example.com
description: Performs a baseline scan against a target website

- name: Full scan with custom settings
command: |
robopages run zap_full_scan \
--target https://example.com \
--min_risk Medium \
--spider_mins 10
description: Performs a detailed scan with custom risk levels and spider duration

- name: API scan
command: |
robopages run zap_api_scan \
--target https://api.example.com \
--spec_url https://api.example.com/swagger.json \
--format json
description: Scans an API using its OpenAPI/Swagger specification

- name: Authenticated scan
command: |
robopages run zap_authenticated_scan \
--target https://example.com \
--auth_script auth.js \
--context_file context.xml
description: Performs a scan with authentication using custom scripts and context

references:
- name: Official Documentation
url: https://www.zaproxy.org/docs/
- name: ZAP API Documentation
url: https://www.zaproxy.org/docs/api/
- name: Docker Hub
url: https://hub.docker.com/r/zaproxy/zap-stable
- name: Authentication Examples
url: https://www.zaproxy.org/docs/authentication/