Skip to content

Latest commit

 

History

History
4796 lines (3311 loc) · 77.8 KB

README.md

File metadata and controls

4796 lines (3311 loc) · 77.8 KB

OWASP ZAP API Raku module

SYNOPSIS

Zap

use lib 'lib';
use Zap;
# Config Zap Client
ZapConfig(:apikey<apikey12345>,:port<8081>,:addr<127.0.0.1>);
# send a url to the spider
my $scanId = Zap::Spider.scan(:url<https://perl.org>);
# get the spider status
my $status = Zap::Spider.status(:$scanId);
# wait for the spider to finish then get the result
$*OUT = $*OUT.open(:!buffer);
while Zap::Spider.status(:$scanId) < 100 {
    print "Spider progress {Zap::Spider.status(:$scanId)}  \r";
}
$*OUT = $*OUT.open(:buffer);
put "URL : $_" for Zap::Spider.results(:$scanId);
my @scans = Zap::Spider.scans; # this needs some work
put "ID , Progress , State";
for @scans -> %scan {
    put %scan<id progress state>.fmt("%s",', ')
}

Installation

zef install Zap

TODO

  • Make the code and API Response more easy to handle
  • Write a Script to provide a CLI raku-zap maybe ?
  • Write an Interface for the zap CLI
  • Automate Spider and Scanners
  • Since we are using Cro::HTTP::Client , we can handel the other response formats with body-parsers (a Cro::HTTP::BodyParser class)

Bad Generated Docs (needs more work)

class Zap::Ruleconfig

class Zap::Ruleconfig Methods

method resetAllRuleConfigValues

method resetAllRuleConfigValues() returns Mu

Reset all of the rule configurations

method resetRuleConfigValue

method resetRuleConfigValue(
    :$key!
) returns Mu

Reset the specified rule configuration, which must already exist

method setRuleConfigValue

method setRuleConfigValue(
    :$key!,
    :$value
) returns Mu

Set the specified rule configuration, which must already exist

class Zap::Break

class Zap::Break Methods

method isBreakRequest

method isBreakRequest() returns Mu

Returns True if ZAP will break on requests

method isBreakResponse

method isBreakResponse() returns Mu

Returns True if ZAP will break on responses

method waitForHttpBreak

method waitForHttpBreak(
    :$poll,
    :$keepalive
) returns Mu

Waits until an HTTP breakpoint has been hit, at which point it returns the message. Poll is the number of milliseconds ZAP will pause between checking for breakpoints being hit (default 500). If keepalive is zero or less then the response will be returned as a Server Sent Event, otherwise it is used as the frequency in seconds at which 'keepalive' events should be returned and the response is sent as a standard response.

method addHttpBreakpoint

method addHttpBreakpoint(
    :$string!,
    :$location!,
    :$match!,
    :$inverse!,
    :$ignorecase!
) returns Mu

Adds a custom HTTP breakpoint. The string is the string to match. Location may be one of: url, request_header, request_body, response_header or response_body. Match may be: contains or regex. Inverse (match) may be true or false. Lastly, ignorecase (when matching the string) may be true or false.

method break

method break(
    :$type!,
    :$state!,
    :$scope
) returns Mu

Controls the global break functionality. The type may be one of: http-all, http-request or http-response. The state may be true (for turning break on for the specified type) or false (for turning break off). Scope is not currently used.

method continue

method continue() returns Mu

Submits the currently intercepted message and unsets the global request/response breakpoints

method drop

method drop() returns Mu

Drops the currently intercepted message

method removeHttpBreakpoint

method removeHttpBreakpoint(
    :$string!,
    :$location!,
    :$match!,
    :$inverse!,
    :$ignorecase!
) returns Mu

Removes the specified breakpoint

method setHttpMessage

method setHttpMessage(
    :$httpHeader!,
    :$httpBody
) returns Mu

Overwrites the currently intercepted message with the data provided

method step

method step() returns Mu

Submits the currently intercepted message, the next request or response will automatically be intercepted

