
Zaproxy
SecurityZaproxy is an open-source API testing and penetration testing tool that helps developers and security professionals identify and fix vulnerabilities in web applications. It offers a range of features, including automated scanning, a flexible plug-in architecture, and advanced reporting capabilities. Zaproxy is highly customizable and can be integrated into existing development and testing workflows.
📚 Documentation & Examples
Everything you need to integrate with Zaproxy
🚀 Quick Start Examples
// Zaproxy API Example
const response = await fetch('https://www.zaproxy.org/docs/api/#introduction', {
method: 'GET',
headers: {
'Content-Type': 'application/json'
}
});
const data = await response.json();
console.log(data);
Introduction to ZAP API
ZAP API is a great way of automating and scripting your security testing tasks. In this article, we are going to explore some of the API examples in JavaScript.
Getting Started
To start using the ZAP API, you need to first start the ZAP daemon. You can start the ZAP daemon by running the following command:
$ zap.sh -daemon
Once the daemon is running, you can connect to it using the API.
Example API Calls
Spider a Website
The following code will start a new spider scan on the target URL:
const ZAPClient = require('zap-client-js');
const zapApiKey = 'yourApiKey';
ZAPClient({
apiKey: zapApiKey,
ajaxAspects: ['*']
}).then(async (zapClient) => {
const spider = zapClient.spider;
await spider.scan(targetUrl);
});
Passive Scanning
The following code will start a new passive scanning session:
const ZAPClient = require('zap-client-js');
const zapApiKey = 'yourApiKey';
ZAPClient({
apiKey: zapApiKey,
ajaxAspects: ['*']
}).then(async (zapClient) => {
const passiveScanner = zapClient.pscan;
await passiveScanner.scan(targetUrl);
});
Active Scanning
The following code will start a new active scanning session:
const ZAPClient = require('zap-client-js');
const zapApiKey = 'yourApiKey';
ZAPClient({
apiKey: zapApiKey,
ajaxAspects: ['*']
}).then(async (zapClient) => {
const activeScanner = zapClient.ascan;
await activeScanner.scan(targetUrl);
});
Getting a List of Alerts
The following code will retrieve a list of alerts that were generated during the scanning session:
const ZAPClient = require('zap-client-js');
const zapApiKey = 'yourApiKey';
ZAPClient({
apiKey: zapApiKey,
ajaxAspects: ['*']
}).then(async (zapClient) => {
const alerts = await zapClient.getAlerts(targetUrl);
console.log(alerts);
});
Conclusion
In this article, we explored some common ZAP API calls using JavaScript. ZAP API is a powerful tool that can help you automate your security testing tasks.
📊 30-Day Uptime History
Daily uptime tracking showing online vs offline minutes