zap-api-scan - Trickest Platform Documentation

Details

Category: Scanners

Publisher: trickest-mhmdiaa

Created Date: 5/25/2022

Container: quay.io/trickest/zap-api-scan:v2.11.1

Source URL: https://github.com/zaproxy/zaproxy

Parameters

ajax

boolean

Command: -j - use the Ajax spider in addition to the traditional one

user

string

Command: -U - username to use for authenticated scans - must be defined in the given context file

alpha

boolean

Command: -a - include the alpha active and passive scan rules as well

debug

boolean

Command: -d - show debug messages in stdout

delay

string

Command: -D - delay in seconds to wait for passive scanning

level

string

Command: -l - minimum level to show: PASS, IGNORE, INFO, WARN or FAIL, use with -s (short-output) to hide example URLs

format

string

required

Command: -f - API format: openapi, soap, or graphql

schema

string

Command: --schema - GraphQL schema URL, e.g. https://www.example.com/schema.graphqls

max-time

string

Command: -T - max time in minutes to wait for ZAP to start and the passive scan to run

override

string

Command: -O - the hostname to override in the (remote) OpenAPI spec

safe-mode

boolean

Command: -S - Safe mode this will skip the active scan and perform a baseline scan

config_file

file

Command: -c - config file to use to INFO, IGNORE or FAIL warnings

zap-options

string

Command: -z - ZAP command line options

context-file

file

Command: -n - context file which will be loaded prior to scanning the target

short-output

boolean

Command: -s - short output format - dont show PASSes or example URLs

target-definition

file

required

Command: -t - target API definition file, OpenAPI or SOAP

target-endpoint-url

string

required

Command: -t - target API definition URL (e.g. https://www.example.com/openapi.json, https://www.example.com/graphql)

Library

Details

Parameters