Introduction
Overview
Welcome to ZAP API Documentation! The OWASP Zed Attack Proxy (ZAP) is one of the world's most popular free security tools which lets you automatically find security vulnerabilities in your applications. ZAP also has an extremely powerful API that allows you to do nearly everything that is possible via the desktop interface. This allows the developers to automate pentesting and security regression testing of the application in the CI/CD pipeline.
This document provides example guides & API definitions for ZAP APIs. You can view code examples in the dark area to the right; switch the programming language of the examples with the tabs on the top right. If anything is missing or seems incorrect, please check the FAQs or the GitHub issues for existing known issues. Also, if you are new to ZAP, then check out the getting started guide to learn the basic concepts behind ZAP.
The following are some of the features provided by ZAP:
- Intercepting Proxy
- Active and Passive Scanners
- Traditional and Ajax Spiders
- Brute Force Scanner
- Port Scanner
- Web Sockets
Have a look at the examples below to learn how to use each of these features via ZAP API.
Documentation Structure
The API documentation is divided into nine main sections.
- Introduction section contains introductory information of ZAP and installation guide to set up ZAP for testing.
- Exploring the App section contains examples on how to explore the web application.
- Attacking the App section contains examples on how to scan or attack a web application.
- Getting the Results section contains examples on how to retrieve alerts and generate Reports from ZAP.
- Getting Authenticated section contains examples on how to authenticate the web application with ZAP.
- Advanced Settings section contains advanced configurations on how to fine tune ZAP results.
- Contributions section contains guidelines and instructions on how to contribute to ZAP's documentation.
- API Catalogue section contains OpenAPI definitions and auto generated code for ZAP APIs.
- Troubleshooting section contains solutions for trouble shooting ZAP API related issues.
Basics on the API Request
ZAP APIs provide access to most of the core features of ZAP such as the active scanner and spider. ZAP API is enabled by default in the daemon mode and the desktop mode. If you are using ZAP desktop, then the API can be configured by visiting the following screen:
Tools -> Options -> API.
Please note that not all the operations which are available in the desktop interface are available via the APIs. Future versions of ZAP will increase the functionality/scope available via the APIs.
API URL Format
The API is available via GET and POST endpoints and the response is available in JSON, XML, HTML, and OTHER (custom formats, e.g. HAR) formats.
All the response formats return the same information, just in a different format. Based on the use case, choose the appropriate format.
For example, to generate easily readable reports use the HTML format and use XML/JSON based response to parse the results quickly.
The following example shows the API URL format of ZAP:
http://zap/<format>/<component>/<operation>/<operation name>[/?<parameters>]
The format can be either JSON, XML or HTML. The operation can be either view or action or other. The view operation is used to return
information and the action is used to control ZAP. For example, views can be used to generated reports or retrieve results and
action can be used to start or stop the Spider. The components, operation names and parameters can all be discovered by
browsing the API Catalogue.
Access the API
The REST API can be accessed directly or via one of the client implementations detailed below.
A simple web UI is also available to explore and use the APIs via the browser. This web UI can be accessed via http://zap/
when you are proxying through ZAP, or via the host and port ZAP is listening on, e.g. http://localhost:8080/.
By default only the machine ZAP is running on is able to access the APIs. You can allow other machines, that are able to use ZAP as a proxy, access to the API.
Client SDKs
API clients are available for the following languages:
| Language | Download links | Notes |
|---|---|---|
| .NET | NuGet | Official API |
| Java | GitHub Maven Central | Official API |
| Node.js | NPM | Official API |
| PHP | GitHub Packagist | In process of becoming an official API |
| Python | PyPI | Official API |
| Ruby | GitHub |
Quick Setup Guide
The quick setup guide focuses on setting up ZAP and a testing application. If you have already setup ZAP then Jump to specific example to experiment with specific features.
Start ZAP
# For Linux, Option: 1, using "headless/daemon" mode
<ZAP_HOME>./zap.sh -daemon -config api.key=change-me-9203935709
# For Linux, Option: 2, using ZAP desktop App
<ZAP_HOME>./zap.sh
# For Windows, Run the exe file or zap.bat script to start ZAP
// For Linux, Option: 1, using "headless/daemon" mode
<ZAP_HOME>./zap.sh -daemon -config api.key=change-me-9203935709
// For Linux, Option: 2, using ZAP desktop App
<ZAP_HOME>./zap.sh
// For Windows, Run the exe file or zap.bat script to start ZAP
# For Linux, Option: 1, using "headless/daemon" mode
$ <ZAP_HOME>./zap.sh -daemon -config api.key=change-me-9203935709
# For Linux, Option: 2, using ZAP desktop App
$ <ZAP_HOME>./zap.sh
# For Windows, Run the exe file or zap.bat script to start ZAP
To install ZAP, go to ZAP's home page and download the installer specific to the operating system. After extracting the bundle you can start ZAP by issuing the following command shown in the right column.
The API key must be specified on all API actions and some other operations. The API key is used to prevent malicious
sites from accessing ZAP API.
Setup a Testing Application
If you already have a website to scan or to perform security testing, then obtain the URL/IP of the application to begin the scanning. The example guide uses Google's Firing Range and OWASP Juice Shop to perform the security testing. The Spidering and Attacking examples use the public instance of the Firing Range, and OWASP Juice Shop are used to showcase the Authentication examples of ZAP.
The following is a list of publicly available vulnerable applications that you can also used in conjunction with ZAP.
Getting Help
All available APIs are documented in the API Catalogue. If you are new to ZAP, then it's highly recommended that you experiment with the desktop UI before trying out the APIs. Because ZAP's APIs strongly resemble the desktop UI. Therefore by working with the UI, you will get a good understanding on how to orchestrate ZAP's APIs. Also, use the export config functionality from the desktop UI to export complex configurations such as contexts, scan policies, etc. Then use the exported configurations when creating the automation scripts.
ZAP has a very friendly and active developer community. Always feel free to raise a question in the ZAP users forum or Stack Overflow for issues related to ZAP. Also, use the ZAP's GitHub repository to raise a bug report or to make any feature requests.
Stay tuned on twitter @zaproxy.
Exploring the App
In order to expose content and functionality for ZAP to test the target the application should be explored before performing any scan or attack. The more you explore your App the more accurate the results will be. If the application is not explored very well then it will impact or reduce the vulnerabilities ZAP can find.
The following are some of the options to explore the site by using ZAP. You can use multiple approaches in a combination to get more complete coverage of the application.
Traditional Spider (Crawler): Use this approach to crawl the HTML resources (hyperlinks etc) in the web application.
Ajax Spider: Use this feature if the application heavily relies with Ajax calls.
Proxy Regression / Unit Tests This is the recommended approach for security regression testing. Use this approach to explore the application, if you already have a test suite or unit tests in place.
OpenAPI/SOAP Definition: Use this approach if you have a well defined OpenAPI definition. The OpenAPI plugin can be downloaded via the marketplace.
Using Spider
#!/usr/bin/env python
import time
from zapv2 import ZAPv2
# The URL of the application to be tested
target = 'https://public-firing-range.appspot.com'
# Change to match the API key set in ZAP, or use None if the API key is disabled
apiKey = 'changeMe'
# By default ZAP API client will connect to port 8080
zap = ZAPv2(apikey=apiKey)
# Use the line below if ZAP is not listening on port 8080, for example, if listening on port 8090
# zap = ZAPv2(apikey=apiKey, proxies={'http': 'http://127.0.0.1:8090', 'https': 'http://127.0.0.1:8090'})
print('Spidering target {}'.format(target))
# The scan returns a scan id to support concurrent scanning
scanID = zap.spider.scan(target)
while int(zap.spider.status(scanID)) < 100:
# Poll the status until it completes
print('Spider progress %: {}'.format(zap.spider.status(scanID)))
time.sleep(1)
print('Spider has completed!')
# Prints the URLs the spider has crawled
print('\n'.join(map(str, zap.spider.results(scanID))))
# If required post process the spider results
# TODO: Explore the Application more with Ajax Spider or Start scanning the application for vulnerabilities
public class Spider {
private static final String ZAP_ADDRESS = "localhost";
private static final int ZAP_PORT = 8080;
// Change to match the API key set in ZAP, or use NULL if the API key is disabled
private static final String ZAP_API_KEY = "change me";
// The URL of the application to be tested
private static final String TARGET = "https://public-firing-range.appspot.com";
public static void main(String[] args) {
ClientApi api = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);
try {
// Start spidering the target
System.out.println("Spidering target : " + TARGET);
ApiResponse resp = api.spider.scan(TARGET, null, null, null, null);
String scanID;
int progress;
// The scan returns a scan id to support concurrent scanning
scanID = ((ApiResponseElement) resp).getValue();
// Poll the status until it completes
while (true) {
Thread.sleep(1000);
progress = Integer.parseInt(((ApiResponseElement) api.spider.status(scanID)).getValue());
System.out.println("Spider progress : " + progress + "%");
if (progress >= 100) {
break;
}
}
System.out.println("Spider completed");
// If required post process the spider results
List<ApiResponse> spiderResults = ((ApiResponseList) api.spider.results(scanID)).getItems();
// TODO: Explore the Application more with Ajax Spider or Start scanning the application for vulnerabilities
} catch (Exception e) {
System.out.println("Exception : " + e.getMessage());
e.printStackTrace();
}
}
}
# To start the Spider scan (Response: Scan ID). Modify the API Key and URL to suite the target
$ curl "http://localhost:8080/JSON/spider/action/scan/?apikey=<ZAP_API_KEY>&url=https://public-firing-range.appspot.com&contextName=&recurse="
# To view the scan status/ percentage of work done
$ curl "http://localhost:8080/JSON/spider/view/status/?apikey=<ZAP_API_KEY>&scanId=<SCAN_ID>"
# To view the scan results
$ curl "http://localhost:8080/JSON/spider/view/results/?apikey=<ZAP_API_KEY>&scanId=<SCAN_ID>"
# To stop the scanning
$ curl "http://localhost:8080/JSON/spider/action/stop/?apikey=<ZAP_API_KEY>&scanId=<SCAN_ID>"
# To pause the scanning
$ curl "http://localhost:8080/JSON/spider/action/pause/?apikey=<ZAP_API_KEY>&scanId=<SCAN_ID>"
# To resume the scanning
$ curl "http://localhost:8080/JSON/spider/action/resume/?apikey=<ZAP_API_KEY>&scanId=<SCAN_ID>"
The Spider is a tool that is used to automatically discover new resources (URLs) on a particular site. It begins with a list of URLs to visit, called the seeds, which depends on how the Spider is started. The Spider then visits these URLs, it identifies all the hyperlinks in the page and adds them to the list of URLs to visit, and the process continues recursively as long as new resources are found. Each response type is processed differently in ZAP. All the available endpoints for the spider can be found in spider section.
Start the Spider
The Spiders explore the site and they don't actually do any scanning. The resources crawled by the Spider(s) are passively scanned in the background via the Passive Scanner. The scan API runs the spider against the given URL. Optionally, the 'maxChildren' parameter can be set to limit the number of children scanned and the 'recurse' parameter can be used to prevent the spider from seeding recursively. The parameter 'subtreeOnly' allows to restrict the spider under a site's subtree (using the specified 'URL'). The parameter 'contextName' can be used to constrain the scan to a Context. View the context example to understand how to create a context with ZAP API.
The code sample on the right recursively scans the application with the provided URL. The scan ID is returned as a response when starting the Spider. Use this scan ID to perform any additional actions or to retrieve any views from the Spider API.
View Status
The spider scan is a async request and the time to complete the task will vary depending on the complexity of the web application. The scan ID returned via starting the spider should be used to obtain the results of the crawling. Execute the status API to get the status/percentage of work done by the Spider.
View Spider Results
The results of the crawling can be obtained via the results API. The following image shows the JSON sample response provided by the results API, listing all the resources crawled by Spider.
Stop or Pause the Spider
If the scanning takes more time than expected you can stop or pause the scanning via using the stop or pause APIs. Additional APIs are available in the API Catalogue to pause or resume or to stop All the scanning processes.
The advanced section on Spider contains more examples on how to tweak/improve the Spider results.
Using Ajax Spider
#!/usr/bin/env python
import time
from zapv2 import ZAPv2
# The URL of the application to be tested
target = 'https://public-firing-range.appspot.com'
# Change to match the API key set in ZAP, or use None if the API key is disabled
apiKey = 'changeme'
# By default ZAP API client will connect to port 8080
zap = ZAPv2(apikey=apiKey)
# Use the line below if ZAP is not listening on port 8080, for example, if listening on port 8090
# zap = ZAPv2(apikey=apiKey, proxies={'http': 'http://127.0.0.1:8090', 'https': 'http://127.0.0.1:8090'})
print('Ajax Spider target {}'.format(target))
scanID = zap.ajaxSpider.scan(target)
timeout = time.time() + 60*2 # 2 minutes from now
# Loop until the ajax spider has finished or the timeout has exceeded
while zap.ajaxSpider.status == 'running':
if time.time() > timeout:
break
print('Ajax Spider status' + zap.ajaxSpider.status)
time.sleep(2)
print('Ajax Spider completed')
ajaxResults = zap.ajaxSpider.results(start=0, count=10)
# If required perform additional operations with the Ajax Spider results
# TODO: Start scanning the application to find vulnerabilities
public class AjaxSpider {
private static final int ZAP_PORT = 8080;
private static final String ZAP_API_KEY = null;
private static final String ZAP_ADDRESS = "localhost";
private static final String TARGET = "https://public-firing-range.appspot.com";
public static void main(String[] args) {
// Create the ZAP Client
ClientApi api = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);
try {
// Start spidering the target
System.out.println("Ajax Spider target : " + TARGET);
ApiResponse resp = api.ajaxSpider.scan(TARGET, null, null, null);
String status;
long startTime = System.currentTimeMillis();
long timeout = TimeUnit.MINUTES.toMillis(2); // Two minutes in milli seconds
// Loop until the ajax spider has finished or the timeout has exceeded
while (true) {
Thread.sleep(2000);
status = (((ApiResponseElement) api.ajaxSpider.status()).getValue());
System.out.println("Spider status : " + status);
if (!("stopped".equals(status)) || (System.currentTimeMillis() - startTime) < timeout) {
break;
}
}
System.out.println("Ajax Spider completed");
// Perform additional operations with the Ajax Spider results
List<ApiResponse> ajaxSpiderResponse = ((ApiResponseList) api.ajaxSpider.results("0", "10")).getItems();
// TODO: Start scanning(passive/active scan) the application to find vulnerabilities
} catch (Exception e) {
System.out.println("Exception : " + e.getMessage());
e.printStackTrace();
}
}
}
# To start the Ajax Spider
$ curl "http://localhost:8080/JSON/ajaxSpider/action/scan/?apikey=<ZAP_API_KEY>&url=<URL>&inScope=&contextName=&subtreeOnly="
# To view the status
$ curl "http://localhost:8080/JSON/ajaxSpider/view/status/?apikey=<ZAP_API_KEY>"
# To view the number of results
$ curl "http://localhost:8080/JSON/ajaxSpider/view/numberOfResults/?apikey=<ZAP_API_KEY>"
# To view the results
$ curl "http://localhost:8080/JSON/ajaxSpider/view/fullResults/?apikey=<ZAP_API_KEY>"
# To stop the Ajax Spider
$ curl "http://localhost:8080/JSON/ajaxSpider/action/stop/?apikey=<ZAP_API_KEY>"
Use the Ajax Spider if you have applications which heavily depend on Ajax or JavaScript. The Ajax Spider allows you to crawl web applications written in Ajax in far more depth than the traditional Spider.You should also use the traditional Spider as well for complete coverage of a application (e.g. to cover HTML comments).
