{ "info": { "author": "Daniel Grunwell (grunny)", "author_email": "mwgrunny@gmail.com", "bugtrack_url": null, "classifiers": [ "Intended Audience :: Developers", "Intended Audience :: Information Technology", "Topic :: Security", "Topic :: Software Development :: Libraries :: Python Modules", "Topic :: Software Development :: Quality Assurance", "Topic :: Software Development :: Testing" ], "description": "ZAP CLI\n=======\n\n.. image:: https://travis-ci.org/Grunny/zap-cli.svg?branch=master\n :target: https://travis-ci.org/Grunny/zap-cli\n\nA commandline tool that wraps the OWASP ZAP API for controlling ZAP and\nexecuting quick, targeted attacks.\n\nInstallation\n============\n\nTo install the latest release from PyPI, you can run the following command:\n\n::\n\n pip install --upgrade zapcli\n\nTo install the latest development version of ZAP CLI, you can run the\nfollowing:\n\n::\n\n pip install --upgrade git+https://github.com/Grunny/zap-cli.git\n\nTo install ZAP CLI for development, including the dependencies needed\nin order to run unit tests, clone this repository and use\n``pip install -e .[dev]``.\n\nUsage\n=====\n\nTo use ZAP CLI, you need to set the port ZAP runs on (defaults to 8090) and\nthe path to the folder in which ZAP is installed. These can be set either as\ncommandline parameters or with the environment variables ``ZAP_PORT`` and\n``ZAP_PATH``. If you have an API key set for ZAP, this can likewise be set\neither as a commandline parameter or with the ``ZAP_API_KEY`` environment\nvariable.\n\nZAP CLI can then be used with the following commands:\n\n::\n\n Usage: zap-cli [OPTIONS] COMMAND [ARGS]...\n\n ZAP CLI - A simple commandline tool for OWASP ZAP.\n\n Options:\n --boring Remove color from console output.\n -v, --verbose Add more verbose debugging output.\n --zap-path TEXT Path to the ZAP daemon. Defaults to /zap or the value of\n the environment variable ZAP_PATH.\n -p, --port INTEGER Port of the ZAP proxy. Defaults to 8090 or the value of\n the environment variable ZAP_PORT.\n --zap-url TEXT The URL of the ZAP proxy. Defaults to http://127.0.0.1\n or the value of the environment variable ZAP_URL.\n --api-key TEXT The API key for using the ZAP API if required. Defaults\n to the value of the environment variable ZAP_API_KEY.\n --log-path TEXT Path to the directory in which to save the ZAP output\n log file. Defaults to the value of the environment\n variable ZAP_LOG_PATH and uses the value of --zap-path\n if it is not set.\n --help Show this message and exit.\n\n Commands:\n active-scan Run an Active Scan.\n ajax-spider Run the AJAX Spider against a URL.\n alerts Show alerts at the given alert level.\n context Manage contexts for the current session.\n exclude Exclude a pattern from all scanners.\n open-url Open a URL using the ZAP proxy.\n policies Enable or list a set of policies.\n quick-scan Run a quick scan.\n report Generate XML, MD or HTML report.\n scanners Enable, disable, or list a set of scanners.\n scripts Manage scripts.\n session Manage sessions.\n shutdown Shutdown the ZAP daemon.\n spider Run the spider against a URL.\n start Start the ZAP daemon.\n status Check if ZAP is running.\n\nYou can use ``--help`` with any of the subcommands to get information on how to use\nthem.\n\nGetting started running a scan\n------------------------------\nIn order to run a scan, you can use either the ``active-scan`` or the ``quick-scan``\ncommand. The ``active-scan`` only runs an active scan against a URL that is already\nin ZAP's site tree (i.e. has already been opened using the ``open-url`` command or\nfound by running the ``spider``). The ``quick-scan`` command is intended to be a way\nto run quick scans of a site with most options contained within a single command\n(including being able to start and shutdown ZAP before and after), so you can do\neverything in one go. Without any other options passed to the command, ``quick-scan``\nwill open the URL to make sure it's in the site tree, run an active scan, and will\noutput any found alerts.