class Zap::Hud

class Zap::Hud Methods

method hudAlertData

method hudAlertData(
    :$url!
) returns Mu

Returns the alert summary needed by the HUD for the specified URL

method optionAllowUnsafeEval

method optionAllowUnsafeEval() returns Mu

Returns true if the 'Allow unsafe-eval' option is set

method optionBaseDirectory

method optionBaseDirectory() returns Mu

Returns the base directory from which the HUD files are loaded

method optionDevelopmentMode

method optionDevelopmentMode() returns Mu

Returns true if the 'Development mode' option is set

method optionEnableOnDomainMsgs

method optionEnableOnDomainMsgs() returns Mu

No Doc

method optionEnabledForDaemon

method optionEnabledForDaemon() returns Mu

No Doc

method optionEnabledForDesktop

method optionEnabledForDesktop() returns Mu

No Doc

method optionInScopeOnly

method optionInScopeOnly() returns Mu

Returns true if the 'In scope only' option is set

method optionRemoveCSP

method optionRemoveCSP() returns Mu

Returns true if the 'Remove CSP' option is set

method optionShowWelcomeScreen

method optionShowWelcomeScreen() returns Mu

No Doc

method optionSkipTutorialTasks

method optionSkipTutorialTasks() returns Mu

No Doc

method optionTutorialHost

method optionTutorialHost() returns Mu

No Doc

method optionTutorialPort

method optionTutorialPort() returns Mu

No Doc

method optionTutorialTasksDone

method optionTutorialTasksDone() returns Mu

No Doc

method optionTutorialTestMode

method optionTutorialTestMode() returns Mu

No Doc

method optionTutorialUpdates

method optionTutorialUpdates() returns Mu

No Doc

method tutorialUpdates

method tutorialUpdates() returns Mu

No Doc

method upgradedDomains

method upgradedDomains() returns Mu

No Doc

method changesInHtml

method changesInHtml() returns Mu

Returns the changelog in HTML format

method log

method log(
    :$record!
) returns Mu

Used by the HUD to log messages from the browser

method recordRequest

method recordRequest(
    :$header!,
    :$body!
) returns Mu

Used by the HUD to cache a request the user wants to send in the browser

method resetTutorialTasks

method resetTutorialTasks() returns Mu

Reset the tutorial tasks so that they must be completed again

method setOptionBaseDirectory

method setOptionBaseDirectory(
    :$String!
) returns Mu

Set the base directory from which the HUD files are loaded

method setOptionDevelopmentMode

method setOptionDevelopmentMode(
    :$Boolean!
) returns Mu

Sets the boolean option 'Development mode'

method setOptionEnableOnDomainMsgs

method setOptionEnableOnDomainMsgs(
    :$Boolean!
) returns Mu

No Doc

method setOptionEnabledForDaemon

method setOptionEnabledForDaemon(
    :$Boolean!
) returns Mu

No Doc

method setOptionEnabledForDesktop

method setOptionEnabledForDesktop(
    :$Boolean!
) returns Mu

No Doc

method setOptionInScopeOnly

method setOptionInScopeOnly(
    :$Boolean!
) returns Mu

Sets the boolean option 'In scope only'

method setOptionRemoveCSP

method setOptionRemoveCSP(
    :$Boolean!
) returns Mu

Sets the boolean option 'Remove CSP'

method setOptionShowWelcomeScreen

method setOptionShowWelcomeScreen(
    :$Boolean!
) returns Mu

No Doc

method setOptionSkipTutorialTasks

method setOptionSkipTutorialTasks(
    :$Boolean!
) returns Mu

No Doc

method setOptionTutorialTaskDone

method setOptionTutorialTaskDone(
    :$String!
) returns Mu

No Doc

method setOptionTutorialTestMode

method setOptionTutorialTestMode(
    :$Boolean!
) returns Mu

No Doc

method setUiOption

method setUiOption(
    :$key!,
    :$value
) returns Mu

Sets a UI option with the given key and value. The key must be 50 or fewer alphanumeric characters

class Zap::Forceduser

class Zap::Forceduser Methods

method setForcedUser

method setForcedUser(
    :$contextId!,
    :$userId!
) returns Mu

Sets the user (ID) that should be used in 'forced user' mode for the given context (ID)

method setForcedUserModeEnabled

method setForcedUserModeEnabled(
    :$boolean!
) returns Mu

Sets if 'forced user' mode should be enabled or not

class Zap::Stats

class Zap::Stats Methods

method clearStats

method clearStats(
    :$keyPrefix
) returns Mu

Clears all of the statistics

method setOptionInMemoryEnabled

method setOptionInMemoryEnabled(
    :$Boolean!
) returns Mu

Sets whether in memory statistics are enabled

method setOptionStatsdHost

method setOptionStatsdHost(
    :$String!
) returns Mu

Sets the Statsd service hostname, supply an empty string to stop using a Statsd service

method setOptionStatsdPort

method setOptionStatsdPort(
    :$Integer!
) returns Mu

Sets the Statsd service port

method setOptionStatsdPrefix

method setOptionStatsdPrefix(
    :$String!
) returns Mu

Sets the prefix to be applied to all stats sent to the configured Statsd service

method optionStatsdEnabled

method optionStatsdEnabled() returns Mu

Returns 'true' if a Statsd server has been correctly configured, otherwise returns 'false'

method optionStatsdHost

method optionStatsdHost() returns Mu

Gets the Statsd service hostname

method optionStatsdPort

method optionStatsdPort() returns Mu

Gets the Statsd service port

method optionStatsdPrefix

method optionStatsdPrefix() returns Mu

Gets the prefix to be applied to all stats sent to the configured Statsd service

method siteStats

method siteStats(
    :$site!,
    :$keyPrefix
) returns Mu

Gets all of the global statistics, optionally filtered by a key prefix

method stats

method stats(
    :$keyPrefix
) returns Mu

Statistics

class Zap::Alertfilter

class Zap::Alertfilter Methods

method addAlertFilter

method addAlertFilter(
    :$contextId!,
    :$ruleId!,
    :$newLevel!,
    :$url,
    :$urlIsRegex,
    :$parameter,
    :$enabled,
    :$parameterIsRegex,
    :$attack,
    :$attackIsRegex,
    :$evidence,
    :$evidenceIsRegex
) returns Mu

