Details

Category: Scanners

Publisher: trickest-mhmdiaa

Created Date: 5/25/2022

Container: quay.io/trickest/zap-api-scan:v2.11.1

Source URL: https://github.com/zaproxy/zaproxy

Parameters

ajax
boolean
Command: -j - use the Ajax spider in addition to the traditional one
user
string
Command: -U - username to use for authenticated scans - must be defined in the given context file
alpha
boolean
Command: -a - include the alpha active and passive scan rules as well
debug
boolean
Command: -d - show debug messages in stdout
delay
string
Command: -D - delay in seconds to wait for passive scanning
level
string
Command: -l - minimum level to show: PASS, IGNORE, INFO, WARN or FAIL, use with -s (short-output) to hide example URLs
format
string
required
Command: -f - API format: openapi, soap, or graphql
schema
string
Command: --schema - GraphQL schema URL, e.g. https://www.example.com/schema.graphqls
max-time
string
Command: -T - max time in minutes to wait for ZAP to start and the passive scan to run
override
string
Command: -O - the hostname to override in the (remote) OpenAPI spec
safe-mode
boolean
Command: -S - Safe mode this will skip the active scan and perform a baseline scan
config_file
file
Command: -c - config file to use to INFO, IGNORE or FAIL warnings
zap-options
string
Command: -z - ZAP command line options
context-file
file
Command: -n - context file which will be loaded prior to scanning the target
short-output
boolean
Command: -s - short output format - dont show PASSes or example URLs
target-definition
file
required
Command: -t - target API definition file, OpenAPI or SOAP
target-endpoint-url
string
required
Command: -t - target API definition URL (e.g. https://www.example.com/openapi.json, https://www.example.com/graphql)