O'Reilly logo

Effective Python Penetration Testing by Rejah Rehim

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

OWASP ZAP from Python

OWASP ZAP (Zed Attack Proxy) is an open-source, cross-platform web application security scanner written in Java, and is available in all the popular operating systems: Windows, Linux, and Mac OS X.

OWASP ZAP provides a REST API, which allows us to write a script to communicate with Zap programmatically. We can use the python-owasp-zap module to access this API. The python-owasp-zap-v2.4 module can be installed with pip.

Start by loading the required modules:

from zapv2 import ZAPv2 
from pprint import pprint 
import time 

Define the target to scan:

target = 'http://127.0.0.1'

Now, we can instantiate the zap instance, as follows:

zap = zapv2()

This will instantiate a new instance with the assumption zap listens in the default port ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required