Adds a new alert filter for the context with the given ID.

method addGlobalAlertFilter

method addGlobalAlertFilter(
    :$ruleId!,
    :$newLevel!,
    :$url,
    :$urlIsRegex,
    :$parameter,
    :$enabled,
    :$parameterIsRegex,
    :$attack,
    :$attackIsRegex,
    :$evidence,
    :$evidenceIsRegex
) returns Mu

Adds a new global alert filter.

method removeAlertFilter

method removeAlertFilter(
    :$contextId!,
    :$ruleId!,
    :$newLevel!,
    :$url,
    :$urlIsRegex,
    :$parameter,
    :$enabled,
    :$parameterIsRegex,
    :$attack,
    :$attackIsRegex,
    :$evidence,
    :$evidenceIsRegex
) returns Mu

Removes an alert filter from the context with the given ID.

method removeGlobalAlertFilter

method removeGlobalAlertFilter(
    :$ruleId!,
    :$newLevel!,
    :$url,
    :$urlIsRegex,
    :$parameter,
    :$enabled,
    :$parameterIsRegex,
    :$attack,
    :$attackIsRegex,
    :$evidence,
    :$evidenceIsRegex
) returns Mu

Removes a global alert filter.

class Zap::Ascan

class Zap::Ascan Methods

method addExcludedParam

method addExcludedParam(
    :$name!,
    :$type,
    :$url
) returns Mu

Adds a new parameter excluded from the scan, using the specified name. Optionally sets if the new entry applies to a specific URL (default, all URLs) and sets the ID of the type of the parameter (default, ID of any type). The type IDs can be obtained with the view excludedParamTypes.

method addScanPolicy

method addScanPolicy(
    :$scanPolicyName!,
    :$alertThreshold,
    :$attackStrength
) returns Mu

No Doc

method clearExcludedFromScan

method clearExcludedFromScan() returns Mu

Clears the regexes of URLs excluded from the active scans.

method disableAllScanners

method disableAllScanners(
    :$scanPolicyName
) returns Mu

Disables all scanners of the scan policy with the given name, or the default if none given.

method disableScanners

method disableScanners(
    :$ids!,
    :$scanPolicyName
) returns Mu

Disables the scanners with the given IDs (comma separated list of IDs) of the scan policy with the given name, or the default if none given.

method enableAllScanners

method enableAllScanners(
    :$scanPolicyName
) returns Mu

Enables all scanners of the scan policy with the given name, or the default if none given.

method enableScanners

method enableScanners(
    :$ids!,
    :$scanPolicyName
) returns Mu

Enables the scanners with the given IDs (comma separated list of IDs) of the scan policy with the given name, or the default if none given.

method excludeFromScan

method excludeFromScan(
    :$regex!
) returns Mu

Adds a regex of URLs that should be excluded from the active scans.

method importScanPolicy

method importScanPolicy(
    :$path!
) returns Mu

Imports a Scan Policy using the given file system path.

method modifyExcludedParam

method modifyExcludedParam(
    :$idx!,
    :$name,
    :$type,
    :$url
) returns Mu

Modifies a parameter excluded from the scan. Allows to modify the name, the URL and the type of parameter. The parameter is selected with its index, which can be obtained with the view excludedParams.

method pause

method pause(
    :$scanId!
) returns Mu

No Doc

method pauseAllScans

method pauseAllScans() returns Mu

No Doc

method removeAllScans

method removeAllScans() returns Mu

No Doc

method removeExcludedParam

method removeExcludedParam(
    :$idx!
) returns Mu

Removes a parameter excluded from the scan, with the given index. The index can be obtained with the view excludedParams.

method removeScan

method removeScan(
    :$scanId!
) returns Mu

No Doc

method removeScanPolicy

method removeScanPolicy(
    :$scanPolicyName!
) returns Mu

No Doc

method resume

method resume(
    :$scanId!
) returns Mu

No Doc

method resumeAllScans

method resumeAllScans() returns Mu

No Doc

method scan

method scan(
    :$url,
    :$recurse,
    :$inScopeOnly,
    :$scanPolicyName,
    :$method,
    :$postData,
    :$contextId
) returns Mu

