OWASP ZAP from Python

OWASP ZAP (Zed Attack Proxy) is an open-source, cross-platform web application security scanner written in Java, and is available in all the popular operating systems: Windows, Linux, and Mac OS X.

OWASP ZAP provides a REST API, which allows us to write a script to communicate with Zap programmatically. We can use the python-owasp-zap module to access this API. The python-owasp-zap-v2.4 module can be installed with pip.

Start by loading the required modules:

from zapv2 import ZAPv2 
from pprint import pprint 
import time 

Define the target to scan:

target = 'http://127.0.0.1'

Now, we can instantiate the zap instance, as follows:

zap = zapv2()

This will instantiate a new instance with the assumption zap listens in the default port ...

Get Effective Python Penetration Testing now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.