Name:zap-api-scan
Category:Scanners
Publisher:trickest-mhmdiaa
Created:5/25/2022
Container:quay.io/trickest/zap-api-scan:v2.11.1
Output Type:
License:Unknown

Parameters

ajax
boolean
-juse the Ajax spider in addition to the traditional one
user
string
-Uusername to use for authenticated scans - must be defined in the given context file
alpha
boolean
-ainclude the alpha active and passive scan rules as well
debug
boolean
-dshow debug messages in stdout
delay
string
-Ddelay in seconds to wait for passive scanning
level
string
-lminimum level to show: PASS, IGNORE, INFO, WARN or FAIL, use with -s (short-output) to hide example URLs
format
string
required
-fAPI format: openapi, soap, or graphql
schema
string
--schemaGraphQL schema URL, e.g. https://www.example.com/schema.graphqls
max-time
string
-Tmax time in minutes to wait for ZAP to start and the passive scan to run
override
string
-Othe hostname to override in the (remote) OpenAPI spec
safe-mode
boolean
-SSafe mode this will skip the active scan and perform a baseline scan
config_file
file
-cconfig file to use to INFO, IGNORE or FAIL warnings
zap-options
string
-zZAP command line options
context-file
file
-ncontext file which will be loaded prior to scanning the target
short-output
boolean
-sshort output format - dont show PASSes or example URLs
target-definition
file
required
-ttarget API definition file, OpenAPI or SOAP
target-endpoint-url
string
required
-ttarget API definition URL (e.g. https://www.example.com/openapi.json, https://www.example.com/graphql)