Runs the active scanner against the given URL and/or Context. Optionally, the 'recurse' parameter can be used to scan URLs under the given URL, the parameter 'inScopeOnly' can be used to constrain the scan to URLs that are in scope (ignored if a Context is specified), the parameter 'scanPolicyName' allows to specify the scan policy (if none is given it uses the default scan policy), the parameters 'method' and 'postData' allow to select a given request in conjunction with the given URL.

method scanAsUser

method scanAsUser(
    :$url,
    :$contextId,
    :$userId,
    :$recurse,
    :$scanPolicyName,
    :$method,
    :$postData
) returns Mu

Active Scans from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details.

method setEnabledPolicies

method setEnabledPolicies(
    :$ids!,
    :$scanPolicyName
) returns Mu

No Doc

method setOptionAddQueryParam

method setOptionAddQueryParam(
    :$Boolean!
) returns Mu

Sets whether or not the active scanner should add a query param to GET requests which do not have parameters to start with.

method setOptionAllowAttackOnStart

method setOptionAllowAttackOnStart(
    :$Boolean!
) returns Mu

No Doc

method setOptionAttackPolicy

method setOptionAttackPolicy(
    :$String!
) returns Mu

No Doc

method setOptionDefaultPolicy

method setOptionDefaultPolicy(
    :$String!
) returns Mu

No Doc

method setOptionDelayInMs

method setOptionDelayInMs(
    :$Integer!
) returns Mu

No Doc

method setOptionHandleAntiCSRFTokens

method setOptionHandleAntiCSRFTokens(
    :$Boolean!
) returns Mu

No Doc

method setOptionHostPerScan

method setOptionHostPerScan(
    :$Integer!
) returns Mu

No Doc

method setOptionInjectPluginIdInHeader

method setOptionInjectPluginIdInHeader(
    :$Boolean!
) returns Mu

Sets whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scanner that's sending the requests.

method setOptionMaxChartTimeInMins

method setOptionMaxChartTimeInMins(
    :$Integer!
) returns Mu

No Doc

method setOptionMaxResultsToList

method setOptionMaxResultsToList(
    :$Integer!
) returns Mu

No Doc

method setOptionMaxRuleDurationInMins

method setOptionMaxRuleDurationInMins(
    :$Integer!
) returns Mu

No Doc

method setOptionMaxScanDurationInMins

method setOptionMaxScanDurationInMins(
    :$Integer!
) returns Mu

No Doc

method setOptionMaxScansInUI

method setOptionMaxScansInUI(
    :$Integer!
) returns Mu

No Doc

method setOptionPromptInAttackMode

method setOptionPromptInAttackMode(
    :$Boolean!
) returns Mu

No Doc

method setOptionPromptToClearFinishedScans

method setOptionPromptToClearFinishedScans(
    :$Boolean!
) returns Mu

No Doc

method setOptionRescanInAttackMode

method setOptionRescanInAttackMode(
    :$Boolean!
) returns Mu

No Doc

method setOptionScanHeadersAllRequests

method setOptionScanHeadersAllRequests(
    :$Boolean!
) returns Mu

Sets whether or not the HTTP Headers of all requests should be scanned. Not just requests that send parameters, through the query or request body.

method setOptionShowAdvancedDialog

method setOptionShowAdvancedDialog(
    :$Boolean!
) returns Mu

No Doc

method setOptionTargetParamsEnabledRPC

method setOptionTargetParamsEnabledRPC(
    :$Integer!
) returns Mu

No Doc

method setOptionTargetParamsInjectable

method setOptionTargetParamsInjectable(
    :$Integer!
) returns Mu

No Doc

method setOptionThreadPerHost

method setOptionThreadPerHost(
    :$Integer!
) returns Mu

No Doc

method setPolicyAlertThreshold

method setPolicyAlertThreshold(
    :$id!,
    :$alertThreshold!,
    :$scanPolicyName
) returns Mu

No Doc

method setPolicyAttackStrength

method setPolicyAttackStrength(
    :$id!,
    :$attackStrength!,
    :$scanPolicyName
) returns Mu

No Doc

method setScannerAlertThreshold

method setScannerAlertThreshold(
    :$id!,
    :$alertThreshold!,
    :$scanPolicyName
) returns Mu

No Doc

method setScannerAttackStrength

method setScannerAttackStrength(
    :$id!,
    :$attackStrength!,
    :$scanPolicyName
) returns Mu

No Doc

method skipScanner

method skipScanner(
    :$scanId!,
    :$scannerId!
) returns Mu

Skips the scanner using the given IDs of the scan and the scanner.

method stop

method stop(
    :$scanId!
) returns Mu

No Doc

method stopAllScans

method stopAllScans() returns Mu

No Doc

method updateScanPolicy

method updateScanPolicy(
    :$scanPolicyName!,
    :$alertThreshold,
    :$attackStrength
) returns Mu