\n\nAs an example, to run a quick scan of a URL that will open and spider the URL, scan\nrecursively, exclude URLs matching a given regex, and only use XSS and SQLi scanners,\nyou could run:\n\n::\n\n $ zap-cli quick-scan -s xss,sqli --spider -r -e \"some_regex_pattern\" http://127.0.0.1/\n [INFO] Running a quick scan for http://127.0.0.1/\n [INFO] Issues found: 1\n +----------------------------------+--------+----------+---------------------------------------------------------------------------------+\n | Alert | Risk | CWE ID | URL |\n +==================================+========+==========+=================================================================================+\n | Cross Site Scripting (Reflected) | High | 79 | http://127.0.0.1/index.php?foo=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E |\n +----------------------------------+--------+----------+---------------------------------------------------------------------------------+\n\nThe above example is equivalent to running the following commands in order:\n\n::\n\n $ zap-cli open-url http://127.0.0.1/\n [INFO] Accessing URL http://127.0.0.1/\n $ zap-cli exclude \"some_regex_pattern\"\n $ zap-cli spider http://127.0.0.1/\n [INFO] Running spider...\n $ zap-cli active-scan --scanners xss,sqli --recursive http://127.0.0.1/\n [INFO] Running an active scan...\n $ zap-cli alerts\n [INFO] Issues found: 1\n +----------------------------------+--------+----------+---------------------------------------------------------------------------------+\n | Alert | Risk | CWE ID | URL |\n +==================================+========+==========+=================================================================================+\n | Cross Site Scripting (Reflected) | High | 79 | http://127.0.0.1/index.php?foo=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E |\n +----------------------------------+--------+----------+---------------------------------------------------------------------------------+\n\nThe ``quick-scan`` command also has a ``--self-contained`` option (or ``-sc`` for short)\nwhich will first try to start ZAP if it isn't running already and shutdown ZAP once the\nscan is finished. For example:\n\n::\n\n $ zap-cli quick-scan --self-contained --spider -r -s xss http://127.0.0.1/\n [INFO] Starting ZAP daemon\n [INFO] Running a quick scan for http://127.0.0.1/\n [INFO] Issues found: 1\n +----------------------------------+--------+----------+---------------------------------------------------------------------------------+\n | Alert | Risk | CWE ID | URL |\n +==================================+========+==========+=================================================================================+\n | Cross Site Scripting (Reflected) | High | 79 | http://127.0.0.1/index.php?foo=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E |\n +----------------------------------+--------+----------+---------------------------------------------------------------------------------+\n [INFO] Shutting down ZAP daemon\n\nExtra start options\n-------------------\nYou can also pass extra options to the start command of ZAP using ``--start-options`` or ``-o``\nwith commands that allow it. For example, to start ZAP with a custom API key you could use:\n\n::\n\n $ zap-cli start --start-options '-config api.key=12345'\n\nOr to run a self-contained quick scan (that will start ZAP and shut it down after the scan\nis complete) with a custom API key, you could use:\n\n::\n\n $ zap-cli --api-key 12345 quick-scan --self-contained -o '-config api.key=12345' -s xss http://127.0.0.1/\n\nOr to run the same scan with the API key disabled:\n\n::\n\n $ zap-cli quick-scan -sc -o '-config api.disablekey=true' -s xss http://127.0.0.1/\n\nRunning scans as authenticated users\n------------------------------------\nIn order to run a scan as an authenticated user, first configure the authentication method and users for\na context using the ZAP UI (see the `ZAP help page `_\nfor more information). Once the authentication method and users are prepared, you can then export the context\nwith the configured authentication method so it can be imported and used to run authenticated scans with ZAP CLI.\n\nYou can export a context with the authentication method and users configured either through the ZAP UI or using the\n``context export`` ZAP CLI command. For example, to export a context with the name DevTest to a file, you could run:\n\n::\n\n $ zap-cli context export --name DevTest --file-path /home/user/DevTest.context\n\nTo import the saved context for use with ZAP CLI later, you could run:\n\n::\n\n $ zap-cli context import /home/user/DevTest.context\n\nAfter importing the context with the configured authentication method and users, you can then provide the context name\nand user name to the ``spider``, ``active-scan``, and ``quick-scan`` commands to run the scans while authenticated as\nthe given user. For example:\n\n::\n\n $ zap-cli context import /home/user/DevTest.context\n $ zap-cli open-url \"http://localhost/\"\n $ zap-cli spider --context-name DevTest --user-name SomeUser \"http://localhost\"\n $ zap-cli active-scan --recursive -c DevTest -u SomeUser \"http://localhost\"\n $ zap-cli quick-scan --recursive --spider -c DevTest -u SomeUser \"http://localhost\"\n", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/Grunny/zap-cli", "keywords": "", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "zapcli", "package_url": "https://pypi.org/project/zapcli/", "platform": "", "project_url": "https://pypi.org/project/zapcli/", "project_urls": { "Homepage": "https://github.com/Grunny/zap-cli" }, "release_url": "https://pypi.org/project/zapcli/0.10.0/", "requires_dist": null, "requires_python": "", "summary": "A ZAP CLI tool for targeted tests from the command line.", "version": "0.10.0" }, "last_serial": 4647473, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "fd4d937c7eebeaa37de5a37c931ffd61", "sha256": "b5da78f07653c33110d2ff6242386db5650cb26bf184747b1f16d6319de147df" }, "downloads": -1, "filename": "zapcli-0.1.0.tar.gz", "has_sig": false, "md5_digest": "fd4d937c7eebeaa37de5a37c931ffd61", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10747, "upload_time": "2015-10-14T06:48:54", "url": "https://files.pythonhosted.org/packages/3e/94/45a7256355db6efc1aaea240b0158913bcef97ee9905b694f8e05d09d086/zapcli-0.1.0.tar.gz" } ], "0.1.1": [ { "comment_text": "", "digests": { "md5": "5069e8779f5e1cf7ef3a1b04f023cfe4", "sha256": "bf947c1cd883e5334f49068beceb0cd9707f8567169dcaa0b41fe4ecba1a2367" }, "downloads": -1, "filename": "zapcli-0.1.1.tar.gz", "has_sig": false, "md5_digest": "5069e8779f5e1cf7ef3a1b04f023cfe4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10765, "upload_time": "2015-10-14T08:32:48", "url": "https://files.pythonhosted.org/packages/f6/ca/bfa9ef0403623dfa6b75d0c8f0168ab713a08d7dc0278a5af1e1d72ec7ca/zapcli-0.1.1.tar.gz" } ], "0.10.0": [ { "comment_text": "", "digests": { "md5": "082018621145fae7bcbcb75f398099bf", "sha256": "1106ca768e607a39c4eca89813affd845e3204e102036c93e2a3b576e159d5d9" }, "downloads": -1, "filename": "zapcli-0.10.0.tar.gz", "has_sig": false, "md5_digest": "082018621145fae7bcbcb75f398099bf", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 15621, "upload_time": "2018-12-31T05:29:01", "url": "https://files.pythonhosted.org/packages/98/cf/5d076434b8aa41839f1652afc8901d88f3fa396ace6971636c6231aa4dd5/zapcli-0.10.0.tar.gz" } ], "0.2.0": [ { "comment_text": "", "digests": { "md5": "432aa6e7d0522405b65ff6973e2d46c8", "sha256": "a8ea147d4c33fd22da43ba95b743b619521601626bd5ad7dabc29b57cd016d62" }, "downloads": -1, "filename": "zapcli-0.2.0.tar.gz", "has_sig": false, "md5_digest": "432aa6e7d0522405b65ff6973e2d46c8", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12271, "upload_time": "2016-02-21T08:43:17", "url": "https://files.pythonhosted.org/packages/0e/0e/b832cd72ddb99bc5f7c1c444bf6d9543f67b449882b7d88234f6f2414e9e/zapcli-0.2.0.tar.gz" } ], "0.2.1": [ { "comment_text": "", "digests": { "md5": "aa74e49db345a48b8e34b90323d6544a", "sha256": "677a97c381e613006ee0ba35188cf505cae7a382d1135470c2026056bb027b31" }, "downloads": -1, "filename": "zapcli-0.2.1.tar.gz", "has_sig": false, "md5_digest": "aa74e49db345a48b8e34b90323d6544a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12406, "upload_time": "2016-05-09T09:59:01", "url": "https://files.pythonhosted.org/packages/5f/d1/b511aed7af599337bd63e2079abea46c72dda71d2bceda6682c10ccc112e/zapcli-0.2.1.tar.gz" } ], "0.3.0": [ { "comment_text": "", "digests": { "md5": "819145317791aa78c05613190cee2475", "sha256": "998ea973edb5182895e0944cd3c8c16b39fe43678e4df53b5ab08181dbf74fdd" }, "downloads": -1, "filename": "zapcli-0.3.0.tar.gz", "has_sig": false, "md5_digest": "819145317791aa78c05613190cee2475", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12837, "upload_time": "2016-08-28T15:10:44", "url": "https://files.pythonhosted.org/packages/50/5c/d4d2f64a2b8bc527b47c996e7cde023ae1cc2b29ee055327fc573bd53943/zapcli-0.3.0.tar.gz" } ], "0.4.0": [ { "comment_text": "", "digests": { "md5": "bcde57f811200589843863685978e4ab", "sha256": "47a220426a06abd91ae75fd562367f93b5da6fe5717c0c8d2b57fbf030899f77" }, "downloads": -1, "filename": "zapcli-0.4.0.tar.gz", "has_sig": false, "md5_digest": "bcde57f811200589843863685978e4ab", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13118, "upload_time": "2016-10-09T14:44:43", "url": "https://files.pythonhosted.org/packages/a8/49/9bc96df930a654131be02a4d6f4810728bf9afdcd9df3291b685bd5b68c6/zapcli-0.4.0.tar.gz" } ], "0.5.0": [ { "comment_text": "", "digests": { "md5": "adb230e190f41057b92b96ffd7b98746", "sha256": "a27a202fe62ab25ebc030dbf0eb16adbcc6635ded20528828614ecb57a8da739" }, "downloads": -1, "filename": "zapcli-0.5.0.tar.gz", "has_sig": false, "md5_digest": "adb230e190f41057b92b96ffd7b98746", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14027, "upload_time": "2017-03-27T17:30:40", "url": "https://files.pythonhosted.org/packages/c3/e3/dd713672d3d26eb5593883a96a42698a27babc1f5146b01632a3d9887907/zapcli-0.5.0.tar.gz" } ], "0.6.0": [ { "comment_text": "", "digests": { "md5": "982cee80106f0dae61a780439b842695", "sha256": "0f7ee2f514bf3f6df93b82212f3a6ec62b8b78fea9ae7f3785358fec4c9ec03c" }, "downloads": -1, "filename": "zapcli-0.6.0.tar.gz", "has_sig": false, "md5_digest": "982cee80106f0dae61a780439b842695", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14012, "upload_time": "2017-03-29T11:28:07", "url": "https://files.pythonhosted.org/packages/6d/22/ad4855a5c65f8145dbc3204c2594b2ef28c66daf813328fd40b30f9c0bd7/zapcli-0.6.0.tar.gz" } ], "0.7.0": [ { "comment_text": "", "digests": { "md5": "0dfd9de9b219c8fa098b0f123d0ae3c7", "sha256": "00583de34c13e69b6f128290dd4d16dda1900ecefa228261d57d4792c6f47a7a" }, "downloads": -1, "filename": "zapcli-0.7.0.tar.gz", "has_sig": false, "md5_digest": "0dfd9de9b219c8fa098b0f123d0ae3c7", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14665, "upload_time": "2017-05-14T16:39:00", "url": "https://files.pythonhosted.org/packages/ac/f9/601295977707285966d20da66eefbbd4c77a1268d5df4a0bf7edca35fadc/zapcli-0.7.0.tar.gz" } ], "0.8.0": [ { "comment_text": "", "digests": { "md5": "87580f59fc57095252415ca70c1b0634", "sha256": "e35f435b5a6b8d2ef67aac66cb9f7cd72077e6a788e1de494d7e16dba40df6f7" }, "downloads": -1, "filename": "zapcli-0.8.0.tar.gz", "has_sig": false, "md5_digest": "87580f59fc57095252415ca70c1b0634", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14764, "upload_time": "2017-07-11T09:41:47", "url": "https://files.pythonhosted.org/packages/34/b9/71da968f7e276248c7a6745d1ce93cfeb089c25015b7c3a8e4725f4b776f/zapcli-0.8.0.tar.gz" } ], "0.8.1": [ { "comment_text": "", "digests": { "md5": "d7fc6fa573954f300dab958174799ec5", "sha256": "e3d34af7e1906543043cba1cee3d3fecfe9247d5b5264ad896f3ea5fd546b1e0" }, "downloads": -1, "filename": "zapcli-0.8.1.tar.gz", "has_sig": false, "md5_digest": "d7fc6fa573954f300dab958174799ec5", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14762, "upload_time": "2017-07-20T16:52:55", "url": "https://files.pythonhosted.org/packages/81/95/5539418151b67c2abbcee3e04ae1e42c136af3ea885cb9bd03a3335c59b5/zapcli-0.8.1.tar.gz" } ], "0.9.0": [ { "comment_text": "", "digests": { "md5": "7b4e9ac5fb5d032eb9e608f7f52e7840", "sha256": "923d189e9b7d1fd8dbe73b0bed42be983001b608e84aa472d3040ca18fa1cba2" }, "downloads": -1, "filename": "zapcli-0.9.0.tar.gz", "has_sig": false, "md5_digest": "7b4e9ac5fb5d032eb9e608f7f52e7840", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 17213, "upload_time": "2017-11-01T16:08:16", "url": "https://files.pythonhosted.org/packages/17/e7/bd4391d61d3299f15e2750f4e9a11aa447186c0f64b40872bbaf33e6eac7/zapcli-0.9.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "082018621145fae7bcbcb75f398099bf", "sha256": "1106ca768e607a39c4eca89813affd845e3204e102036c93e2a3b576e159d5d9" }, "downloads": -1, "filename": "zapcli-0.10.0.tar.gz", "has_sig": false, "md5_digest": "082018621145fae7bcbcb75f398099bf", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 15621, "upload_time": "2018-12-31T05:29:01", "url": "https://files.pythonhosted.org/packages/98/cf/5d076434b8aa41839f1652afc8901d88f3fa396ace6971636c6231aa4dd5/zapcli-0.10.0.tar.gz" } ] }