zap-api-scan
Run a full scan against an API defined by OpenAPI/Swagger, SOAP or GraphQL using ZAP
Details
Category: Scanners
Publisher: trickest-mhmdiaa
Created Date: 5/25/2022
Container: quay.io/trickest/zap-api-scan:v2.11.1
Source URL: https://github.com/zaproxy/zaproxy
Parameters
ajax
boolean
Command:
-j
- use the Ajax spider in addition to the traditional oneuser
string
Command:
-U
- username to use for authenticated scans - must be defined in the given context filealpha
boolean
Command:
-a
- include the alpha active and passive scan rules as welldebug
boolean
Command:
-d
- show debug messages in stdoutdelay
string
Command:
-D
- delay in seconds to wait for passive scanninglevel
string
Command:
-l
- minimum level to show: PASS, IGNORE, INFO, WARN or FAIL, use with -s (short-output) to hide example URLsformat
string
requiredCommand:
-f
- API format: openapi, soap, or graphqlschema
string
Command:
--schema
- GraphQL schema URL, e.g. https://www.example.com/schema.graphqlsmax-time
string
Command:
-T
- max time in minutes to wait for ZAP to start and the passive scan to runoverride
string
Command:
-O
- the hostname to override in the (remote) OpenAPI specsafe-mode
boolean
Command:
-S
- Safe mode this will skip the active scan and perform a baseline scanconfig_file
file
Command:
-c
- config file to use to INFO, IGNORE or FAIL warningszap-options
string
Command:
-z
- ZAP command line optionscontext-file
file
Command:
-n
- context file which will be loaded prior to scanning the targetshort-output
boolean
Command:
-s
- short output format - dont show PASSes or example URLstarget-definition
file
requiredCommand:
-t
- target API definition file, OpenAPI or SOAPtarget-endpoint-url
string
requiredCommand:
-t
- target API definition URL (e.g. https://www.example.com/openapi.json, https://www.example.com/graphql)