AutomatedSecurityTesting_OwaspZapPythonAPI/zap_spider_scan_report.py at master · AmitKulkarni9/AutomatedSecurityTesting_OwaspZapPythonAPI · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
import time
from pprint import pprint
from zapv2 import ZAPv2

target = 'http://localhost:8080' #target url for scan

zap = ZAPv2(proxies={'http':'http://localhost:8090','https':'http://localhost:8090'})

apikey = 'APIKEY'
print 'Accessing target %s' % target
zap.urlopen(target)

print 'Traditional Spidering target %s' % target
zap.spider.scan(target)
time.sleep(5)
while (int(zap.spider.status()) < 100):
    time.sleep(5)
    print ('Spider progress %: ' + zap.spider.status())
    time.sleep(5)
print ('Spider completed')

print 'Scanning target %s' % target
zap.ascan.scan(target)
time.sleep(5)
while (int(zap.ascan.status()) < 100):
    time.sleep(5)
    print ('Ascan progress %: ' + zap.ascan.status())
    time.sleep(5)
print ('Ascan completed')

#Report the results
print 'Hosts: ' + ', '.join(zap.core.hosts)
print 'Alerts: '
pprint (zap.core.alerts()) #prints all alerts. can be commented
# HTML Report
with open ('report.html', 'w') as f:f.write(zap.core.htmlreport(apikey = apikey))
# XML Report
with open ('report.xml', 'w') as f:f.write(zap.core.xmlreport(apikey = apikey))

zap.core.shutdown()