Start Ajax Spider
The scan API starts the Ajax Spider based on a given URL. Similar to the Traditional Spider, Ajax Spider can be also limited to a context or scope. The parameter 'contextName' can be used to constrain the scan to a Context, the option 'inScope' is ignored if a context was also specified. The parameter 'subtreeOnly' allows to restrict the spider under a site's subtree (using the specified 'URL').
View Status
Unlike the traditional Spider, Ajax Spider does not provide a percentage for the work to be done. Use the status endpoint to identify whether the Ajax Spider is still active or finished.
View Results
Similar to the Traditional Spider, the Ajax Spider's results API can be used to view the resources which are crawled by the Ajax Spider. The following image shows a sample response given by the API.
Stop the Ajax Spider
Ajax spider does not have an indication on how much resources are left to be crawled. Therefore if the Ajax spider takes too much time than expected, then it can be stopped by using the stop API.
View the advanced section on Ajax Spider to learn more about how to further fine-tune the results of the Ajax Spider.
Attacking the App
The application should be explored before starting to scan for security vulnerabilities. If you haven't done that look at the explore section on how to explore the web application. The following section provides examples on how to use the Passive and Active Scanner to find security vulnerabilities in the application.
Using Passive Scan
public class PassiveScan {
private static final int ZAP_PORT = 8080;
private static final String ZAP_API_KEY = null;
private static final String ZAP_ADDRESS = "localhost";
public static void main(String[] args) {
ClientApi api = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);
int numberOfRecords;
try {
// TODO : explore the app (Spider, etc) before using the Passive Scan API, Refer the explore section for details
// Loop until the passive scan has finished
while (true) {
Thread.sleep(2000);
api.pscan.recordsToScan();
numberOfRecords = Integer.parseInt(((ApiResponseElement) api.pscan.recordsToScan()).getValue());
System.out.println("Number of records left for scanning : " + numberOfRecords);
if (numberOfRecords == 0) {
break;
}
}
System.out.println("Passive Scan completed");
// Print Passive scan results/alerts
System.out.println("Alerts:");
System.out.println(new String(api.core.xmlreport(), StandardCharsets.UTF_8));
} catch (Exception e) {
System.out.println("Exception : " + e.getMessage());
e.printStackTrace();
}
}
}
#!/usr/bin/env python
import time
from pprint import pprint
from zapv2 import ZAPv2
apiKey = 'changeme'
target = 'https://public-firing-range.appspot.com'
zap = ZAPv2(apikey=apiKey, proxies={'http': 'http://127.0.0.1:8080', 'https': 'http://127.0.0.1:8080'})
# TODO : explore the app (Spider, etc) before using the Passive Scan API, Refer the explore section for details
while int(zap.pscan.records_to_scan) > 0:
# Loop until the passive scan has finished
print('Records to passive scan : ' + zap.pscan.records_to_scan)
time.sleep(2)
print('Passive Scan completed')
# Print Passive scan results/alerts
print('Hosts: {}'.format(', '.join(zap.core.hosts)))
print('Alerts: ')
pprint(zap.core.alerts())
# To view the number of records left to be scanned
$ curl "http://localhost:8080/JSON/pscan/view/recordsToScan/?apikey=<ZAP_API_KEY>"
# To view the alerts of passive scan
$ curl "http://localhost:8080/JSON/core/view/alerts/?apikey=<ZAP_API_KEY>&baseurl=<TARGET_URL>&start=0&count=10"
All requests that are proxied through ZAP or initialised by tools like the Spider are passively scanned. You do not have
to manually start the passive scan process, ZAP by default passively scans all HTTP and WebSocket messages (requests and responses)
which are sent to the application.
Passive scanning does not change the requests nor the responses in any way and is therefore safe to use. This is good for finding problems like missing security headers or missing anti CSRF tokens but is no good for finding vulnerabilities like XSS which require malicious requests to be sent - that's the job of the active scanner.
View the Status
As the records are passively scanned it will take additional time to complete the full scan. After the crawling is completed use the recordsToScan API to obtain the number of records left to be scanned. After the scanning has completed the alerts can be obtained via the alerts endpoint(s).
View the advanced section to know how to configure additional parameters of Passive Scan.
Using Active Scan
Active scanning attempts to find potential vulnerabilities by using known attacks against the selected targets. Active scanning is an attack on those targets. You should NOT use it on applications that you do not have permission to.
Start Active Scanner
public class ActiveScan {
private static final int ZAP_PORT = 8080;
private static final String ZAP_API_KEY = null;
private static final String ZAP_ADDRESS = "localhost";
private static final String TARGET = "https://public-firing-range.appspot.com";
public static void main(String[] args) {
ClientApi api = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);
try {
// TODO : explore the app (Spider, etc) before using the Active Scan API, Refer the explore section
System.out.println("Active Scanning target : " + TARGET);
ApiResponse resp = api.ascan.scan(TARGET, "True", "False", null, null, null);
String scanid;
int progress;
// The scan now returns a scan id to support concurrent scanning
scanid = ((ApiResponseElement) resp).getValue();
// Poll the status until it completes
while (true) {
Thread.sleep(5000);
progress =
Integer.parseInt(
((ApiResponseElement) api.ascan.status(scanid)).getValue());
System.out.println("Active Scan progress : " + progress + "%");
if (progress >= 100) {
break;
}
}
System.out.println("Active Scan complete");
// Print vulnerabilities found by the scanning
System.out.println("Alerts:");
System.out.println(new String(api.core.xmlreport(), StandardCharsets.UTF_8));
} catch (Exception e) {
System.out.println("Exception : " + e.getMessage());
e.printStackTrace();
}
}
}
#!/usr/bin/env python
import time
from pprint import pprint
from zapv2 import ZAPv2
apiKey = 'changeme'
target = 'https://public-firing-range.appspot.com'
zap = ZAPv2(apikey=apiKey, proxies={'http': 'http://127.0.0.1:8080', 'https': 'http://127.0.0.1:8080'})
# TODO : explore the app (Spider, etc) before using the Active Scan API, Refer the explore section
print('Active Scanning target {}'.format(target))
scanID = zap.ascan.scan(target)
while int(zap.ascan.status(scanID)) < 100:
# Loop until the scanner has finished
print('Scan progress %: {}'.format(zap.ascan.status(scanID)))
time.sleep(5)
print('Active Scan completed')
# Print vulnerabilities found by the scanning
print('Hosts: {}'.format(', '.join(zap.core.hosts)))
print('Alerts: ')
pprint(zap.core.alerts(baseurl=target))
# To start the the active scan
$ curl "http://localhost:8080/JSON/ascan/action/scan/?apikey=<ZAP_API_KEY>&url=<TARGET_URL>&recurse=true&inScopeOnly=&scanPolicyName=&method=&postData=&contextId="
# To view the the status of active scan
$ curl "http://localhost:8080/JSON/ascan/view/status/?apikey=<ZAP_API_KEY>&scanId=<SCAN_ID>"
# To view the alerts of active scan
$ curl "http://localhost:8080/JSON/core/view/alerts/?apikey=<ZAP_API_KEY>&baseurl=<TARGET_URL>&start=0&count=10"
# To stop the active scan
$ curl "http://localhost:8080/JSON/ascan/action/stop/?apikey=<ZAP_API_KEY>&scanId=<SCAN_ID>"
The scan endpoint runs the active scanner against the given URL or Context. Optionally, the 'recurse' parameter can be used to scan URLs under the given URL, the parameter 'inScopeOnly' can be used to constrain the scan to URLs that are in scope (ignored if a Context is specified). The parameter 'scanPolicyName' allows to specify the scan policy (if none is given it uses the default scan policy). The parameters 'method' and 'postData' allow to select a given request in conjunction with the given URL.
View advanced settings to learn, how to configure the context, scope, and scan policy with ZAP APIs.
View Status
The status API provides the percentage of scanning done by the active scanner. The scan ID returned via starting the Active Scan should be used to query the status of the scanner.
View Results
Similar to the passive scan results, the active scan results can be viewed using the same alerts endpoint(s). The alerts endpoint(s) will show the consolidated results of Passive and Active Scan.
Stop Active Scanning
Use the stop API to stop a long running active scan. Optionally you can use the stopAllScans endpoints or pause endpoint to stop and pause the active scanning.
It should be noted that active scanning can only find certain types of vulnerabilities. Logical vulnerabilities, such as broken access control, will not be found by any active or automated vulnerability scanning. Manual penetration testing should always be performed in addition to active scanning to find all types of vulnerabilities.
Getting the Results
#!/usr/bin/env python
from zapv2 import ZAPv2
# The URL of the application to be tested
target = 'https://public-firing-range.appspot.com'
# Change to match the API key set in ZAP, or use None if the API key is disabled
apiKey = 'changeMe'
# By default ZAP API client will connect to port 8080
zap = ZAPv2(apikey=apiKey)
# Use the line below if ZAP is not listening on port 8080, for example, if listening on port 8090
# zap = ZAPv2(apikey=apiKey, proxies={'http': 'http://127.0.0.1:8090', 'https': 'http://127.0.0.1:8090'})
# TODO: Check if the scanning has completed
# Retrieve the alerts using paging in case there are lots of them
st = 0
pg = 5000
alert_dict = {}
alert_count = 0
alerts = zap.alert.alerts(baseurl=target, start=st, count=pg)
blacklist = [1,2]
while len(alerts) > 0:
print('Reading ' + str(pg) + ' alerts from ' + str(st))
alert_count += len(alerts)
for alert in alerts:
plugin_id = alert.get('pluginId')
if plugin_id in blacklist:
continue
if alert.get('risk') == 'High':
# Trigger any relevant postprocessing
continue
if alert.get('risk') == 'Informational':
# Ignore all info alerts - some of them may have been downgraded by security annotations
continue
st += pg
alerts = zap.alert.alerts(start=st, count=pg)
print('Total number of alerts: ' + str(alert_count))
public class Alerts {
private static final String ZAP_ADDRESS = "localhost";
private static final int ZAP_PORT = 8080;
// Change to match the API key set in ZAP, or use NULL if the API key is disabled
private static final String ZAP_API_KEY = "change me";
// The URL of the application to be tested
private static final String TARGET = "https://public-firing-range.appspot.com";
private static List<String> blackListPlugins = Arrays.asList("1000", "1025");
public static void main(String[] args) {
ClientApi api = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);
try {
// TODO: Check if the scanning has completed
// Retrieve the alerts using paging in case there are lots of them
int start = 0;
int count = 5000;
int alertCount = 0;
ApiResponse resp = api.alert.alerts(TARGET, String.valueOf(start), String.valueOf(count), null);
while (((ApiResponseList) resp).getItems().size() != 0) {
System.out.println("Reading " + count + " alerts from " + start);
alertCount += ((ApiResponseList) resp).getItems().size();
for (ApiResponse l : (((ApiResponseList) resp).getItems())) {
Map<String, ApiResponse> element = ((ApiResponseSet) l).getValuesMap();
if (blackListPlugins.contains(element.get("pluginId").toString())) {
// TODO: Trigger any relevant postprocessing
} else if ("High".equals(element.get("risk").toString())) {
// TODO: Trigger any relevant postprocessing
} else if ("Informational".equals(element.get("risk").toString())) {
// TODO: Ignore all info alerts - some of them may have been downgraded by security annotations
}
}
start += count;
resp = api.alert.alerts(TARGET, String.valueOf(start), String.valueOf(count), null);
}
System.out.println("Total number of Alerts: " + alertCount);
} catch (Exception e) {
System.out.println("Exception : " + e.getMessage());
e.printStackTrace();
}
}
}
# To view the alerts
$ curl "http://localhost:8080/JSON/alert/view/alerts/?apikey=<ZAP_API_KEY>&baseurl=<BASE_URL>&start=0&count=5000&riskId="
# To view the summary of the alerts
$ curl "http://localhost:8080/JSON/alert/view/alertsSummary/?apikey=<ZAP_API_KEY>baseurl=<BASE_URL>"
# To view alerts by risk category
$ curl "http://localhost:8080/JSON/alert/view/alertsByRisk/?apikey=<ZAP_API_KEY>&url=<BASE_URL>&recurse="
After the scanning (Active/Passive) completes, ZAP provides the security vulnerabilities in the form of alerts. The alerts are categorized into high-priority, medium-priority, low-priority and informational priority risks. The priority indicates the degree of risk associated with each alert. For example, a high priority risk means that the issues listed in that category has more threat or risk potential than a medium-priority alert.
The alerts endpoint provides all the alerts which are identified by ZAP. View the sample code on the right to retrieve the alerts from the alerts endpoint. The results can be used to raise security alerts in the CI/CD pipeline or to trigger any custom workflows.
The alerts summary gets the number of alerts grouped by each risk level and optionally filtering by URL. A Summary report can be also generated using the core module. Use the htmlreport or jsonreport or xmlreport endpoint to generate this summary report. The following image shows the report generated via the HTML report API. The report categories the alerts to risk level and provides a brief description about each alert.
