chore: wip example zapproxy

cybersecurity/offensive/web-exploitation/zap.yml

@@ -0,0 +1,234 @@
+name: OWASP ZAP
+description: |
+  OWASP Zed Attack Proxy (ZAP) is a security tool that helps find security vulnerabilities in web applications.
+  This integration uses the ZAP API to:
+  - Perform automated scans
+  - Spider web applications
+  - Execute active/passive scanning
+  - Generate security reports
+
+categories:
+  - cybersecurity
+  - offensive
+  - web-exploitation
+
+functions:
+  zap_baseline_scan:
+    name: ZAP Quick Scan. Run a baseline target scan with ZAP, it runs the ZAP spider against the specified target for (by default) 1 minute and then waits for the passive scanning to complete before reporting the results.
+    description: Perform a quick baseline scan of a target URL
+    parameters:
+      target:
+        description: Target URL to scan
+        type: string
+        required: true
+        examples:
+          - https://scanme.nmap.org/
+    container:
+      image: zaproxy/zap-stable:latest
+      args:
+        - --net=host
+      platform: linux/amd64
+      force: true
+      volumes:
+        - ./:/zap/wrk    # Use relative path instead of env variable
+    cmdline:
+      - zaproxy/zap-weekly
+      - zap-baseline.py
+      - -t
+      - ${target}
+      - -I
+
+  zap_full_scan:
+    name: |
+      ZAP Full Scan. It runs the ZAP spider against the specified target (by default with no time limit) followed by an optional ajax spider scan and then a full active scan before reporting the results.
+      This means that the script does perform actual ‘attacks’ and can potentially run for a long period of time.
+
+    description: Perform a full active scan with custom configurations
+    parameters:
+      target:
+        description: Target URL to scan
+        type: string
+        required: true
+        examples:
+          - https://scanme.nmap.org/
+      min_risk:
+        description: Minimum risk level (High, Medium, Low, Informational)
+        type: string
+        default: Low
+        examples:
+          - Low
+      spider_mins:
+        description: Spider duration in minutes
+        type: integer
+        default: 5
+        examples:
+          - 1
+    container:
+      image: zaproxy/zap-stable:latest
+      platform: linux/amd64
+      force: true
+      volumes:
+        - ./:/zap/wrk    # Use relative path instead of env variable
+    cmdline:
+      - zaproxy/zap-weekly
+      - zap-full-scan.py
+      - -t
+      - ${target}
+      - -l
+      - ${min_risk}
+      - -m
+      - ${spider_mins}
+
+  zap_api_scan:
+    name: ZAP API Scan
+    description: Scan an API defined by OpenAPI/Swagger specification
+    parameters:
+      target:
+        description: The target open API spec URL. The Target URL has the following format - scheme://authority/path
+        type: string
+        required: true
+        examples:
+          - https://api.example.com
+      spec_url:
+        description: URL or path to OpenAPI/Swagger specification
+        type: string
+        required: true
+        examples:
+          - https://api.example.com/swagger.json
+      format:
+        description: Report format (html, xml, json, md)
+        type: string
+        default: html
+        examples:
+          - json
+    container:
+      image: zaproxy/zap-stable:latest
+      platform: linux/amd64
+      force: true
+      volumes:
+        - ./:/zap/wrk    # Use relative path instead of env variable
+    cmdline:
+      - zaproxy/zap-weekly
+      - zap-api-scan.py
+      - -t
+      - ${target}
+      - -f
+      - ${spec_url}
+      - -f
+      - ${format}
+
+  zap_authenticated_scan:
+    name: ZAP Authenticated Scan
+    description: Perform a scan with authentication
+    parameters:
+      target:
+        description: Target URL to scan
+        type: string
+        required: true
+        examples:
+          - https://scanme.nmap.org/
+      auth_script:
+        description: Path to authentication script
+        type: string
+        required: true
+      context_file:
+        description: Path to context file
+        type: string
+        required: true
+    container:
+      image: zaproxy/zap-stable:latest
+      platform: linux/amd64
+      force: true
+      volumes:
+        - ./:/zap/wrk    # Use relative path instead of env variable
+        - "${HOME}/${auth_script}:/zap/wrk/auth.js"
+        - "${HOME}/${context_file}:/zap/wrk/context.xml"
+    cmdline:
+      - zaproxy/zap-weekly
+      - zap-full-scan.py
+      - -t
+      - ${target}
+      - -n
+      - /zap/wrk/context.xml
+      - -s
+      - /zap/wrk/auth.js
+
+  zap_scan_host_os_app:
+    description: Run a baseline target scan with ZAP on a host OS app.
+    parameters:
+      localhost_app:
+        type: string
+        description: IP addresses like localhost and 127.0.0.1 cannot be used to access an app running on the host OS from within a docker container. To get around this you can use the following code to get an IP address that will work.
+        examples:
+          - $(ip -f inet -o addr show docker0 | awk '{print $4}' | cut -d '/' -f 1)
+    container:
+      image: zaproxy/zap-stable
+      args:
+        - --net=host
+      volumes:
+        - ./:/zap/wrk    # Use relative path instead of env variable
+
+    cmdline: # https://www.zaproxy.org/docs/docker/about/s
+      - zaproxy/zap-weekly
+      - zap-baseline.py
+      - -t
+      - ${localhost_app}
+
+  zap_scan_host_container:
+    description: Scan another container running on the host OS with ZAP.
+    parameters:
+      target:
+        type: string
+        description: Other container running on the host OS.
+        examples:
+          - sagikazarmark/dvwa
+
+    container:
+      image: zaproxy/zap-stable
+      args:
+        - --net=zapnet
+
+    cmdline: # https://www.zaproxy.org/docs/docker/about/
+      - zaproxy/zap-weekly
+      - zap-baseline.py
+      - -t
+      - ${target}
+
+examples:
+  - name: Quick baseline scan
+    command: robopages run zap_baseline_scan --target https://example.com
+    description: Performs a baseline scan against a target website
+
+  - name: Full scan with custom settings
+    command: |
+      robopages run zap_full_scan \
+        --target https://example.com \
+        --min_risk Medium \
+        --spider_mins 10
+    description: Performs a detailed scan with custom risk levels and spider duration
+
+  - name: API scan
+    command: |
+      robopages run zap_api_scan \
+        --target https://api.example.com \
+        --spec_url https://api.example.com/swagger.json \
+        --format json
+    description: Scans an API using its OpenAPI/Swagger specification
+
+  - name: Authenticated scan
+    command: |
+      robopages run zap_authenticated_scan \
+        --target https://example.com \
+        --auth_script auth.js \
+        --context_file context.xml
+    description: Performs a scan with authentication using custom scripts and context
+
+references:
+  - name: Official Documentation
+    url: https://www.zaproxy.org/docs/
+  - name: ZAP API Documentation
+    url: https://www.zaproxy.org/docs/api/
+  - name: Docker Hub
+    url: https://hub.docker.com/r/zaproxy/zap-stable
+  - name: Authentication Examples
+    url: https://www.zaproxy.org/docs/authentication/