Skip to content

Mr-Sakit/Web-Application-Vulnerability-Detection-with-Python-and-OWASP-ZAP-API

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
zap_scan.py
zap_scan.py
 
 

Repository files navigation

OWASP ZAP Automation Script

This Python script demonstrates how to automate vulnerability scanning using the OWASP ZAP API. The script performs the following tasks:

  1. Establishes a connection to OWASP ZAP using an API key.
  2. Sets a target URL for scanning.
  3. Initiates a spider scan to crawl the target URL.
  4. Waits for the spider scan to complete and then starts an active scan.
  5. Monitors the progress of both the spider and active scans.
  6. Retrieves and displays vulnerabilities detected during the scans.

Prerequisites

Before running the script, ensure the following prerequisites are met:

  1. Python Environment:

    • Install Python 3.6 or higher.
    • Install the owasp-zap-v2.4 Python package: 
      pip install python-owasp-zap-v2.4

  2. OWASP ZAP:

    • Download and install OWASP ZAP from the official website.
    • Start OWASP ZAP and configure it to allow API access.

  3. Java Runtime Environment (JRE):

  4. API Key:

    • Retrieve your API key from OWASP ZAP by navigating to Tools > Options > API and copying the key.

Configuration

Update the following variables in the script:

  • api_key: Replace 'your_api_key' with your OWASP ZAP API key.
  • target_url: Replace 'http://example.com' with the URL of the web application you want to scan.

Running the Script

  1. Save the script to a file, e.g., zap_scan.py.

  2. Run the script using Python:

    python zap_scan.py

  3. Monitor the console output for the scan progress and the list of vulnerabilities found.

Script Output

The script outputs:

  1. Spider Progress: The percentage completion of the spider scan.
  2. Active Scan Progress: The percentage completion of the active scan.
  3. Vulnerabilities Detected: A list of vulnerabilities with their names and risk levels, e.g.: 
    Zəiflik: Missing Anti-clickjacking Header, Risk səviyyəsi: Medium

Example

Here is an example of the output:

Starting spider on http://example.com
Spider progress: 25%
Spider progress: 50%
Spider progress: 75%
Spider progress: 100%
Spider tamamlandı. Aktiv skan başlayır.
Active scan progress: 50%
Active scan progress: 100%
Aktiv skan tamamlandı. Nəticələr toplanır.
Zəiflik: Missing Anti-clickjacking Header, Risk səviyyəsi: Medium

Notes

  • Ensure that OWASP ZAP is running and accessible before executing the script.
  • Be cautious when scanning live web applications, as it may violate terms of service or impact the application's performance.

License

This script is provided "as is" without warranty of any kind. Use it responsibly and ensure compliance with ethical hacking guidelines.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages