Skip to content
No description, website, or topics provided.
Go Smarty Shell Dockerfile
Branch: master
Clone or download
Latest commit 60a75fa Nov 30, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github/workflows fix the build Nov 30, 2019
build initial commit Nov 29, 2019
chart/zap-operator helm stuff + readme Nov 30, 2019
cmd/manager initial commit Nov 29, 2019
pkg make it work Nov 30, 2019
version initial commit Nov 29, 2019
.gitignore initial commit Nov 29, 2019
LICENSE Initial commit Nov 29, 2019 helm stuff + readme Nov 30, 2019
go.mod controller mvp Nov 29, 2019
go.sum initial commit Nov 29, 2019
tools.go initial commit Nov 29, 2019

Docker Repository on Quay


A little operator that makes it easy to hack your existing applications in production. This tool is intended to run again your application, that you have permissions to attack. Please do not use it for malicious purposes :)

OWASP Zaproxy is a great security tool, that can be used to detect a lot of security tools. This operator makes it easier to test your application in production. To attack an application, all you need to do is:

  • Install the operator (helm repo add omerlh && helm install omerlh/zap-operator)
  • Create the CRD:
kind: Zaproxy
 name: example-zaproxy
 attackType: Passive
 tragetNamespace: default
 tragetIngress: <a name of exisitng ingress>
  • Profit :)

The operator will create a new Zaproxy pod, and an Nginx Canary Ingress with 5% weight. All traffic passed to the canary ingress will be proxied by Zap. Let it run for a while, you can always inspect Zap for alerts by running:

kubectl port-forward <zap pod name> 8090:8090
curl http://localhost:8090/OTHER/core/other/htmlreport/?formMethod=GET //get alerts in HTML format

Known Limitations

  • Only support Nginx Ingress
  • Only support ingress with one host and one path
  • Only support Ingress with backend service listening on port 80


  • Support Active attacks
  • Support other ingress types
  • Support service mesh (e.g. Istio/Linkerd)
  • Publish to operator marketplace
You can’t perform that action at this time.