OWASP ZAP from Python
OWASP ZAP (Zed Attack Proxy) is an open-source, cross-platform web application security scanner written in Java, and is available in all the popular operating systems: Windows, Linux, and Mac OS X.
OWASP ZAP provides a REST API, which allows us to write a script to communicate with Zap programmatically. We can use the
python-owasp-zap module to access this API. The
python-owasp-zap-v2.4 module can be installed with pip.
Start by loading the required modules:
from zapv2 import ZAPv2 from pprint import pprint import time
Define the target to scan:
target = 'http://127.0.0.1'
Now, we can instantiate the
zap instance, as follows:
zap = zapv2()
This will instantiate a new instance with the assumption
zap listens in the default port ...