OWASP ZAP from Python
OWASP ZAP (Zed Attack Proxy) is an open-source, cross-platform web application security scanner written in Java, and is available in all the popular operating systems: Windows, Linux, and Mac OS X.
OWASP ZAP provides a REST API, which allows us to write a script to communicate with Zap programmatically. We can use the python-owasp-zap
module to access this API. The python-owasp-zap-v2.4
module can be installed with pip.
Start by loading the required modules:
from zapv2 import ZAPv2 from pprint import pprint import time
Define the target to scan:
target = 'http://127.0.0.1'
Now, we can instantiate the zap
instance, as follows:
zap = zapv2()
This will instantiate a new instance with the assumption zap
listens in the default port ...
Get Effective Python Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.