No Doc

method excludedFromScan

method excludedFromScan() returns Mu

Gets the regexes of URLs excluded from the active scans.

method excludedParamTypes

method excludedParamTypes() returns Mu

Gets all the types of excluded parameters. For each type the following are shown: the ID and the name.

method excludedParams

method excludedParams() returns Mu

Gets all the parameters that are excluded. For each parameter the following are shown: the name, the URL, and the parameter type.

method messagesIds

method messagesIds(
    :$scanId!
) returns Mu

Gets the IDs of the messages sent during the scan with the given ID. A message can be obtained with 'message' core view.

method optionAddQueryParam

method optionAddQueryParam() returns Mu

Tells whether or not the active scanner should add a query parameter to GET request that don't have parameters to start with.

method optionAllowAttackOnStart

method optionAllowAttackOnStart() returns Mu

No Doc

method optionAttackPolicy

method optionAttackPolicy() returns Mu

No Doc

method optionDefaultPolicy

method optionDefaultPolicy() returns Mu

No Doc

method optionDelayInMs

method optionDelayInMs() returns Mu

No Doc

method optionExcludedParamList

method optionExcludedParamList() returns Mu

Use view excludedParams instead.

method optionHandleAntiCSRFTokens

method optionHandleAntiCSRFTokens() returns Mu

No Doc

method optionHostPerScan

method optionHostPerScan() returns Mu

No Doc

method optionInjectPluginIdInHeader

method optionInjectPluginIdInHeader() returns Mu

Tells whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scanner that's sending the requests.

method optionMaxChartTimeInMins

method optionMaxChartTimeInMins() returns Mu

No Doc

method optionMaxResultsToList

method optionMaxResultsToList() returns Mu

No Doc

method optionMaxRuleDurationInMins

method optionMaxRuleDurationInMins() returns Mu

No Doc

method optionMaxScanDurationInMins

method optionMaxScanDurationInMins() returns Mu

No Doc

method optionMaxScansInUI

method optionMaxScansInUI() returns Mu

No Doc

method optionPromptInAttackMode

method optionPromptInAttackMode() returns Mu

No Doc

method optionPromptToClearFinishedScans

method optionPromptToClearFinishedScans() returns Mu

No Doc

method optionRescanInAttackMode

method optionRescanInAttackMode() returns Mu

No Doc

method optionScanHeadersAllRequests

method optionScanHeadersAllRequests() returns Mu

Tells whether or not the HTTP Headers of all requests should be scanned. Not just requests that send parameters, through the query or request body.

method optionShowAdvancedDialog

method optionShowAdvancedDialog() returns Mu

No Doc

method optionTargetParamsEnabledRPC

method optionTargetParamsEnabledRPC() returns Mu

No Doc

method optionTargetParamsInjectable

method optionTargetParamsInjectable() returns Mu

No Doc

method optionThreadPerHost

method optionThreadPerHost() returns Mu

No Doc

method policies

method policies(
    :$scanPolicyName,
    :$policyId
) returns Mu

No Doc

method scanPolicyNames

method scanPolicyNames() returns Mu

No Doc

method scanProgress

method scanProgress(
    :$scanId
) returns Mu

No Doc

method scanners

method scanners(
    :$scanPolicyName,
    :$policyId
) returns Mu

Gets the scanners, optionally, of the given scan policy and/or scanner policy/category ID.

method scans

method scans() returns Mu

No Doc

method status

method status(
    :$scanId
) returns Mu

No Doc

class Zap::Spider

class Zap::Spider Methods

method domainsAlwaysInScope

method domainsAlwaysInScope() returns Mu

Gets all the domains that are always in scope. For each domain the following are shown: the index, the value (domain), if enabled, and if specified as a regex.

method excludedFromScan

method excludedFromScan() returns Mu

Gets the regexes of URLs excluded from the spider scans.

method fullResults

method fullResults(
    :$scanId!
) returns Mu

No Doc

method optionAcceptCookies

method optionAcceptCookies() returns Mu

Gets whether or not a spider process should accept cookies while spidering.

method optionDomainsAlwaysInScope

method optionDomainsAlwaysInScope() returns Mu

Use view domainsAlwaysInScope instead.

method optionDomainsAlwaysInScopeEnabled

method optionDomainsAlwaysInScopeEnabled() returns Mu

Use view domainsAlwaysInScope instead.

method optionHandleODataParametersVisited

method optionHandleODataParametersVisited() returns Mu

No Doc

method optionHandleParameters

method optionHandleParameters() returns Mu

No Doc

method optionMaxChildren

method optionMaxChildren() returns Mu

Gets the maximum number of child nodes (per node) that can be crawled, 0 means no limit.