Getting Authenticated
The target application for testing might have a portion of the functionality that is only available for a logged-in user. In order to get full test coverage of the application you need to test the application with a logged-in user as well. Therefore it's very important to understand how to perform authenticated scans with ZAP. ZAP has several means to authenticate your application and keep track of the authentication state. The following are some of the options available for authentication with ZAP.
- Form-based authentication
- Script-based authentication
- JSON-based authentication
- HTTP/NTLM based authentication
The examples below show three authentication workflows. A simple form-based authentication is showcased with the use of the Bodgeit application. The second example shows the script-based authentication using the Damn Vulnerable Web Application(DVWA). The third example shows a more complicated authentication workflow using the JSON and script-based authentication using the OWASP Juice Shop.
General Steps
The following are the general steps when configuring the application authentication with ZAP.
Step 1. Define a context
Contexts are a way of relating a set of URLs together. The URLs are defined as a set of regular expressions (regex). You should include the target application inside the context. The unwanted URLs such as the logout page, password change functionality should be added to the exclude in context section.
Step 2. Set the authentication mechanism
Choose the appropriate login mechanism for your application. If your application supports a simple form-based login, then choose the form-based authentication method. For complex login workflows, you can use the script-based login to define custom authentication workflows.
Step 3. Define your auth parameters
In general, you need to provide the settings on how to communicate to the authentication service of your application. In general, the settings would include the login URL and payload format (username & password). The required parameters will be different for different authentication methods.
Step 4. Set relevant logged in/out indicators
ZAP additionally needs hints to identify whether the application is authenticated or not. To verify the authentication status, ZAP supports logged in/out regexes. These are regex patterns that you should configure to match strings in the responses which indicate if the user is logged in or logged out.
Step 5. Add a valid user and password
Add a user account (an existing user in your application) with valid credentials in ZAP. You can create multiple users if your application exposes different functionality based on user roles. Additionally, you should also set valid session management when configuring the authentication for your application. Currently, ZAP supports cookie-based session management and HTTP authentication based session management.
Step 6. Enable forced user mode (Optional)
Now enable the 
"Forced User Mode disabled - click to enable"
button. Pressing this button will cause ZAP to resend the authentication request whenever it detects that the user is no
longer logged in, ie by using the 'logged in' or 'logged out' indicator. But the forced user mode is ignored for scans that already have a user set.
Form Based Authentication
#!/usr/bin/env python
import urllib.parse
from zapv2 import ZAPv2
context_id = 1
apikey = 'changeMe'
context_name = 'Default Context'
target_url = 'http://localhost:8090/bodgeit'
# By default ZAP API client will connect to port 8080
zap = ZAPv2(apikey=apikey)
# Use the line below if ZAP is not listening on port 8080, for example, if listening on port 8090
# zap = ZAPv2(apikey=apikey, proxies={'http': 'http://127.0.0.1:8090', 'https': 'http://127.0.0.1:8090'})
def set_include_in_context():
exclude_url = 'http://localhost:8090/bodgeit/logout.jsp'
include_url = 'http://localhost:8090/bodgeit.*'
zap.context.include_in_context(context_name, include_url)
zap.context.exclude_from_context(context_name, exclude_url)
print('Configured include and exclude regex(s) in context')
def set_logged_in_indicator():
logged_in_regex = '\Q<a href="logout.jsp">Logout</a>\E'
zap.authentication.set_logged_in_indicator(context_id, logged_in_regex)
print('Configured logged in indicator regex: ')
def set_form_based_auth():
login_url = 'http://localhost:8090/bodgeit/login.jsp'
login_request_data = 'username={%username%}&password={%password%}'
form_based_config = 'loginUrl=' + urllib.parse.quote(login_url) + '&loginRequestData=' + urllib.parse.quote(login_request_data)
zap.authentication.set_authentication_method(context_id, 'formBasedAuthentication', form_based_config)
print('Configured form based authentication')
def set_user_auth_config():
user = 'Test User'
username = '[email protected]'
password = 'weakPassword'
user_id = zap.users.new_user(context_id, user)
user_auth_config = 'username=' + urllib.parse.quote(username) + '&password=' + urllib.parse.quote(password)
zap.users.set_authentication_credentials(context_id, user_id, user_auth_config)
zap.users.set_user_enabled(context_id, user_id, 'true')
zap.forcedUser.set_forced_user(context_id, user_id)
zap.forcedUser.set_forced_user_mode_enabled('true')
print('User Auth Configured')
return user_id
def start_spider(user_id):
zap.spider.scan_as_user(context_id, user_id, target_url, recurse='true')
print('Started Scanning with Authentication')
set_include_in_context()
set_form_based_auth()
set_logged_in_indicator()
user_id_response = set_user_auth_config()
start_spider(user_id_response)
public class FormAuth {
private static final String ZAP_ADDRESS = "localhost";
private static final int ZAP_PORT = 8080;
private static final String ZAP_API_KEY = null;
private static final String contextId = "1";
private static final String contextName = "Default Context";
private static final String target = "http://localhost:8090/bodgeit";
private static void setIncludeAndExcludeInContext(ClientApi clientApi) throws UnsupportedEncodingException, ClientApiException {
String includeInContext = "http://localhost:8090/bodgeit.*";
String excludeInContext = "http://localhost:8090/bodgeit/logout.jsp";
clientApi.context.includeInContext(contextName, includeInContext);
clientApi.context.excludeFromContext(contextName, excludeInContext);
}
private static void setLoggedInIndicator(ClientApi clientApi) throws UnsupportedEncodingException, ClientApiException {
// Prepare values to set, with the logged in indicator as a regex matching the logout link
String loggedInIndicator = "<a href=\"logout.jsp\">Logout</a>";
// Actually set the logged in indicator
clientApi.authentication.setLoggedInIndicator(contextId, java.util.regex.Pattern.quote(loggedInIndicator));
// Check out the logged in indicator that is set
System.out.println("Configured logged in indicator regex: "
+ ((ApiResponseElement) clientApi.authentication.getLoggedInIndicator(contextId)).getValue());
}
private static void setFormBasedAuthenticationForBodgeit(ClientApi clientApi) throws ClientApiException,
UnsupportedEncodingException {
// Setup the authentication method
String loginUrl = "http://localhost:8090/bodgeit/login.jsp";
String loginRequestData = "username={%username%}&password={%password%}";
// Prepare the configuration in a format similar to how URL parameters are formed. This
// means that any value we add for the configuration values has to be URL encoded.
StringBuilder formBasedConfig = new StringBuilder();
formBasedConfig.append("loginUrl=").append(URLEncoder.encode(loginUrl, "UTF-8"));
formBasedConfig.append("&loginRequestData=").append(URLEncoder.encode(loginRequestData, "UTF-8"));
System.out.println("Setting form based authentication configuration as: "
+ formBasedConfig.toString());
clientApi.authentication.setAuthenticationMethod(contextId, "formBasedAuthentication",
formBasedConfig.toString());
// Check if everything is set up ok
System.out
.println("Authentication config: " + clientApi.authentication.getAuthenticationMethod(contextId).toString(0));
}
private static String setUserAuthConfigForBodgeit(ClientApi clientApi) throws ClientApiException, UnsupportedEncodingException {
// Prepare info
String user = "Test User";
String username = "[email protected]";
String password = "weakPassword";
// Make sure we have at least one user
String userId = extractUserId(clientApi.users.newUser(contextId, user));
// Prepare the configuration in a format similar to how URL parameters are formed. This
// means that any value we add for the configuration values has to be URL encoded.
StringBuilder userAuthConfig = new StringBuilder();
userAuthConfig.append("username=").append(URLEncoder.encode(username, "UTF-8"));
userAuthConfig.append("&password=").append(URLEncoder.encode(password, "UTF-8"));
System.out.println("Setting user authentication configuration as: " + userAuthConfig.toString());
clientApi.users.setAuthenticationCredentials(contextId, userId, userAuthConfig.toString());
clientApi.users.setUserEnabled(contextId, userId, "true");
clientApi.forcedUser.setForcedUser(contextId, userId);
clientApi.forcedUser.setForcedUserModeEnabled(true);
// Check if everything is set up ok
System.out.println("Authentication config: " + clientApi.users.getUserById(contextId, userId).toString(0));
return userId;
}
private static String extractUserId(ApiResponse response) {
return ((ApiResponseElement) response).getValue();
}
private static void scanAsUser(ClientApi clientApi, String userId) throws ClientApiException {
clientApi.spider.scanAsUser(contextId, userId, target, null, "true", null);
}
/**
* The main method.
*
* @param args the arguments
* @throws ClientApiException
* @throws UnsupportedEncodingException
*/
public static void main(String[] args) throws ClientApiException, UnsupportedEncodingException {
ClientApi clientApi = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);
setIncludeAndExcludeInContext(clientApi);
setFormBasedAuthenticationForBodgeit(clientApi);
setLoggedInIndicator(clientApi);
String userId = setUserAuthConfigForBodgeit(clientApi);
scanAsUser(clientApi, userId);
}
}
# To include in default context
curl 'http://localhost:8080/JSON/context/action/includeInContext/?contextName=Default+Context®ex=http%3A%2F%2Flocalhost%3A8090%2Fbodgeit.*'
# Set login details (URL Encoded)
curl 'http://localhost:8080/JSON/authentication/action/setAuthenticationMethod/?contextId=1&authMethodName=formBasedAuthentication&authMethodConfigParams=loginUrl%3Dhttp%3A%2F%2Flocalhost%3A8090%2Fbodgeit%2Flogin.jsp%26loginRequestData%3Dusername%253D%257B%2525username%2525%257D%2526password%253D%257B%2525password%2525%257D'
# To set the login indicator
curl 'http://localhost:8080/JSON/authentication/action/setLoggedInIndicator/?contextId=1&loggedInIndicatorRegex=%5CQ%3Ca+href%3D%22logout.jsp%22%3ELogout%3C%2Fa%3E%5CE'
# To create a user (The first user id is: 0)
curl 'http://localhost:8080/JSON/users/action/newUser/?contextId=1&name=Test+User'
# To add the credentials for the user
curl 'http://localhost:8080/JSON/users/action/setAuthenticationCredentials/?contextId=1&userId=0&authCredentialsConfigParams=username%3Dtest%40example.com%26password%3DweakPassword'
# To enable the user
curl 'http://localhost:8080/JSON/users/action/setUserEnabled/?contextId=1&userId=0&enabled=true'
# To set forced user
curl 'http://localhost:8080/JSON/forcedUser/action/setForcedUser/?contextId=1&userId=0'
# To enable forced user mode
curl 'http://localhost:8080/JSON/forcedUser/action/setForcedUserModeEnabled/?boolean=true'
The following example performs a simple form-based authentication using the Bodgeit vulnerable application. It's recommended that you configure the authentication via the desktop UI before attempting the APIs.
Setup Target Application
Bodgeit uses a simple form-based authentication to authenticate the users to the application. Use the following command
to start a docker instance of the Bodgeit application: docker run --rm -p 8090:8080 -i -t psiinon/bodgeit
Register a User
Register a user in the application by navigating to the following URL: http://localhost:8090/bodgeit/register.jsp. For the purpose of this example, use the following credentials.
- username: [email protected]
- password: weakPass
Login
After registering the user, browse (proxied via ZAP) to the following URL (http://localhost:8090/bodgeit/login.jsp),
and log in to the application. When you log in to the application, the request will be added to the History tab in ZAP.
Search for the POST request to the following URL: http://localhost:8090/bodgeit/login.jsp.
Right-click on the post request, and select Flag as Context -> Default Context : Form based Login Request option. This will
open the context authentication editor. You can notice it has auto-selected the form-based authentication, auto-filled the login URL, and the post data.
Select the correct form parameter as the username and password in the dropdown and click Ok.
Now you need to inform ZAP whether the application is logged in or out. The Bodgeit application includes the logout URL
<a href="logout.jsp">Logout</a> as the successful response. You can view this by navigating to the response tab of the login request.
Highlight the text and right click and select the Flag as Context -> Default Context, Loggedin Indicator option. This will autofill
the regex needed for the login indicator. The following image shows the completed set up for the authentication tab of the context menu.
Now let's add the user credentials by going to the context -> users -> Add section. After adding the credentials, enable
the "Forced User"
mode in the desktop UI to forcefully authenticate the user prior to the testing of the application.
Now let's test the authentication by performing an authenticated Spidering with ZAP. To accomplish this, go to the Spider and select the default
context and the test user to perform the authentication. After this, you should see the Spider crawling all the protected resources.
Steps to Reproduce via API
If you have configured the authentication via the desktop UI, then export the context and import it using the importContext API. Otherwise follow the steps below to configure the authentication setting for the context.
Include in Context
In order to proceed with authentication, the URL of the application should be added to the context. As Bodgeit is available via http://localhost:8090/bodgeit use the includeInContext API to add the URL to a context.
Set Authentication Method
Use the setAuthenticationMethod to set up the authentication method and
the configuration parameters. The setAuthenticationMethod takes contextId, authMethodName, and authMethodConfigParams as
parameters. As Bodgeit uses the form-based authentication, use formBasedAuthentication for the authMethodName and use the contextID
from Step 1 as the contextId parameter.
The authMethodConfigParams requires the loginUrl and loginRequestData. Therefore you should set the values to authMethodConfigParams in the following format:
authMethodConfigParams : loginUrl=http://localhost:8090/bodgeit/login.jsp&loginRequestData=username%3D%7B%25username%25%7D%26password%3D%7B%25password%25%7D
The values for authMethodConfigParams parameters must be URL encoded, in this case loginRequestData is username={%username%}&password={%password%}.
Set Login and Logout Indicators
Use the setLoggedOutIndicator to set the logout indicators of the application.
The Following is the regex command to match the successful response with the Bodgeit application.
\Q<a href=\"logout.jsp\"></a>\E
Create User and Enable Forced User Mode
Now add the user credentials via the setAuthenticationCredentials API and use the SetForcedUserModeEnabled to enable the forced user mode in ZAP.
