Skip to content
PHP client API for OWASP ZAP 2
PHP
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src/Zap Updated APIs for 2.4.3 May 27, 2016
test Update almost all files for v2.4 May 31, 2015
.gitignore Add PHPUnit and some tests Oct 12, 2014
LICENSE
README.md
composer.json
phpunit.xml

README.md

php-owasp-zap-v2

PHP client API for OWASP ZAP 2.4

All API class files (except Zapv2.php) are generated automatically using the ZAProxy API generator.

##Getting Started

  1. Add following lines to composer.json in your PHP project.
{
  ...
  "require": {
    ...
    "zaproxy/php-owasp-zap-v2": "2.4.*@beta",
    ...
  }
  ...
}
  1. $ php composer.phar install/update

##Usage Example:

<?php

require "vendor/autoload.php";

$api_key = "YOUR_API_KEY";
$target = "http://target.example.com/";

$zap = new Zap\Zapv2('tcp://localhost:8090');

$version = @$zap->core->version();
if (is_null($version)) {
  echo "PHP API error\n";
  exit();
} else {
  echo "version: ${version}\n";
}

echo "Spidering target ${target}\n";

// Response JSON looks like {"scan":"1"}
$scan_id = $zap->spider->scan($target, null, null, null, $api_key);
$count = 0;
while (true) {
  if ($count > 10) exit();
  // Response JSON looks like {"status":"50"}
  $progress = intval($zap->spider->status($scan_id));
  printf("Spider progress %d\n", $progress);
  if ($progress >= 100) break;
  sleep(2);
  $count++;
}
echo "Spider completed\n";
// Give the passive scanner a chance to finish
sleep(5);

echo "Scanning target ${target}\n";
// Response JSON for error looks like {"code":"url_not_found", "message":"URL is not found"}
$scan_id = $zap->ascan->scan($target, null, null, null, null, null, $api_key);
$count = 0;
while (true) {
  if ($count > 10) exit();
  $progress = intval($zap->ascan->status($scan_id));
  printf("Scan progress %d\n", $progress);
  if ($progress >= 100) break;
  sleep(2);
  $count++;
}
echo "Scan completed\n";

// Report the results
echo "Hosts: " . implode(",", $zap->core->hosts()) . "\n";
$alerts = $zap->core->alerts($target, "", "");
echo "Alerts (" . count($alerts) . "):\n";
print_r($alerts);

API

OWASP ZAP Wiki: ApiGen_Index · zaproxy/zaproxy Wiki

##License

  • Apache License, Version 2.0
You can’t perform that action at this time.