method optionMaxDepth

method optionMaxDepth() returns Mu

Gets the maximum depth the spider can crawl, 0 if unlimited.

method optionMaxDuration

method optionMaxDuration() returns Mu

No Doc

method optionMaxParseSizeBytes

method optionMaxParseSizeBytes() returns Mu

Gets the maximum size, in bytes, that a response might have to be parsed.

method optionMaxScansInUI

method optionMaxScansInUI() returns Mu

No Doc

method optionParseComments

method optionParseComments() returns Mu

No Doc

method optionParseGit

method optionParseGit() returns Mu

No Doc

method optionParseRobotsTxt

method optionParseRobotsTxt() returns Mu

No Doc

method optionParseSVNEntries

method optionParseSVNEntries() returns Mu

No Doc

method optionParseSitemapXml

method optionParseSitemapXml() returns Mu

No Doc

method optionPostForm

method optionPostForm() returns Mu

No Doc

method optionProcessForm

method optionProcessForm() returns Mu

No Doc

method optionRequestWaitTime

method optionRequestWaitTime() returns Mu

No Doc

method optionScope

method optionScope() returns Mu

No Doc

method optionScopeText

method optionScopeText() returns Mu

No Doc

method optionSendRefererHeader

method optionSendRefererHeader() returns Mu

Gets whether or not the 'Referer' header should be sent while spidering.

method optionShowAdvancedDialog

method optionShowAdvancedDialog() returns Mu

No Doc

method optionSkipURLString

method optionSkipURLString() returns Mu

No Doc

method optionThreadCount

method optionThreadCount() returns Mu

No Doc

method optionUserAgent

method optionUserAgent() returns Mu

No Doc

method results

method results(
    :$scanId
) returns Mu

No Doc

method scans

method scans() returns Mu

No Doc

method status

method status(
    :$scanId
) returns Mu

No Doc

method addDomainAlwaysInScope

method addDomainAlwaysInScope(
    :$value!,
    :$isRegex,
    :$isEnabled
) returns Mu

Adds a new domain that's always in scope, using the specified value. Optionally sets if the new entry is enabled (default, true) and whether or not the new value is specified as a regex (default, false).

method clearExcludedFromScan

method clearExcludedFromScan() returns Mu

Clears the regexes of URLs excluded from the spider scans.

method disableAllDomainsAlwaysInScope

method disableAllDomainsAlwaysInScope() returns Mu

Disables all domains that are always in scope.

method enableAllDomainsAlwaysInScope

method enableAllDomainsAlwaysInScope() returns Mu

Enables all domains that are always in scope.

method excludeFromScan

method excludeFromScan(
    :$regex!
) returns Mu

Adds a regex of URLs that should be excluded from the spider scans.

method modifyDomainAlwaysInScope

method modifyDomainAlwaysInScope(
    :$idx!,
    :$value,
    :$isRegex,
    :$isEnabled
) returns Mu

Modifies a domain that's always in scope. Allows to modify the value, if enabled or if a regex. The domain is selected with its index, which can be obtained with the view domainsAlwaysInScope.

method pause

method pause(
    :$scanId!
) returns Mu

No Doc

method pauseAllScans

method pauseAllScans() returns Mu

No Doc

method removeAllScans

method removeAllScans() returns Mu

No Doc

method removeDomainAlwaysInScope

method removeDomainAlwaysInScope(
    :$idx!
) returns Mu

Removes a domain that's always in scope, with the given index. The index can be obtained with the view domainsAlwaysInScope.

method removeScan

method removeScan(
    :$scanId!
) returns Mu

No Doc

method resume

method resume(
    :$scanId!
) returns Mu

No Doc

method resumeAllScans

method resumeAllScans() returns Mu

No Doc

method scan

method scan(
    :$url,
    :$maxChildren,
    :$recurse,
    :$contextName,
    :$subtreeOnly
) returns Mu

Runs the spider against the given URL (or context). Optionally, the 'maxChildren' parameter can be set to limit the number of children scanned, the 'recurse' parameter can be used to prevent the spider from seeding recursively, the parameter 'contextName' can be used to constrain the scan to a Context and the parameter 'subtreeOnly' allows to restrict the spider under a site's subtree (using the specified 'url').

method scanAsUser

method scanAsUser(
    :$contextId!,
    :$userId!,
    :$url,
    :$maxChildren,
    :$recurse,
    :$subtreeOnly
) returns Mu

Runs the spider from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details.

method setOptionAcceptCookies

method setOptionAcceptCookies(
    :$Boolean!
) returns Mu

Sets whether or not a spider process should accept cookies while spidering.

method setOptionHandleODataParametersVisited

method setOptionHandleODataParametersVisited(
    :$Boolean!
) returns Mu

No Doc

method setOptionHandleParameters

method setOptionHandleParameters(
    :$String!
) returns Mu

No Doc

method setOptionMaxChildren

method setOptionMaxChildren(
    :$Integer!
) returns Mu

Sets the maximum number of child nodes (per node) that can be crawled, 0 means no limit.

method setOptionMaxDepth

method setOptionMaxDepth(
    :$Integer!
) returns Mu

Sets the maximum depth the spider can crawl, 0 for unlimited depth.

method setOptionMaxDuration

method setOptionMaxDuration(
    :$Integer!
) returns Mu

No Doc

method setOptionMaxParseSizeBytes

method setOptionMaxParseSizeBytes(
    :$Integer!
) returns Mu

Sets the maximum size, in bytes, that a response might have to be parsed. This allows the spider to skip big responses/files.

method setOptionMaxScansInUI

method setOptionMaxScansInUI(
    :$Integer!
) returns Mu

No Doc

method setOptionParseComments

method setOptionParseComments(
    :$Boolean!
) returns Mu

No Doc

method setOptionParseGit

method setOptionParseGit(
    :$Boolean!
) returns Mu

No Doc

method setOptionParseRobotsTxt

method setOptionParseRobotsTxt(
    :$Boolean!
) returns Mu

No Doc

method setOptionParseSVNEntries

method setOptionParseSVNEntries(
    :$Boolean!
) returns Mu

No Doc

method setOptionParseSitemapXml

method setOptionParseSitemapXml(
    :$Boolean!
) returns Mu

No Doc

method setOptionPostForm

method setOptionPostForm(
    :$Boolean!
) returns Mu

No Doc

method setOptionProcessForm

method setOptionProcessForm(
    :$Boolean!
) returns Mu

No Doc

method setOptionRequestWaitTime

method setOptionRequestWaitTime(
    :$Integer!
) returns Mu

No Doc

method setOptionScopeString

method setOptionScopeString(
    :$String!
) returns Mu

Use actions [add|modify|remove]DomainAlwaysInScope instead.

method setOptionSendRefererHeader

method setOptionSendRefererHeader(
    :$Boolean!
) returns Mu

Sets whether or not the 'Referer' header should be sent while spidering.

method setOptionShowAdvancedDialog

method setOptionShowAdvancedDialog(
    :$Boolean!
) returns Mu

No Doc

method setOptionSkipURLString

method setOptionSkipURLString(
    :$String!
) returns Mu

No Doc

method setOptionThreadCount

method setOptionThreadCount(
    :$Integer!
) returns Mu

No Doc

method setOptionUserAgent

method setOptionUserAgent(
    :$String!
) returns Mu

No Doc

method stop

method stop(
    :$scanId
) returns Mu

No Doc

method stopAllScans

method stopAllScans() returns Mu

No Doc

class Zap::Selenium

class Zap::Selenium Methods

method setOptionChromeDriverPath

method setOptionChromeDriverPath(
    :$String!
) returns Mu

Sets the current path to ChromeDriver

method setOptionFirefoxBinaryPath

method setOptionFirefoxBinaryPath(
    :$String!
) returns Mu

Sets the current path to Firefox binary

method setOptionFirefoxDriverPath

method setOptionFirefoxDriverPath(
    :$String!
) returns Mu

Sets the current path to Firefox driver (geckodriver)

method setOptionIeDriverPath

method setOptionIeDriverPath(
    :$String!
) returns Mu

No Doc

method setOptionPhantomJsBinaryPath

method setOptionPhantomJsBinaryPath(
    :$String!
) returns Mu

Sets the current path to PhantomJS binary

method optionFirefoxDriverPath

method optionFirefoxDriverPath() returns Mu

Returns the current path to Firefox driver (geckodriver)

method optionIeDriverPath

method optionIeDriverPath() returns Mu

No Doc

method optionPhantomJsBinaryPath

method optionPhantomJsBinaryPath() returns Mu

Returns the current path to PhantomJS binary

class Zap::Httpsessions

class Zap::Httpsessions Methods

method addDefaultSessionToken

method addDefaultSessionToken(
    :$sessionToken!,
    :$tokenEnabled
) returns Mu

Adds a default session token with the given name and enabled state.

method addSessionToken

method addSessionToken(
    :$site!,
    :$sessionToken!
) returns Mu

Adds the session token to the given site.

method createEmptySession

method createEmptySession(
    :$site!,
    :$session
) returns Mu

Creates an empty session for the given site. Optionally with the given name.

method removeDefaultSessionToken

method removeDefaultSessionToken(
    :$sessionToken!
) returns Mu

Removes the default session token with the given name.

method removeSession

method removeSession(
    :$site!,
    :$session!
) returns Mu

Removes the session from the given site.

method removeSessionToken

method removeSessionToken(
    :$site!,
    :$sessionToken!
) returns Mu

Removes the session token from the given site.

method renameSession

method renameSession(
    :$site!,
    :$oldSessionName!,
    :$newSessionName!
) returns Mu