Script Based Authentication
#!/usr/bin/env python
import urllib.parse
from zapv2 import ZAPv2
context_id = 1
apikey = 'changeMe'
context_name = 'Default Context'
target_url = 'http://localhost:3000'
# By default ZAP API client will connect to port 8080
zap = ZAPv2(apikey=apikey)
# Use the line below if ZAP is not listening on port 8080, for example, if listening on port 8090
# zap = ZAPv2(apikey=apikey, proxies={'http': 'http://127.0.0.1:8090', 'https': 'http://127.0.0.1:8090'})
def set_include_in_context():
include_url = 'http://localhost:3000.*'
zap.context.include_in_context(context_name, include_url)
zap.context.exclude_from_context(context_name, '\\Qhttp://localhost:3000/login.php\\E')
zap.context.exclude_from_context(context_name, '\\Qhttp://localhost:3000/logout.php\\E')
zap.context.exclude_from_context(context_name, '\\Qhttp://localhost:3000/setup.php\\E')
zap.context.exclude_from_context(context_name, '\\Qhttp://localhost:3000/security.php\\E')
print('Configured include and exclude regex(s) in context')
def set_logged_in_indicator():
logged_in_regex = "\\Q<a href=\"logout.php\">Logout</a>\\E"
logged_out_regex = "(?:Location: [./]*login\\.php)|(?:\\Q<form action=\"login.php\" method=\"post\">\\E)"
zap.authentication.set_logged_in_indicator(context_id, logged_in_regex)
zap.authentication.set_logged_out_indicator(context_id, logged_out_regex)
print('Configured logged in indicator regex ')
def set_script_based_auth():
post_data = "username={%username%}&password={%password%}" + "&Login=Login&user_token={%user_token%}"
post_data_encoded = urllib.parse.quote(post_data)
login_request_data = "scriptName=auth-dvwa.js&Login_URL=http://localhost:3000/login.php&CSRF_Field=user_token" \
"&POST_Data=" + post_data_encoded
zap.authentication.set_authentication_method(context_id, 'scriptBasedAuthentication', login_request_data)
print('Configured script based authentication')
def set_user_auth_config():
user = 'Administrator'
username = 'admin'
password = 'password'
user_id = zap.users.new_user(context_id, user)
user_auth_config = 'Username=' + urllib.parse.quote(username) + '&Password=' + urllib.parse.quote(password)
zap.users.set_authentication_credentials(context_id, user_id, user_auth_config)
zap.users.set_user_enabled(context_id, user_id, 'true')
zap.forcedUser.set_forced_user(context_id, user_id)
zap.forcedUser.set_forced_user_mode_enabled('true')
print('User Auth Configured')
return user_id
def upload_script():
script_name = 'auth-dvwa.js'
script_type = 'authentication'
script_engine = 'Oracle Nashorn'
file_name = '/tmp/auth-dvwa.js'
charset = 'UTF-8'
zap.script.load(script_name, script_type, script_engine, file_name, charset=charset)
def start_spider(user_id):
zap.spider.scan_as_user(context_id, user_id, target_url, recurse='true')
print('Started Scanning with Authentication')
set_include_in_context()
upload_script()
set_script_based_auth()
set_logged_in_indicator()
user_id_response = set_user_auth_config()
start_spider(user_id_response)
public class ScriptAuth {
private static final String ZAP_ADDRESS = "localhost";
private static final int ZAP_PORT = 8080;
private static final String ZAP_API_KEY = null;
private static final String contextId = "1";
private static final String contextName = "Default Context";
private static final String target = "http://localhost:3000";
private static void setIncludeAndExcludeInContext(ClientApi clientApi) throws UnsupportedEncodingException, ClientApiException {
String includeInContext = "http://localhost:3000.*";
clientApi.context.includeInContext(contextName, includeInContext);
clientApi.context.excludeFromContext(contextName, "\\Qhttp://localhost:3000/login.php\\E");
clientApi.context.excludeFromContext(contextName, "\\Qhttp://localhost:3000/logout.php\\E");
clientApi.context.excludeFromContext(contextName, "\\Qhttp://localhost:3000/setup.php\\E");
clientApi.context.excludeFromContext(contextName, "\\Qhttp://localhost:3000/security.php\\E");
}
private static void setLoggedInIndicator(ClientApi clientApi) throws UnsupportedEncodingException, ClientApiException {
// Prepare values to set, with the logged in indicator as a regex matching the logout link
String loggedInIndicator = "\\Q<a href=\"logout.php\">Logout</a>\\E";
String loggedOutIndicator = "(?:Location: [./]*login\\.php)|(?:\\Q<form action=\"login.php\" method=\"post\">\\E)";
// Actually set the logged in indicator
clientApi.authentication.setLoggedInIndicator( contextId, loggedInIndicator);
clientApi.authentication.setLoggedOutIndicator( contextId, loggedOutIndicator);
// Check out the logged in indicator that is set
System.out.println("Configured logged in indicator regex: "
+ ((ApiResponseElement) clientApi.authentication.getLoggedInIndicator(contextId)).getValue());
}
private static void setScriptBasedAuthenticationForDVWA(ClientApi clientApi) throws ClientApiException,
UnsupportedEncodingException {
String postData = "username={%username%}&password={%password%}" + "&Login=Login&user_token={%user_token%}";
String postDataEncode = URLEncoder.encode(postData, "UTF-8");
String sb = ("scriptName=auth-dvwa.js&Login_URL=http://localhost:3000/login.php&CSRF_Field=user_token&")
.concat("POST_Data=").concat(postDataEncode);
clientApi.authentication.setAuthenticationMethod(contextId, "scriptBasedAuthentication", sb.toString());
System.out.println("Authentication config: " + clientApi.authentication.getAuthenticationMethod(contextId).toString(0));
}
private static String setUserAuthConfigForDVWA(ClientApi clientApi) throws ClientApiException, UnsupportedEncodingException {
// Prepare info
String user = "Admin";
String username = "admin";
String password = "password";
// Make sure we have at least one user
String userId = extractUserId(clientApi.users.newUser(contextId, user));
// Prepare the configuration in a format similar to how URL parameters are formed. This
// means that any value we add for the configuration values has to be URL encoded.
StringBuilder userAuthConfig = new StringBuilder();
userAuthConfig.append("Username=").append(URLEncoder.encode(username, "UTF-8"));
userAuthConfig.append("&Password=").append(URLEncoder.encode(password, "UTF-8"));
System.out.println("Setting user authentication configuration as: " + userAuthConfig.toString());
clientApi.users.setAuthenticationCredentials(contextId, userId, userAuthConfig.toString());
clientApi.users.setUserEnabled(contextId, userId, "true");
clientApi.forcedUser.setForcedUser(contextId, userId);
clientApi.forcedUser.setForcedUserModeEnabled(true);
// Check if everything is set up ok
System.out.println("Authentication config: " + clientApi.users.getUserById(contextId, userId).toString(0));
return userId;
}
private static void uploadScript(ClientApi clientApi) throws ClientApiException {
String script_name = "auth-dvwa.js";
String script_type = "authentication";
String script_engine = "Oracle Nashorn";
String file_name = "/tmp/auth-dvwa.js";
clientApi.script.load(script_name, script_type, script_engine, file_name, null);
}
private static String extractUserId(ApiResponse response) {
return ((ApiResponseElement) response).getValue();
}
private static void scanAsUser(ClientApi clientApi, String userId) throws ClientApiException {
clientApi.spider.scanAsUser(contextId, userId, target, null, "true", null);
}
/**
* The main method.
*
* @param args the arguments
* @throws ClientApiException
* @throws UnsupportedEncodingException
*/
public static void main(String[] args) throws ClientApiException, UnsupportedEncodingException {
ClientApi clientApi = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);
uploadScript(clientApi);
setIncludeAndExcludeInContext(clientApi);
setScriptBasedAuthenticationForDVWA(clientApi);
setLoggedInIndicator(clientApi);
String userId = setUserAuthConfigForDVWA(clientApi);
scanAsUser(clientApi, userId);
}
}
# To add in default context
curl 'http://localhost:8080/JSON/context/action/includeInContext/?contextName=Default+Context®ex=http%3A%2F%2Flocalhost%3A3000.*'
# To add exclude in context
curl 'http://localhost:8080/JSON/context/action/excludeFromContext/?contextName=Default+Context®ex=%5CQhttp%3A%2F%2Flocalhost%3A3000%2Flogout.php%5CE'
# To upload the script
curl 'http://localhost:8080/JSON/script/action/load/?scriptName=auth-dvwa.js&scriptType=authentication&scriptEngine=Oracle+Nashorn&fileName=%2Ftmp%2Fauth-dvwa.js&scriptDescription=&charset='
# To set up authentication information
curl 'http://localhost:8080/JSON/authentication/action/setAuthenticationMethod/?contextId=1&authMethodName=scriptBasedAuthentication&authMethodConfigParams=scriptName%3Dauth-dvwa.js%26Login_URL%3Dhttp%3A%2F%2Flocalhost%3A3000%2Flogin.php%26CSRF_Field%3Duser_token%26POST_Data%3Dusername%253D%257B%2525username%2525%257D%2526password%253D%257B%2525password%2525%257D%2526Login%253DLogin%2526user_token%253D%257B%2525user_token%2525%257D'
# To set the login indicator
curl 'http://localhost:8080/JSON/authentication/action/setLoggedInIndicator/?contextId=1&loggedInIndicatorRegex=%5CQ%3Ca+href%3D%5C%22logout.php%5C%22%3ELogout%3C%2Fa%3E%5CE'
# To set logged out indicator
curl 'http://localhost:8080/JSON/authentication/action/setLoggedOutIndicator/?contextId=1&loggedOutIndicatorRegex=%28%3F%3ALocation%3A+%5B.%2F%5D*login%5C.php%29%7C%28%3F%3A%5CQ%3Cform+action%3D%22login.php%22+method%3D%22post%22%3E%5CE%29'
# To create a user (The first user id is: 0)
curl 'http://localhost:8080/JSON/users/action/newUser/?contextId=1&name=Test+User'
# To add the credentials for the user
curl 'http://localhost:8080/JSON/users/action/setAuthenticationCredentials/?contextId=1&userId=0&authCredentialsConfigParams=Username%3Dadmin%26Password%3Dpassword'
# To enable the user
curl 'http://localhost:8080/JSON/users/action/setUserEnabled/?contextId=1&userId=0&enabled=true'
# To set forced user
curl 'http://localhost:8080/JSON/forcedUser/action/setForcedUser/?contextId=1&userId=0'
# To enable forced user mode
curl 'http://localhost:8080/JSON/forcedUser/action/setForcedUserModeEnabled/?boolean=true'
ZAP has scripting support for most of the popular languages. The following are some of the scripting languages supported by ZAP.
- JavaScript
- Python
- Ruby
- Groovy
- Zest
ZAP has an Add-on Marketplace where you can get add-ons for additional scripting engines. Click the red, blue, & green box stacked icon in ZAP to bring up the marketplace modal. After it pops up, switch to the Marketplace and install the appropriate scripting engine.
The following example performs a script based authentication for the Damn Vulnerable Web Application. Similar to the
Bodgeit example DVWA also uses POST request to authenticate the users. But apart from username and password DVWA sends an
additional token to protect against the Cross-Site request forgery attacks. This token is obtained from the landing page.
The following image shows the embedded token in the login page.
If the token is not included with the login script as a POST parameter, the request will be rejected. In order to send this token, lets use the script based authentication technique. The authentication script will parse the HTML content and extract the token and append it in the POST request.
Setup Target Application
Use the following docker command to start the DVWA. In order to fully complete the setup you need to login (http://localhost:3000) to the application and press the configure button. Use the default credentials of the application to login and finish the setup (Username: admin, Password: password).
docker run --rm -it -p 3000:80 vulnerables/web-dvwa
Create the Script
Go to the Scripts tab and create a new Authentication script. Provide a name to the script and select
JavaScript/Nashorn as the engine and replace the script contents with the following script.
Configure Context Authentication
Now navigate to http://localhost:3000 and add the URL to the default context. Then double click on the default context and select the script-based authentication as the authentication method. Now load the script from the drop down provided and the following parameter values.
- Login URL:
http://localhost:3000/login.php - CSRF Field:
user_token - POST Data:
username={%username%}&password={%password%}&Login=Login&user_token={%user_token%} - Logged in regex:
\Q<a href="logout.php">Logout</a>\E - Logged out regex:
(?:Location: [./]*login\.php)|(?:\Q<form action="login.php" method="post">\E)
Now add the default admin user to the users tab and enable the user.
- User Name:
Administrator - Username:
admin - Password:
password
As the login operation is performed by the script lets add the login URL as out of context. Additionally you should add pages which will disrupt the login process to out of context. For example, by not excluding the logout URL, the Spider will trigger unwanted logouts (ex.: logoff/password change, etc.). Therefore, add the following regex(s) to the "Exclude from Context" tab.
\Qhttp://localhost:3000/login.php\E\Qhttp://localhost:3000/logout.php\E\Qhttp://localhost:3000/setup.php\E\Qhttp://localhost:3000/security.php\E
Now you can enable the forced user mode and start the Spider or manually select the admin user for the Spider scan. If you have selected the forced user mode and also manually selected a user; then the manually selected user/context will supersede the forced user mode. After this you should see the Spider crawling all the protected resources. The authentication results will be available through the Output panel and you can also select the login POST request in the History tab to verify the token has been sent to the application.
Steps to Reproduce via API
Use the scripts endpoint to upload the script file. Thereafter the configurations are very similar to the form based authentication with the Bodgeit application. Use the includeInContext API to add the URL to the default context and use the setAuthenticationMethod to setup the authentication method and the configuration parameters. Finally use the users API to create the admin user. Refer the script in the right column on how to use the above APIs.
