Public APIs

Zaproxy

Zaproxy is an open-source API testing and penetration testing tool that helps developers and security professionals identify and fix vulnerabilities in web applications. It offers a range of features, including automated scanning, a flexible plug-in architecture, and advanced reporting capabilities. Zaproxy is highly customizable and can be integrated into existing development and testing workflows.

Visit API

📚 Documentation & Examples

Everything you need to integrate with Zaproxy

🚀 Quick Start Examples

Zaproxy Javascript Examplejavascript

// Zaproxy API Example
const response = await fetch('https://www.zaproxy.org/docs/api/#introduction', {
    method: 'GET',
    headers: {
        'Content-Type': 'application/json'
    }
});

const data = await response.json();
console.log(data);

Introduction to ZAP API

ZAP API is a great way of automating and scripting your security testing tasks. In this article, we are going to explore some of the API examples in JavaScript.

Getting Started

To start using the ZAP API, you need to first start the ZAP daemon. You can start the ZAP daemon by running the following command:

$ zap.sh -daemon

Once the daemon is running, you can connect to it using the API.

Example API Calls

Spider a Website

The following code will start a new spider scan on the target URL:

const ZAPClient = require('zap-client-js');
const zapApiKey = 'yourApiKey';

ZAPClient({
    apiKey: zapApiKey,
    ajaxAspects: ['*']
}).then(async (zapClient) => {
    const spider = zapClient.spider;
    await spider.scan(targetUrl);
});

Passive Scanning

The following code will start a new passive scanning session:

const ZAPClient = require('zap-client-js');
const zapApiKey = 'yourApiKey';

ZAPClient({
    apiKey: zapApiKey,
    ajaxAspects: ['*']
}).then(async (zapClient) => {
    const passiveScanner = zapClient.pscan;
    await passiveScanner.scan(targetUrl);
});

Active Scanning

The following code will start a new active scanning session:

const ZAPClient = require('zap-client-js');
const zapApiKey = 'yourApiKey';

ZAPClient({
    apiKey: zapApiKey,
    ajaxAspects: ['*']
}).then(async (zapClient) => {
    const activeScanner = zapClient.ascan;
    await activeScanner.scan(targetUrl);
});

Getting a List of Alerts

The following code will retrieve a list of alerts that were generated during the scanning session:

const ZAPClient = require('zap-client-js');
const zapApiKey = 'yourApiKey';

ZAPClient({
    apiKey: zapApiKey,
    ajaxAspects: ['*']
}).then(async (zapClient) => {
    const alerts = await zapClient.getAlerts(targetUrl);
    console.log(alerts);
});

Conclusion

In this article, we explored some common ZAP API calls using JavaScript. ZAP API is a powerful tool that can help you automate your security testing tasks.

📊 30-Day Uptime History

Daily uptime tracking showing online vs offline minutes

Online

Offline

Related APIs in Security