JSON Based Authentication
#!/usr/bin/env python
import urllib.parse
from zapv2 import ZAPv2
context_id = 1
apiKey = 'changeMe'
context_name = 'Default Context'
target_url = 'http://localhost:3000'
# By default ZAP API client will connect to port 8080
zap = ZAPv2(apikey=apiKey)
# Use the line below if ZAP is not listening on port 8080, for example, if listening on port 8090
# zap = ZAPv2(apikey=apiKey, proxies={'http': 'http://127.0.0.1:8090', 'https': 'http://127.0.0.1:8090'})
def set_include_in_context():
include_url = 'http://localhost:3000.*'
zap.context.include_in_context(context_name, include_url)
print('Configured include and exclude regex(s) in context')
def set_logged_in_indicator():
logged_in_regex = '\Q<a href="logout.php">Logout</a>\E'
logged_out_regex = '(?:Location: [./]*login\.php)|(?:\Q<form action="login.php" method="post">\E)'
zap.authentication.set_logged_in_indicator(context_id, logged_in_regex)
zap.authentication.set_logged_out_indicator(context_id, logged_out_regex)
print('Configured logged in indicator regex: ')
def set_json_based_auth():
login_url = "http://localhost:3000/rest/user/login"
login_request_data = 'email={%username%}&password={%password%}'
json_based_config = 'loginUrl=' + urllib.parse.quote(login_url) + '&loginRequestData=' + urllib.parse.quote(login_request_data)
zap.authentication.set_authentication_method(context_id, 'jsonBasedAuthentication', json_based_config)
print('Configured form based authentication')
def set_user_auth_config():
user = 'Test User'
username = '[email protected]'
password = 'testtest'
user_id = zap.users.new_user(context_id, user)
user_auth_config = 'username=' + urllib.parse.quote(username) + '&password=' + urllib.parse.quote(password)
zap.users.set_authentication_credentials(context_id, user_id, user_auth_config)
def add_script():
script_name = 'jwtScript.js'
script_type = 'httpsender'
script_engine = 'Oracle Nashorn'
file_name = '/tmp/jwtScript.js'
zap.script.load(script_name, script_type, script_engine, file_name)
set_include_in_context()
add_script()
set_json_based_auth()
set_logged_in_indicator()
set_user_auth_config()
public class JSONAuth {
private static final String ZAP_ADDRESS = "localhost";
private static final int ZAP_PORT = 8090;
private static final String ZAP_API_KEY = null;
private static final String contextId = "1";
private static final String target = "http://localhost:3000";
private static void setJSONBasedAuthentication(ClientApi clientApi) throws ClientApiException, UnsupportedEncodingException {
String loginUrl = "http://localhost:3000/rest/user/login";
String loginRequestData = "username={%username%}&password={%password%}";
// Prepare the configuration in a format similar to how URL parameters are formed. This
// means that any value we add for the configuration values has to be URL encoded.
StringBuilder jsonBasedConfig = new StringBuilder();
jsonBasedConfig.append("loginUrl=").append(URLEncoder.encode(loginUrl, "UTF-8"));
jsonBasedConfig.append("&loginRequestData=").append(URLEncoder.encode(loginRequestData, "UTF-8"));
System.out.println("Setting JSON based authentication configuration as: " + jsonBasedConfig.toString());
clientApi.authentication.setAuthenticationMethod(contextId, "jsonBasedAuthentication", jsonBasedConfig.toString());
// Check if everything is set up ok
System.out.println("Authentication config: " + clientApi.authentication.getAuthenticationMethod(contextId).toString(0));
}
private static String setUserAuthConfig(ClientApi clientApi) throws ClientApiException, UnsupportedEncodingException {
// Prepare info
String user = "Test User";
String username = "[email protected]";
String password = "testtest";
// Make sure we have at least one user
String userId = extractUserId(clientApi.users.newUser(contextId, user));
// Prepare the configuration in a format similar to how URL parameters are formed. This
// means that any value we add for the configuration values has to be URL encoded.
StringBuilder userAuthConfig = new StringBuilder();
userAuthConfig.append("username=").append(URLEncoder.encode(username, "UTF-8"));
userAuthConfig.append("&password=").append(URLEncoder.encode(password, "UTF-8"));
System.out.println("Setting user authentication configuration as: " + userAuthConfig.toString());
clientApi.users.setAuthenticationCredentials(contextId, userId, userAuthConfig.toString());
clientApi.users.setUserEnabled(contextId, userId, "true");
clientApi.forcedUser.setForcedUser(contextId, userId);
clientApi.forcedUser.setForcedUserModeEnabled(true);
// Check if everything is set up ok
System.out.println("Authentication config: " + clientApi.users.getUserById(contextId, userId).toString(0));
return userId;
}
private static void addScript(ClientApi clientApi) throws ClientApiException {
String script_name = "jwtScript.js";
String script_type = "httpsender";
String script_engine = "Oracle Nashorn";
String file_name = "/tmp/authscript.js";
clientApi.script.load(script_name, script_type, script_engine, file_name, null);
}
private static void scanAsUser(ClientApi clientApi, String userId) throws ClientApiException {
clientApi.spider.scanAsUser(contextId, userId, target, null, "true", null);
}
private static String extractUserId(ApiResponse response) {
return ((ApiResponseElement) response).getValue();
}
/**
* The main method.
*
* @param args the arguments
* @throws ClientApiException
* @throws UnsupportedEncodingException
*/
public static void main(String[] args) throws ClientApiException, UnsupportedEncodingException {
ClientApi clientApi = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);
addScript(clientApi);
setJSONBasedAuthentication(clientApi);
String userId = setUserAuthConfig(clientApi);
scanAsUser(clientApi, userId);
}
}
# To add the script
curl 'http://localhost:8080/JSON/script/action/load/?scriptName=authscript.js&scriptType=authentication&scriptEngine=Oracle+Nashorn&fileName=%2Ftmp%2Fauthscript.js&scriptDescription=&charset=UTF-8'
# To set up authentication information
curl 'http://localhost:8080/JSON/authentication/action/setAuthenticationMethod/?contextId=1&authMethodName=scriptBasedAuthentication&authMethodConfigParams=scriptName%3Dauthscript.js%26Login+URL%3Dhttp%3A%2F%2Flocalhost%3A3000%2Flogin.php%26CSRF+Field%3Duser_token%26POST+Data%3Dusername%3D%7B%25username%25%7D%26password%3D%7B%25password%25%7D%26Login%3DLogin%26user_token%3D%7B%25user_token%25%7D'
# To set the login indicator
curl 'http://localhost:8080/JSON/authentication/action/setLoggedInIndicator/?contextId=1&loggedInIndicatorRegex=%5CQ%3Ca+href%3D%22logout.jsp%22%3ELogout%3C%2Fa%3E%5CE'
# To create a user (The first user id is: 0)
curl 'http://localhost:8080/JSON/users/action/newUser/?contextId=1&name=Test+User'
# To add the credentials for the user
curl 'http://localhost:8080/JSON/users/action/setAuthenticationCredentials/?contextId=1&userId=0&authCredentialsConfigParams=username%3Dtest%40example.com%26password%3DweakPassword'
# To enable the user
curl 'http://localhost:8080/JSON/users/action/setUserEnabled/?contextId=1&userId=0&enabled=true'
# To set forced user
curl 'http://localhost:8080/JSON/forcedUser/action/setForcedUser/?contextId=1&userId=0'
# To enable forced user mode
curl 'http://localhost:8080/JSON/forcedUser/action/setForcedUserModeEnabled/?boolean=true'
The following example performs a script based authentication for the OWASP Juice Shop. Juice Shop is a modern application and it contrary to the previous examples the protected resources are accessed by sending an authorization header(JSON web token).
Setup Target Application
Use the following docker command to start the OWASP Juice Shop.
docker run -d -p 3000:3000 bkimminich/juice-shop
Register User
Register a user in the application by navigating to the following URL: http://localhost:3000/#/register. For the purpose of this example, use the following information.
- Email: [email protected]
- Password: testtest
- Security Question: Select Your eldest siblings middle name (enter any text)
Login
After registering the user, browse (proxied via ZAP) to the following URL (http://localhost:3000/#/login)
and login to the application. When you login to the application the request will be added to the History tab in ZAP.
Search for the POST request to the following URL: http://localhost:3000/rest/user/login.
Right-click on the POST request, and select Flag as Context -> Default Context : JSON-based Auth Login Request option. This will open the context authentication editor.
You can notice it has auto selected the JSON-based authentication, auto-filled the login URL and the post data.
Select the correct JSON attribute as the username and password in the dropdown and click Ok. The following image shows the completed setup for the authentication tab of the context menu.
Exit the context editor and go back to the login request. You will notice in the login response headers there is no set cookie. In the response body you will find the response data.
The request that follows is GET http://localhost:3000/rest/user/whoami which you will notice has a header called Authorization
which uses the token from the response body of the login request. In body of the response, you should see some info about your
user: {"user":{"id":1,"email":"[email protected]"}}. If you visit that url directly, with your browser, the content of the page is
{"user":{}} - the Authorization header is not added to request and it is not authenticated.
This request is initiated as a client side AJAX request using a spec called JWT. Currently ZAP doesn't have a notion of the Authorization header for sessions so this is where ZAPs scripting engine will come into play! With ZAP's scripting engine, we can easily add to or augment it's functionality.
Add the Script
Now in the left sidebar next to the Sites click + to add Scripts. This will bring into focus in the sidebar. Drill into
Scripting > Scripts > HTTP Sender. Then right click on the HTTP Sender and with that context menu click New Script. Name
the script jwtScript.js and set the Script Engine to ECMAScript (do not check the box that says enable).
Now that we have that script setup, let's test it out! Go ahead and visit the login page http://localhost:3000/#/login
with the browser launched with ZAP and use your test account to login. After you login, back in ZAP in the Script Console
tab you should see a message that says Capturing token for JWT.
Now visit http://localhost:3000/rest/user/whoami directly in the browser and you will see you get JSON data with the
user {"user":{"id":9,"email":"[email protected]"}}! Back in the Script Console you will see the script went ahead and added the header!
Now that we have a script ensuring we have the right headers & cookies for authentication, let's go ahead and try spidering the application again! So let's use the same settings we used earlier from the AJAX Spider Settings. Once the scan starts, check out the browser running the scan - you'll notice the user is logged in! (Logout & Your Basket links visible). Now the AJAX Spider will pick up some new paths that it couldn't find before!
Steps to Reproduce via API
Use the scripts endpoint to add the script file. Thereafter the configurations are very similar to the form based authentication
with the Bodgeit application. Use the includeInContext API to add the URL to the default context
and use the setAuthenticationMethod to setup the authentication method and
the configuration parameters. Finally use the users API to create the admin user. Refer the script in the right column
on how to use the above APIs.
Advanced Settings
The following section shows advanced configurations of the APIs.
Spider Settings
The following image shows the advanced configurations tab of Spider in the desktop UI.
Use the setOptionMaxDepth API to set the maximum depth the spider can crawl, where 0 refers to unlimited depth. The setOptionMaxChildren API sets the maximum number of child nodes (per node) that can be crawled, where 0 means no limit. The setOptionMaxDuration API can be used to set the maximum duration the Spider will run. Use the setOptionMaxParseSizeBytes API to limit the amount of data parsed by the spider. This allows the spider to skip big responses/files.
View the Spider section in the API Catalogue for additional APIs.
Ajax Spider Settings
The following image shows the advanced configurations tab of Ajax Spider in the desktop UI.
Similar to the Spider API, the Ajax spider also provides APIs to set the maximum depth, crawl state, and maximum duration.
Passive Scan Settings
The scanning rules can be enabled/disabled using the enableScanners and disableScanners APIs. Also use the setScanOnlyInScope API to limit the passive scanning to a scope. View the advanced section to learn how to configure a context or scope using ZAP APIs.
Passive scanning can also be used to automatically add tags and raise alerts for potential issues. A set of rules for automatic tagging are provided by default. These can be changed, deleted or added to via the Options Passive Scan Tags Screen.
Active Scan Settings
General Options
The general options for Active Scan can be configured using the options tab in the desktop UI shown below.
Use the setOptionMaxScanDurationInMins API to limit the duration of scan and setOptionMaxRuleDurationInMins API to limit the time of individual active scan rules. This can be used to prevent rules from running for an excessive amount of time.
Use the setOptionHostPerScan API to set the maximum number of hosts that will be scanned at the same time. Furthermore, use the setOptionThreadPerHost API to set the number of threads the scanner will use per host. Increasing both of these values will reduce the active scanning time but this may put extra strain on the server ZAP is running on.
Use the setOptionDelayInMs API to delay each request from ZAP in milliseconds. Setting this to a non zero value will increase the time an active scan takes, but will put less of a strain on the target host. View the Active Scan section in the API Catalogue for additional information regarding the APIs.
Input Vectors
Input vectors refers to the elements that Active Scan will target. Specifying the exact elements to target will improve the scanning time and accuracy of the results. For example, for the following configuration the optionTargetParamsInjectable and optionTargetParamsEnabledRPC will yield the results of 11 and 39. The numbers can be deconstructed in the following manner:
- 1+2+8 = 11 [Query String(1), Post Data(2), HTTP Headers(8)]
- 1+2+4+32 = 39 [Multipart (1), XML (2), JSON (4), DWR (32)]
Thus, to change the values of Injectable targets and Input Vector Handlers calculate the exact values and
use the setoptiontargetparamsinjectable and setoptiontargetparamsenabledrpc APIs accordingly.
The Add URL query parameter option under the Injectable Tragets sets whether or not the active scanner should add a query param
to GET requests which do not have parameters to start with. This option can be enabled using the setoptionaddqueryparam API.
Technology
The Technology tab allows you to specify which types of technologies to scan. Un-selecting technologies that you know are not present in the target application may speed up the scan, as rules which target that technology can skip those tests. For an example, if the target web application does not have a database then removing it will increase the performance of the Active Scan.
Use the includeContextTechnologies and excludeContextTechnologies API endpoints to include and exclude the technology list from the context.
Policy
A scan policy defines exactly which rules are run as part of an active scan. It also defines how these rules run influencing how many requests are made and how likely potential issues are to be flagged. You can define as many scan policies as you like and select the most appropriate one when you start the scan via the Active Scan.
The Policy tab shown in the above image allows you to override any of the settings specified in the selected scan policy.
Contributions Welcome!
Contributions are welcome! There are many ways you can contribute to OWASP ZAP, both as a user and as a developer.
1. Creating High-level API/Automation Docs
Create high level docs or example guides on how to use the APIs to perform any action/view with ZAP.
The source files for the ZAP API documentation is hosted on GitHub. The repository is available at Github.
The source files are in Markdown (md) format.
2. REST API Documentation
ZAP's rest API is documented using the OpenAPI specification. The specification could be improved by enhancing the description of parameters/ results/ data types etc. The open API specification is available via GitHub.
3. Feature Documentation
Feature documentation related to ZAP is available on ZAP wiki, ZAP user guide, and ZAP extensions repositories.
How to Contribute
The ZAP API documentation is developed according to the docs as code philosophy. The most direct and effective way to contribute to the docs is to submit a pull request(PR) or raise an issue in the GitHub repository containing the docs content that you want to change.
There are 2 different workflows which you can use to make changes or PRs. Use what you are most comfortable with!
1. "Edit this File on GitHub"
You can edit the documentation in the browser via navigating to the relevant source file and clicking the edit this file button. This workflow is recommended for minor changes. For example correcting typos/spellings/grammar etc. For extensive changes, please use the local setup and editing option.
2. Local Setup and Editing
You can fork the repository on GitHub and submit the changes via pull requests. Please see the local setup for API docs section to setup and render the docs locally.
Local Setup for API Docs
ZAP uses git for its code repository. To submit a documentation update, use the following steps:
1. Clone the ZAP Docs repository:
git clone https://github.com/zaproxy/zap-api-docs
2. Navigate to the cloned repository:
cd zap-api-docs
3. Use the following guide to install Ruby
4. To install the dependencies: $ bundle install
5. To start the server: $ bundle exec middleman server
Documentation Style
This style guide provides a set of editorial guidelines for anyone writing documentation for OWASP ZAP.
General Guidelines
Check for the grammar and spellings before sending the pull request. Most of the modern editors comes with a spell check option or plugin.
Use a friendly and conversational tone. Always use simple sentences. If the sentence is lengthy try to break it in to smaller sentences. Also avoid sentences with complicated words or jargon.
Write positively and avoid using negative sentences.
- Recommended: If you are not familiar with the Spider, then read this documentation.
- Not Recommended: Read this documentation to get familiarized with the Spider.
The documentation should be neutral, without judgments, opinions. For example, words like "easily" or "simple" come with a lot of assumptions. Things that are easier for you might be difficult for another person. Avoid this type of wordings when contributing to the document.
Language and Grammar
Abbreviation
Spell out the abbreviation or acronym before introducing them in the sentence. If the abbreviation is well known such as API or ZAP or HTML, you can use it without spelling it first.
Active Voice
In general use active voice when formulating the sentence instead of passive voice. A sentence written in the active voice will emphasize the person or thing who is performing an action (eg.The dog chased the ball). In contrast, the passive voice will highlight the recipient of the action (The ball was chased by the dog). Therefor use the passive voice, only when it's less important who or what completed the action and more important that the action was completed. For example:
- Recommended: The Spider crawls the URLs.
- Not recommended: The URLs are crawled by the Spider.
Gender References
Use gender neutral pronouns (they/their/them) when referring to a hypothetical person such as "a user with a logged in session". For example, instead of: - he or she, use they; - him or her, use them; - his or her, use their; - his or hers, use theirs; - himself or herself, use themselves;
Method Description
When you're writing reference documentation for a method, phrase the main method description in terms of what it does ("Gets," "Starts," "Creates," "Lists"), rather than what the developer would use it to do ("Get," "Start," "Create," "List").
- Recommended: action.scan: Starts the Spider on the specified URL.
- Not recommended: action.scan: Start the Spider on the specified URL.
Second Person
In general, use second person in your docs rather than first person. For example:
- Recommended: You are recommended to use the Spider.
- Not Recommended: We recommend to use the Spider.
Spellings
Use American spellings when contributing to the documentation.
Formatting
Capitalization:
- Use the Chicago manual for capitalization rules for the documentation.
- For titles of a section, Capitalize of the first letter of each word except for the closed-class words
such as determiners, pronouns, conjunctions, and prepositions. Use the following link for guidance.
- Recommended: The Spider Tutorial with APIs
- For normal sentences don't capitalize random words in the middle of the sentences.
Number formatting
- In general spell out the number if it starts a sentence or is less than ten or an ordinal number.
- Recommended: Seventeen requests has been intercepted by the passive scanner.
- Recommended: The passive scan showed nine warnings.
- Recommended: The fifth alert was a high priority alert.
- Use numerals for numbers higher than ten or fractions or unit prices.
- Recommended: The active scanner detected 24 issues.
- Recommended: The scanner took 23.4 seconds to complete the crawling.
- In general spell out the number if it starts a sentence or is less than ten or an ordinal number.
Punctuation
Commas
- Use oxford commas when writing a list of three or more items
- Recommended: The API can return the results in XML, JSON, and HTML.
- Not Recommended: The API can return the results in XML, JSON and HTML.
- Use oxford commas when writing a list of three or more items
Periods
- Do not add period to headings or titles.
- Avoid using periods at the end of URLs. Try to modify the sentence so the URL can be in the middle of the sentence.
- Do not add period to headings or titles.
Markdown Syntax
The API docs are created using standard markdown files. This section contains information regarding the syntax and linting of the Markdown files. Refer to the Slate documentation. Also refer to this document to properly lint the Markdown files.
Writing Code
Inline Code
Put `backticks` around the following symbols when used in text:
- Data types:
json,xml,html - File name:
test.py,/path-to-your-data/xml/example-name
Code Block
Use three back ticks to open and close a code block. Specify the programming language after the first backtick group.
The documentation currently supports python, java, and shell languages.
Troubleshooting
This section explains how to troubleshoot issues that might occur when interacting with the ZAP API.
Enable Useful Dev Options
While developing scripts/programs that interact with ZAP API it's recommended that the following ZAP API options are enabled, to have more information about possible errors:
Report permission errors via APIReport error details via API
The API response will then contain the details about why the API request was rejected or was not successful.
Common Errors
Wrong API Key or Address Not Allowed
//org.zaproxy.clientapi.core.ClientApiException: java.net.SocketException: Unexpected end of file from server
// at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:366)
// at org.zaproxy.clientapi.core.ClientApi.callApi(ClientApi.java:350)
// at org.zaproxy.clientapi.gen.Spider.scan(Spider.java:242)
requests.exceptions.ProxyError: HTTPConnectionPool(host='127.0.0.1', port=8080): Max retries exceeded with
url: http://zap/JSON/spider/action/scan/?apikey=changeMe&url=https%3A%2F%2Fexample.com
(Caused by ProxyError('Cannot connect to proxy.', RemoteDisconnected('Remote end closed connection without response')))
By default, ZAP will close the connection without a response if an API request is not from an allowed address or the API key is wrong. If you get exceptions similar to the following ensure that the API client is using the correct API key and that the address is allowed.
No Connection to ZAP
//org.zaproxy.clientapi.core.ClientApiException: java.net.ConnectException: Connection refused: connect
// at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:366)
// at org.zaproxy.clientapi.core.ClientApi.callApi(ClientApi.java:350)
// at org.zaproxy.clientapi.gen.Spider.scan(Spider.java:242)
// at ZAP_tests.Spider.main(Spider.java:25)
requests.exceptions.ProxyError: HTTPConnectionPool(host='127.0.0.1', port=8080): Max retries exceeded with
url: http://zap/JSON/spider/action/scan/?apikey=changeMe&url=https%3A%2F%2Fexample.com
(Caused by ProxyError('Cannot connect to proxy.', NewConnectionError('<urllib3.connection.HTTPConnection object at
0x101be78e0>: Failed to establish a new connection: [Errno 61] Connection refused')))
There are several reasons that the API client might not be able to connect to ZAP:
- ZAP is not yet started, some clients might have methods to wait for ZAP;
- ZAP is not listening on the address, for example, if the API client is connecting from an external machine then ZAP will have to listen on the external address (or all addresses
0.0.0.0) - The API client is not configured with correct address/port;
Error: No Implementor
If you come across the No Implementor Error while invoking the APIs: Check the necessary add-on or component is installed and enabled.
(For example if you receive "no_implementor" in relation to Ajax Spider calls, perhaps the Ajax Spider add-on isn't installed.)
API Catalogue
Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.
The HTTP API for controlling and accessing ZAP.
Base URLs:
-
- address - The address ZAP is listening on. Default: 127.0.0.1
- port - The port ZAP is bound to. Default: 8080
Email: OWASP ZAP User Group Web: OWASP ZAP User Group License: Apache 2.0
Authentication
API Key (apiKeyHeader)
- Parameter Name: X-ZAP-API-Key, in: header.
API Key (apiKeyQuery)
- Parameter Name: apikey, in: query.
alert
alertViewAlert
Code samples
# You can also use wget
curl -X GET http://zap/JSON/alert/view/alert/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/alert/view/alert/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/alert/view/alert/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/alert/view/alert/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/alert/view/alert/
Gets the alert with the given ID, the corresponding HTTP message can be obtained with the 'messageId' field and 'message' API method
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| id | query | integer | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
alertViewAlerts
Code samples
# You can also use wget
curl -X GET http://zap/JSON/alert/view/alerts/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/alert/view/alerts/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/alert/view/alerts/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/alert/view/alerts/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/alert/view/alerts/
Gets the alerts raised by ZAP, optionally filtering by URL or riskId, and paginating with 'start' position and 'count' of alerts
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| baseurl | query | string | false | none |
| start | query | integer | false | none |
| count | query | integer | false | none |
| riskId | query | string | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
alertViewAlertsSummary
Code samples
# You can also use wget
curl -X GET http://zap/JSON/alert/view/alertsSummary/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/alert/view/alertsSummary/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/alert/view/alertsSummary/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/alert/view/alertsSummary/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/alert/view/alertsSummary/
Gets number of alerts grouped by each risk level, optionally filtering by URL
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| baseurl | query | string | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
alertViewNumberOfAlerts
Code samples
# You can also use wget
curl -X GET http://zap/JSON/alert/view/numberOfAlerts/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/alert/view/numberOfAlerts/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/alert/view/numberOfAlerts/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/alert/view/numberOfAlerts/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/alert/view/numberOfAlerts/
Gets the number of alerts, optionally filtering by URL or riskId
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| baseurl | query | string | false | none |
| riskId | query | string | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
alertViewAlertsByRisk
Code samples
# You can also use wget
curl -X GET http://zap/JSON/alert/view/alertsByRisk/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/alert/view/alertsByRisk/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/alert/view/alertsByRisk/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/alert/view/alertsByRisk/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/alert/view/alertsByRisk/
Gets a summary of the alerts, optionally filtered by a 'url'. If 'recurse' is true then all alerts that apply to urls that start with the specified 'url' will be returned, otherwise only those on exactly the same 'url' (ignoring url parameters)
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| url | query | string | false | none |
| recurse | query | boolean | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
alertViewAlertCountsByRisk
Code samples
# You can also use wget
curl -X GET http://zap/JSON/alert/view/alertCountsByRisk/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/alert/view/alertCountsByRisk/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/alert/view/alertCountsByRisk/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/alert/view/alertCountsByRisk/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/alert/view/alertCountsByRisk/
Gets a count of the alerts, optionally filtered as per alertsPerRisk
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| url | query | string | false | none |
| recurse | query | boolean | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
alertActionDeleteAllAlerts
Code samples
# You can also use wget
curl -X GET http://zap/JSON/alert/action/deleteAllAlerts/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/alert/action/deleteAllAlerts/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/alert/action/deleteAllAlerts/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/alert/action/deleteAllAlerts/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/alert/action/deleteAllAlerts/
Deletes all alerts of the current session.
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
alertActionDeleteAlert
Code samples
# You can also use wget
curl -X GET http://zap/JSON/alert/action/deleteAlert/?id=0 \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/alert/action/deleteAlert/?id=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/alert/action/deleteAlert/', params={
'id': '0'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/alert/action/deleteAlert/',
params: {
'id' => 'integer'
}, headers: headers
p JSON.parse(result)
GET /JSON/alert/action/deleteAlert/
Deletes the alert with the given ID.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| id | query | integer | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
acsrf
acsrfViewOptionTokensNames
Code samples
# You can also use wget
curl -X GET http://zap/JSON/acsrf/view/optionTokensNames/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/acsrf/view/optionTokensNames/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/acsrf/view/optionTokensNames/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/acsrf/view/optionTokensNames/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/acsrf/view/optionTokensNames/
Lists the names of all anti-CSRF tokens
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
acsrfActionAddOptionToken
Code samples
# You can also use wget
curl -X GET http://zap/JSON/acsrf/action/addOptionToken/?String=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/acsrf/action/addOptionToken/?String=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/acsrf/action/addOptionToken/', params={
'String': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/acsrf/action/addOptionToken/',
params: {
'String' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/acsrf/action/addOptionToken/
Adds an anti-CSRF token with the given name, enabled by default
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| String | query | string | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
acsrfActionRemoveOptionToken
Code samples
# You can also use wget
curl -X GET http://zap/JSON/acsrf/action/removeOptionToken/?String=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/acsrf/action/removeOptionToken/?String=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/acsrf/action/removeOptionToken/', params={
'String': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/acsrf/action/removeOptionToken/',
params: {
'String' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/acsrf/action/removeOptionToken/
Removes the anti-CSRF token with the given name
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| String | query | string | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
acsrfOtherGenForm
Code samples
# You can also use wget
curl -X GET http://zap/OTHER/acsrf/other/genForm/?hrefId=0 \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/OTHER/acsrf/other/genForm/?hrefId=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/OTHER/acsrf/other/genForm/', params={
'hrefId': '0'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/OTHER/acsrf/other/genForm/',
params: {
'hrefId' => 'integer'
}, headers: headers
p JSON.parse(result)
GET /OTHER/acsrf/other/genForm/
Generate a form for testing lack of anti-CSRF tokens - typically invoked via ZAP
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| hrefId | query | integer | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
pscan
pscanViewScanOnlyInScope
Code samples
# You can also use wget
curl -X GET http://zap/JSON/pscan/view/scanOnlyInScope/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/pscan/view/scanOnlyInScope/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/pscan/view/scanOnlyInScope/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/pscan/view/scanOnlyInScope/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/pscan/view/scanOnlyInScope/
Tells whether or not the passive scan should be performed only on messages that are in scope.
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
pscanViewRecordsToScan
Code samples
# You can also use wget
curl -X GET http://zap/JSON/pscan/view/recordsToScan/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/pscan/view/recordsToScan/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/pscan/view/recordsToScan/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/pscan/view/recordsToScan/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/pscan/view/recordsToScan/
The number of records the passive scanner still has to scan
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
pscanViewScanners
Code samples
# You can also use wget
curl -X GET http://zap/JSON/pscan/view/scanners/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/pscan/view/scanners/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/pscan/view/scanners/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/pscan/view/scanners/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/pscan/view/scanners/
Lists all passive scanners with its ID, name, enabled state and alert threshold.
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
pscanViewCurrentRule
Code samples
# You can also use wget
curl -X GET http://zap/JSON/pscan/view/currentRule/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/pscan/view/currentRule/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/pscan/view/currentRule/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/pscan/view/currentRule/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/pscan/view/currentRule/
Show information about the passive scan rule currently being run (if any).
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
pscanViewMaxAlertsPerRule
Code samples
# You can also use wget
curl -X GET http://zap/JSON/pscan/view/maxAlertsPerRule/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/pscan/view/maxAlertsPerRule/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/pscan/view/maxAlertsPerRule/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/pscan/view/maxAlertsPerRule/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/pscan/view/maxAlertsPerRule/
Gets the maximum number of alerts a passive scan rule should raise.
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
pscanActionSetEnabled
Code samples
# You can also use wget
curl -X GET http://zap/JSON/pscan/action/setEnabled/?enabled=true \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/pscan/action/setEnabled/?enabled=true");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/pscan/action/setEnabled/', params={
'enabled': 'true'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/pscan/action/setEnabled/',
params: {
'enabled' => 'boolean'
}, headers: headers
p JSON.parse(result)
GET /JSON/pscan/action/setEnabled/
Sets whether or not the passive scanning is enabled (Note: the enabled state is not persisted).
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| enabled | query | boolean | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
pscanActionSetScanOnlyInScope
Code samples
# You can also use wget
curl -X GET http://zap/JSON/pscan/action/setScanOnlyInScope/?onlyInScope=true \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/pscan/action/setScanOnlyInScope/?onlyInScope=true");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/pscan/action/setScanOnlyInScope/', params={
'onlyInScope': 'true'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/pscan/action/setScanOnlyInScope/',
params: {
'onlyInScope' => 'boolean'
}, headers: headers
p JSON.parse(result)
GET /JSON/pscan/action/setScanOnlyInScope/
Sets whether or not the passive scan should be performed only on messages that are in scope.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| onlyInScope | query | boolean | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
pscanActionEnableAllScanners
Code samples
# You can also use wget
curl -X GET http://zap/JSON/pscan/action/enableAllScanners/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/pscan/action/enableAllScanners/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/pscan/action/enableAllScanners/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/pscan/action/enableAllScanners/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/pscan/action/enableAllScanners/
Enables all passive scanners
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
pscanActionDisableAllScanners
Code samples
# You can also use wget
curl -X GET http://zap/JSON/pscan/action/disableAllScanners/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/pscan/action/disableAllScanners/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/pscan/action/disableAllScanners/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/pscan/action/disableAllScanners/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/pscan/action/disableAllScanners/
Disables all passive scanners
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
pscanActionEnableScanners
Code samples
# You can also use wget
curl -X GET http://zap/JSON/pscan/action/enableScanners/?ids=0 \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/pscan/action/enableScanners/?ids=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/pscan/action/enableScanners/', params={
'ids': '0'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/pscan/action/enableScanners/',
params: {
'ids' => 'integer'
}, headers: headers
p JSON.parse(result)
GET /JSON/pscan/action/enableScanners/
Enables all passive scanners with the given IDs (comma separated list of IDs)
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| ids | query | integer | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
pscanActionDisableScanners
Code samples
# You can also use wget
curl -X GET http://zap/JSON/pscan/action/disableScanners/?ids=0 \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/pscan/action/disableScanners/?ids=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/pscan/action/disableScanners/', params={
'ids': '0'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/pscan/action/disableScanners/',
params: {
'ids' => 'integer'
}, headers: headers
p JSON.parse(result)
GET /JSON/pscan/action/disableScanners/
Disables all passive scanners with the given IDs (comma separated list of IDs)
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| ids | query | integer | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
pscanActionSetScannerAlertThreshold
Code samples
# You can also use wget
curl -X GET http://zap/JSON/pscan/action/setScannerAlertThreshold/?id=0&alertThreshold=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/pscan/action/setScannerAlertThreshold/?id=0&alertThreshold=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/pscan/action/setScannerAlertThreshold/', params={
'id': '0', 'alertThreshold': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/pscan/action/setScannerAlertThreshold/',
params: {
'id' => 'integer',
'alertThreshold' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/pscan/action/setScannerAlertThreshold/
Sets the alert threshold of the passive scanner with the given ID, accepted values for alert threshold: OFF, DEFAULT, LOW, MEDIUM and HIGH
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| id | query | integer | true | none |
| alertThreshold | query | string | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
pscanActionSetMaxAlertsPerRule
Code samples
# You can also use wget
curl -X GET http://zap/JSON/pscan/action/setMaxAlertsPerRule/?maxAlerts=0 \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/pscan/action/setMaxAlertsPerRule/?maxAlerts=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/pscan/action/setMaxAlertsPerRule/', params={
'maxAlerts': '0'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/pscan/action/setMaxAlertsPerRule/',
params: {
'maxAlerts' => 'integer'
}, headers: headers
p JSON.parse(result)
GET /JSON/pscan/action/setMaxAlertsPerRule/
Sets the maximum number of alerts a passive scan rule should raise.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| maxAlerts | query | integer | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
search
searchViewUrlsByUrlRegex
Code samples
# You can also use wget
curl -X GET http://zap/JSON/search/view/urlsByUrlRegex/?regex=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/search/view/urlsByUrlRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/search/view/urlsByUrlRegex/', params={
'regex': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/search/view/urlsByUrlRegex/',
params: {
'regex' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/search/view/urlsByUrlRegex/
Returns the URLs of the HTTP messages that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| regex | query | string | true | none |
| baseurl | query | string | false | none |
| start | query | integer | false | none |
| count | query | integer | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
searchViewUrlsByRequestRegex
Code samples
# You can also use wget
curl -X GET http://zap/JSON/search/view/urlsByRequestRegex/?regex=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/search/view/urlsByRequestRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/search/view/urlsByRequestRegex/', params={
'regex': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/search/view/urlsByRequestRegex/',
params: {
'regex' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/search/view/urlsByRequestRegex/
Returns the URLs of the HTTP messages that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| regex | query | string | true | none |
| baseurl | query | string | false | none |
| start | query | integer | false | none |
| count | query | integer | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
searchViewUrlsByResponseRegex
Code samples
# You can also use wget
curl -X GET http://zap/JSON/search/view/urlsByResponseRegex/?regex=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/search/view/urlsByResponseRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/search/view/urlsByResponseRegex/', params={
'regex': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/search/view/urlsByResponseRegex/',
params: {
'regex' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/search/view/urlsByResponseRegex/
Returns the URLs of the HTTP messages that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| regex | query | string | true | none |
| baseurl | query | string | false | none |
| start | query | integer | false | none |
| count | query | integer | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
searchViewUrlsByHeaderRegex
Code samples
# You can also use wget
curl -X GET http://zap/JSON/search/view/urlsByHeaderRegex/?regex=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/search/view/urlsByHeaderRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/search/view/urlsByHeaderRegex/', params={
'regex': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/search/view/urlsByHeaderRegex/',
params: {
'regex' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/search/view/urlsByHeaderRegex/
Returns the URLs of the HTTP messages that match the given regular expression in the header(s) optionally filtered by URL and paginated with 'start' position and 'count' of messages.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| regex | query | string | true | none |
| baseurl | query | string | false | none |
| start | query | integer | false | none |
| count | query | integer | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
searchViewMessagesByUrlRegex
Code samples
# You can also use wget
curl -X GET http://zap/JSON/search/view/messagesByUrlRegex/?regex=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/search/view/messagesByUrlRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/search/view/messagesByUrlRegex/', params={
'regex': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/search/view/messagesByUrlRegex/',
params: {
'regex' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/search/view/messagesByUrlRegex/
Returns the HTTP messages that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| regex | query | string | true | none |
| baseurl | query | string | false | none |
| start | query | integer | false | none |
| count | query | integer | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
searchViewMessagesByRequestRegex
Code samples
# You can also use wget
curl -X GET http://zap/JSON/search/view/messagesByRequestRegex/?regex=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/search/view/messagesByRequestRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/search/view/messagesByRequestRegex/', params={
'regex': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/search/view/messagesByRequestRegex/',
params: {
'regex' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/search/view/messagesByRequestRegex/
Returns the HTTP messages that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| regex | query | string | true | none |
| baseurl | query | string | false | none |
| start | query | integer | false | none |
| count | query | integer | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
searchViewMessagesByResponseRegex
Code samples
# You can also use wget
curl -X GET http://zap/JSON/search/view/messagesByResponseRegex/?regex=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/search/view/messagesByResponseRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/search/view/messagesByResponseRegex/', params={
'regex': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/search/view/messagesByResponseRegex/',
params: {
'regex' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/search/view/messagesByResponseRegex/
Returns the HTTP messages that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| regex | query | string | true | none |
| baseurl | query | string | false | none |
| start | query | integer | false | none |
| count | query | integer | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
searchViewMessagesByHeaderRegex
Code samples
# You can also use wget
curl -X GET http://zap/JSON/search/view/messagesByHeaderRegex/?regex=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/search/view/messagesByHeaderRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/search/view/messagesByHeaderRegex/', params={
'regex': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/search/view/messagesByHeaderRegex/',
params: {
'regex' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/search/view/messagesByHeaderRegex/
Returns the HTTP messages that match the given regular expression in the header(s) optionally filtered by URL and paginated with 'start' position and 'count' of messages.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| regex | query | string | true | none |
| baseurl | query | string | false | none |
| start | query | integer | false | none |
| count | query | integer | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
searchOtherHarByUrlRegex
Code samples
# You can also use wget
curl -X GET http://zap/OTHER/search/other/harByUrlRegex/?regex=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/OTHER/search/other/harByUrlRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/OTHER/search/other/harByUrlRegex/', params={
'regex': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/OTHER/search/other/harByUrlRegex/',
params: {
'regex' => 'string'
}, headers: headers
p JSON.parse(result)
GET /OTHER/search/other/harByUrlRegex/
Returns the HTTP messages, in HAR format, that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| regex | query | string | true | none |
| baseurl | query | string | false | none |
| start | query | integer | false | none |
| count | query | integer | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
searchOtherHarByRequestRegex
Code samples
# You can also use wget
curl -X GET http://zap/OTHER/search/other/harByRequestRegex/?regex=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/OTHER/search/other/harByRequestRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/OTHER/search/other/harByRequestRegex/', params={
'regex': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/OTHER/search/other/harByRequestRegex/',
params: {
'regex' => 'string'
}, headers: headers
p JSON.parse(result)
GET /OTHER/search/other/harByRequestRegex/
Returns the HTTP messages, in HAR format, that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| regex | query | string | true | none |
| baseurl | query | string | false | none |
| start | query | integer | false | none |
| count | query | integer | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
searchOtherHarByResponseRegex
Code samples
# You can also use wget
curl -X GET http://zap/OTHER/search/other/harByResponseRegex/?regex=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/OTHER/search/other/harByResponseRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/OTHER/search/other/harByResponseRegex/', params={
'regex': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/OTHER/search/other/harByResponseRegex/',
params: {
'regex' => 'string'
}, headers: headers
p JSON.parse(result)
GET /OTHER/search/other/harByResponseRegex/
Returns the HTTP messages, in HAR format, that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| regex | query | string | true | none |
| baseurl | query | string | false | none |
| start | query | integer | false | none |
| count | query | integer | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
searchOtherHarByHeaderRegex
Code samples
# You can also use wget
curl -X GET http://zap/OTHER/search/other/harByHeaderRegex/?regex=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/OTHER/search/other/harByHeaderRegex/?regex=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/OTHER/search/other/harByHeaderRegex/', params={
'regex': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/OTHER/search/other/harByHeaderRegex/',
params: {
'regex' => 'string'
}, headers: headers
p JSON.parse(result)
GET /OTHER/search/other/harByHeaderRegex/
Returns the HTTP messages, in HAR format, that match the given regular expression in the header(s) optionally filtered by URL and paginated with 'start' position and 'count' of messages.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| regex | query | string | true | none |
| baseurl | query | string | false | none |
| start | query | integer | false | none |
| count | query | integer | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdate
autoupdateViewLatestVersionNumber
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/latestVersionNumber/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/view/latestVersionNumber/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/view/latestVersionNumber/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/view/latestVersionNumber/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/view/latestVersionNumber/
Returns the latest version number
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateViewIsLatestVersion
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/isLatestVersion/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/view/isLatestVersion/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/view/isLatestVersion/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/view/isLatestVersion/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/view/isLatestVersion/
Returns 'true' if ZAP is on the latest version
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateViewInstalledAddons
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/installedAddons/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/view/installedAddons/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/view/installedAddons/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/view/installedAddons/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/view/installedAddons/
Return a list of all of the installed add-ons
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateViewLocalAddons
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/localAddons/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/view/localAddons/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/view/localAddons/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/view/localAddons/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/view/localAddons/
Returns a list with all local add-ons, installed or not.
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateViewNewAddons
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/newAddons/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/view/newAddons/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/view/newAddons/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/view/newAddons/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/view/newAddons/
Return a list of any add-ons that have been added to the Marketplace since the last check for updates
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateViewUpdatedAddons
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/updatedAddons/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/view/updatedAddons/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/view/updatedAddons/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/view/updatedAddons/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/view/updatedAddons/
Return a list of any add-ons that have been changed in the Marketplace since the last check for updates
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateViewMarketplaceAddons
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/marketplaceAddons/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/view/marketplaceAddons/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/view/marketplaceAddons/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/view/marketplaceAddons/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/view/marketplaceAddons/
Return a list of all of the add-ons on the ZAP Marketplace (this information is read once and then cached)
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateViewOptionAddonDirectories
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionAddonDirectories/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/view/optionAddonDirectories/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/view/optionAddonDirectories/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/view/optionAddonDirectories/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/view/optionAddonDirectories/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateViewOptionDayLastChecked
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionDayLastChecked/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/view/optionDayLastChecked/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/view/optionDayLastChecked/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/view/optionDayLastChecked/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/view/optionDayLastChecked/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateViewOptionDayLastInstallWarned
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionDayLastInstallWarned/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/view/optionDayLastInstallWarned/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/view/optionDayLastInstallWarned/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/view/optionDayLastInstallWarned/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/view/optionDayLastInstallWarned/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateViewOptionDayLastUpdateWarned
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionDayLastUpdateWarned/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/view/optionDayLastUpdateWarned/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/view/optionDayLastUpdateWarned/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/view/optionDayLastUpdateWarned/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/view/optionDayLastUpdateWarned/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateViewOptionDownloadDirectory
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionDownloadDirectory/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/view/optionDownloadDirectory/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/view/optionDownloadDirectory/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/view/optionDownloadDirectory/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/view/optionDownloadDirectory/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateViewOptionCheckAddonUpdates
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionCheckAddonUpdates/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/view/optionCheckAddonUpdates/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/view/optionCheckAddonUpdates/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/view/optionCheckAddonUpdates/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/view/optionCheckAddonUpdates/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateViewOptionCheckOnStart
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionCheckOnStart/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/view/optionCheckOnStart/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/view/optionCheckOnStart/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/view/optionCheckOnStart/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/view/optionCheckOnStart/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateViewOptionDownloadNewRelease
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionDownloadNewRelease/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/view/optionDownloadNewRelease/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/view/optionDownloadNewRelease/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/view/optionDownloadNewRelease/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/view/optionDownloadNewRelease/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateViewOptionInstallAddonUpdates
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionInstallAddonUpdates/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/view/optionInstallAddonUpdates/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/view/optionInstallAddonUpdates/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/view/optionInstallAddonUpdates/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/view/optionInstallAddonUpdates/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateViewOptionInstallScannerRules
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionInstallScannerRules/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/view/optionInstallScannerRules/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/view/optionInstallScannerRules/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/view/optionInstallScannerRules/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/view/optionInstallScannerRules/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateViewOptionReportAlphaAddons
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionReportAlphaAddons/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/view/optionReportAlphaAddons/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/view/optionReportAlphaAddons/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/view/optionReportAlphaAddons/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/view/optionReportAlphaAddons/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateViewOptionReportBetaAddons
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionReportBetaAddons/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/view/optionReportBetaAddons/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/view/optionReportBetaAddons/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/view/optionReportBetaAddons/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/view/optionReportBetaAddons/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateViewOptionReportReleaseAddons
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/view/optionReportReleaseAddons/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/view/optionReportReleaseAddons/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/view/optionReportReleaseAddons/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/view/optionReportReleaseAddons/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/view/optionReportReleaseAddons/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateActionDownloadLatestRelease
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/downloadLatestRelease/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/action/downloadLatestRelease/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/action/downloadLatestRelease/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/action/downloadLatestRelease/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/action/downloadLatestRelease/
Downloads the latest release, if any
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateActionInstallAddon
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/installAddon/?id=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/action/installAddon/?id=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/action/installAddon/', params={
'id': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/action/installAddon/',
params: {
'id' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/action/installAddon/
Installs or updates the specified add-on, returning when complete (ie not asynchronously)
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| id | query | string | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateActionInstallLocalAddon
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/installLocalAddon/?file=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/action/installLocalAddon/?file=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/action/installLocalAddon/', params={
'file': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/action/installLocalAddon/',
params: {
'file' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/action/installLocalAddon/
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| file | query | string | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateActionUninstallAddon
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/uninstallAddon/?id=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/action/uninstallAddon/?id=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/action/uninstallAddon/', params={
'id': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/action/uninstallAddon/',
params: {
'id' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/action/uninstallAddon/
Uninstalls the specified add-on
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| id | query | string | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateActionSetOptionCheckAddonUpdates
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/setOptionCheckAddonUpdates/?Boolean=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/action/setOptionCheckAddonUpdates/?Boolean=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/action/setOptionCheckAddonUpdates/', params={
'Boolean': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/action/setOptionCheckAddonUpdates/',
params: {
'Boolean' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/action/setOptionCheckAddonUpdates/
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| Boolean | query | string | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateActionSetOptionCheckOnStart
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/setOptionCheckOnStart/?Boolean=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/action/setOptionCheckOnStart/?Boolean=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/action/setOptionCheckOnStart/', params={
'Boolean': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/action/setOptionCheckOnStart/',
params: {
'Boolean' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/action/setOptionCheckOnStart/
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| Boolean | query | string | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateActionSetOptionDownloadNewRelease
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/setOptionDownloadNewRelease/?Boolean=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/action/setOptionDownloadNewRelease/?Boolean=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/action/setOptionDownloadNewRelease/', params={
'Boolean': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/action/setOptionDownloadNewRelease/',
params: {
'Boolean' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/action/setOptionDownloadNewRelease/
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| Boolean | query | string | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateActionSetOptionInstallAddonUpdates
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/setOptionInstallAddonUpdates/?Boolean=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/action/setOptionInstallAddonUpdates/?Boolean=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/action/setOptionInstallAddonUpdates/', params={
'Boolean': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/action/setOptionInstallAddonUpdates/',
params: {
'Boolean' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/action/setOptionInstallAddonUpdates/
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| Boolean | query | string | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateActionSetOptionInstallScannerRules
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/setOptionInstallScannerRules/?Boolean=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/action/setOptionInstallScannerRules/?Boolean=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/action/setOptionInstallScannerRules/', params={
'Boolean': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/action/setOptionInstallScannerRules/',
params: {
'Boolean' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/action/setOptionInstallScannerRules/
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| Boolean | query | string | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateActionSetOptionReportAlphaAddons
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/setOptionReportAlphaAddons/?Boolean=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/action/setOptionReportAlphaAddons/?Boolean=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/action/setOptionReportAlphaAddons/', params={
'Boolean': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/action/setOptionReportAlphaAddons/',
params: {
'Boolean' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/action/setOptionReportAlphaAddons/
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| Boolean | query | string | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateActionSetOptionReportBetaAddons
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/setOptionReportBetaAddons/?Boolean=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/action/setOptionReportBetaAddons/?Boolean=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/action/setOptionReportBetaAddons/', params={
'Boolean': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/action/setOptionReportBetaAddons/',
params: {
'Boolean' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/action/setOptionReportBetaAddons/
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| Boolean | query | string | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
autoupdateActionSetOptionReportReleaseAddons
Code samples
# You can also use wget
curl -X GET http://zap/JSON/autoupdate/action/setOptionReportReleaseAddons/?Boolean=string \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/autoupdate/action/setOptionReportReleaseAddons/?Boolean=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/autoupdate/action/setOptionReportReleaseAddons/', params={
'Boolean': 'string'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/autoupdate/action/setOptionReportReleaseAddons/',
params: {
'Boolean' => 'string'
}, headers: headers
p JSON.parse(result)
GET /JSON/autoupdate/action/setOptionReportReleaseAddons/
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| Boolean | query | string | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spider
spiderViewStatus
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/status/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/status/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/status/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/status/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/status/
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| scanId | query | integer | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewResults
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/results/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/results/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/results/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/results/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/results/
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| scanId | query | integer | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewFullResults
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/fullResults/?scanId=0 \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/fullResults/?scanId=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/fullResults/', params={
'scanId': '0'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/fullResults/',
params: {
'scanId' => 'integer'
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/fullResults/
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| scanId | query | integer | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewScans
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/scans/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/scans/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/scans/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/scans/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/scans/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewExcludedFromScan
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/excludedFromScan/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/excludedFromScan/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/excludedFromScan/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/excludedFromScan/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/excludedFromScan/
Gets the regexes of URLs excluded from the spider scans.
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewAllUrls
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/allUrls/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/allUrls/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/allUrls/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/allUrls/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/allUrls/
Returns a list of unique URLs from the history table based on HTTP messages added by the Spider.
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewAddedNodes
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/addedNodes/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/addedNodes/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/addedNodes/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/addedNodes/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/addedNodes/
Returns a list of the names of the nodes added to the Sites tree by the specified scan.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| scanId | query | integer | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewDomainsAlwaysInScope
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/domainsAlwaysInScope/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/domainsAlwaysInScope/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/domainsAlwaysInScope/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/domainsAlwaysInScope/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/domainsAlwaysInScope/
Gets all the domains that are always in scope. For each domain the following are shown: the index, the value (domain), if enabled, and if specified as a regex.
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionDomainsAlwaysInScope
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionDomainsAlwaysInScope/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionDomainsAlwaysInScope/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionDomainsAlwaysInScope/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionDomainsAlwaysInScope/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionDomainsAlwaysInScope/
Use view domainsAlwaysInScope instead.
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionDomainsAlwaysInScopeEnabled
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionDomainsAlwaysInScopeEnabled/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionDomainsAlwaysInScopeEnabled/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionDomainsAlwaysInScopeEnabled/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionDomainsAlwaysInScopeEnabled/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionDomainsAlwaysInScopeEnabled/
Use view domainsAlwaysInScope instead.
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionHandleParameters
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionHandleParameters/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionHandleParameters/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionHandleParameters/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionHandleParameters/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionHandleParameters/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionMaxChildren
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionMaxChildren/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionMaxChildren/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionMaxChildren/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionMaxChildren/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionMaxChildren/
Gets the maximum number of child nodes (per node) that can be crawled, 0 means no limit.
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionMaxDepth
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionMaxDepth/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionMaxDepth/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionMaxDepth/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionMaxDepth/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionMaxDepth/
Gets the maximum depth the spider can crawl, 0 if unlimited.
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionMaxDuration
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionMaxDuration/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionMaxDuration/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionMaxDuration/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionMaxDuration/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionMaxDuration/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionMaxParseSizeBytes
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionMaxParseSizeBytes/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionMaxParseSizeBytes/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionMaxParseSizeBytes/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionMaxParseSizeBytes/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionMaxParseSizeBytes/
Gets the maximum size, in bytes, that a response might have to be parsed.
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionMaxScansInUI
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionMaxScansInUI/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionMaxScansInUI/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionMaxScansInUI/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionMaxScansInUI/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionMaxScansInUI/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionRequestWaitTime
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionRequestWaitTime/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionRequestWaitTime/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionRequestWaitTime/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionRequestWaitTime/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionRequestWaitTime/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionScope
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionScope/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionScope/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionScope/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionScope/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionScope/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionScopeText
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionScopeText/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionScopeText/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionScopeText/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionScopeText/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionScopeText/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionSkipURLString
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionSkipURLString/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionSkipURLString/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionSkipURLString/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionSkipURLString/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionSkipURLString/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionThreadCount
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionThreadCount/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionThreadCount/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionThreadCount/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionThreadCount/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionThreadCount/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionUserAgent
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionUserAgent/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionUserAgent/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionUserAgent/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionUserAgent/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionUserAgent/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionAcceptCookies
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionAcceptCookies/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionAcceptCookies/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionAcceptCookies/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionAcceptCookies/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionAcceptCookies/
Gets whether or not a spider process should accept cookies while spidering.
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionHandleODataParametersVisited
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionHandleODataParametersVisited/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionHandleODataParametersVisited/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionHandleODataParametersVisited/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionHandleODataParametersVisited/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionHandleODataParametersVisited/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionParseComments
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionParseComments/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionParseComments/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionParseComments/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionParseComments/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionParseComments/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionParseGit
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionParseGit/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionParseGit/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionParseGit/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionParseGit/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionParseGit/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionParseRobotsTxt
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionParseRobotsTxt/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionParseRobotsTxt/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionParseRobotsTxt/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionParseRobotsTxt/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionParseRobotsTxt/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionParseSVNEntries
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionParseSVNEntries/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionParseSVNEntries/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionParseSVNEntries/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionParseSVNEntries/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionParseSVNEntries/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionParseSitemapXml
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionParseSitemapXml/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionParseSitemapXml/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionParseSitemapXml/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionParseSitemapXml/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionParseSitemapXml/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionPostForm
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionPostForm/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionPostForm/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionPostForm/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionPostForm/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionPostForm/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionProcessForm
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionProcessForm/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionProcessForm/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionProcessForm/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionProcessForm/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionProcessForm/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionSendRefererHeader
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionSendRefererHeader/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionSendRefererHeader/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionSendRefererHeader/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionSendRefererHeader/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionSendRefererHeader/
Gets whether or not the 'Referer' header should be sent while spidering.
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderViewOptionShowAdvancedDialog
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/view/optionShowAdvancedDialog/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/view/optionShowAdvancedDialog/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/view/optionShowAdvancedDialog/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/view/optionShowAdvancedDialog/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/view/optionShowAdvancedDialog/
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderActionScan
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/action/scan/ \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/action/scan/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/action/scan/', params={
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/action/scan/',
params: {
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/action/scan/
Runs the spider against the given URL (or context). Optionally, the 'maxChildren' parameter can be set to limit the number of children scanned, the 'recurse' parameter can be used to prevent the spider from seeding recursively, the parameter 'contextName' can be used to constrain the scan to a Context and the parameter 'subtreeOnly' allows to restrict the spider under a site's subtree (using the specified 'url').
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| url | query | string | false | none |
| maxChildren | query | integer | false | none |
| recurse | query | boolean | false | none |
| contextName | query | string | false | none |
| subtreeOnly | query | boolean | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderActionScanAsUser
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/action/scanAsUser/?contextId=0&userId=0 \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/action/scanAsUser/?contextId=0&userId=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/action/scanAsUser/', params={
'contextId': '0', 'userId': '0'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/action/scanAsUser/',
params: {
'contextId' => 'integer',
'userId' => 'integer'
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/action/scanAsUser/
Runs the spider from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| contextId | query | integer | true | none |
| userId | query | integer | true | none |
| url | query | string | false | none |
| maxChildren | query | integer | false | none |
| recurse | query | boolean | false | none |
| subtreeOnly | query | boolean | false | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderActionPause
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/action/pause/?scanId=0 \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/action/pause/?scanId=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/action/pause/', params={
'scanId': '0'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/action/pause/',
params: {
'scanId' => 'integer'
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/action/pause/
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| scanId | query | integer | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| default | Default | unexpected error | Error |
spiderActionResume
Code samples
# You can also use wget
curl -X GET http://zap/JSON/spider/action/resume/?scanId=0 \
-H 'Accept: application/json' \
-H 'X-ZAP-API-Key: API_KEY'
URL obj = new URL("http://zap/JSON/spider/action/resume/?scanId=0");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
import requests
headers = {
'Accept': 'application/json',
'X-ZAP-API-Key': 'API_KEY'
}
r = requests.get('http://zap/JSON/spider/action/resume/', params={
'scanId': '0'
}, headers = headers)
print r.json()
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ZAP-API-Key' => 'API_KEY'
}
result = RestClient.get 'http://zap/JSON/spider/action/resume/',
params: {
'scanId' => 'integer'
}, headers: headers
p JSON.parse(result)
GET /JSON/spider/action/resume/
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| scanId | query | integer | true | none |
Example responses
default Response
{
"message": "string",
"code": 100
}
Responses
| Status | Meaning |
|---|