Renames the session of the given site.

method setActiveSession

method setActiveSession(
    :$site!,
    :$session!
) returns Mu

Sets the given session as active for the given site.

method setDefaultSessionTokenEnabled

method setDefaultSessionTokenEnabled(
    :$sessionToken!,
    :$tokenEnabled!
) returns Mu

Sets whether or not the default session token with the given name is enabled.

method setSessionTokenValue

method setSessionTokenValue(
    :$site!,
    :$session!,
    :$sessionToken!,
    :$tokenValue!
) returns Mu

Sets the value of the session token of the given session for the given site.

method unsetActiveSession

method unsetActiveSession(
    :$site!
) returns Mu

Unsets the active session of the given site.

method sessionTokens

method sessionTokens(
    :$site!
) returns Mu

Gets the names of the session tokens for the given site.

method sessions

method sessions(
    :$site!,
    :$session
) returns Mu

Gets the sessions for the given site. Optionally returning just the session with the given name.

method sites

method sites() returns Mu

Gets all of the sites that have sessions.

class Zap::Localproxies

class Zap::Localproxies Methods

method removeAdditionalProxy

method removeAdditionalProxy(
    :$address!,
    :$port!
) returns Mu

Removes the additional proxy with the specified address and port.

class Zap::Websocket

class Zap::Websocket Methods

method message

method message(
    :$channelId!,
    :$messageId!
) returns Mu

Returns full details of the message specified by the channelId and messageId

method messages

method messages(
    :$channelId,
    :$start,
    :$count,
    :$payloadPreviewLength
) returns Mu

Returns a list of all of the messages that meet the given criteria (all optional), where channelId is a channel identifier, start is the offset to start returning messages from (starting from 0), count is the number of messages to return (default no limit) and payloadPreviewLength is the maximum number bytes to return for the payload contents

method sendTextMessage

method sendTextMessage(
    :$channelId!,
    :$outgoing!,
    :$message!
) returns Mu

Sends the specified message on the channel specified by channelId, if outgoing is 'True' then the message will be sent to the server and if it is 'False' then it will be sent to the client

method setBreakTextMessage

method setBreakTextMessage(
    :$message!,
    :$outgoing!
) returns Mu

Sets the text message for an intercepted websockets message

class Zap::Authentication

class Zap::Authentication Methods

method setAuthenticationMethod

method setAuthenticationMethod(
    :$contextId!,
    :$authMethodName!,
    :$authMethodConfigParams
) returns Mu

Sets the authentication method for the context with the given ID.

method setLoggedInIndicator

method setLoggedInIndicator(
    :$contextId!,
    :$loggedInIndicatorRegex!
) returns Mu

Sets the logged in indicator for the context with the given ID.

method setLoggedOutIndicator

method setLoggedOutIndicator(
    :$contextId!,
    :$loggedOutIndicatorRegex!
) returns Mu

Sets the logged out indicator for the context with the given ID.

method getLoggedInIndicator

method getLoggedInIndicator(
    :$contextId!
) returns Mu

Gets the logged in indicator for the context with the given ID.

method getLoggedOutIndicator

method getLoggedOutIndicator(
    :$contextId!
) returns Mu

Gets the logged out indicator for the context with the given ID.

method getSupportedAuthenticationMethods

method getSupportedAuthenticationMethods() returns Mu

Gets the name of the authentication methods.

class Zap::Pscan

class Zap::Pscan Methods

method disableAllScanners

method disableAllScanners() returns Mu

Disables all passive scanners

method disableAllTags

method disableAllTags() returns Mu

Disables all passive scan tags.

method disableScanners

method disableScanners(
    :$ids!
) returns Mu

Disables all passive scanners with the given IDs (comma separated list of IDs)

method enableAllScanners

method enableAllScanners() returns Mu

Enables all passive scanners

method enableAllTags

method enableAllTags() returns Mu

Enables all passive scan tags.

method enableScanners

method enableScanners(
    :$ids!
) returns Mu

Enables all passive scanners with the given IDs (comma separated list of IDs)

method setEnabled

method setEnabled(
    :$enabled!
) returns Mu

Sets whether or not the passive scanning is enabled (Note: the enabled state is not persisted).

method setMaxAlertsPerRule

method setMaxAlertsPerRule(
    :$maxAlerts!
) returns Mu

Sets the maximum number of alerts a passive scan rule should raise.

method setScanOnlyInScope

method setScanOnlyInScope(
    :$onlyInScope!
) returns Mu

Sets whether or not the passive scan should be performed only on messages that are in scope.

method setScannerAlertThreshold

method setScannerAlertThreshold(
    :$id!,
    :$alertThreshold!
) returns Mu

Sets the alert threshold of the passive scanner with the given ID, accepted values for alert threshold: OFF, DEFAULT, LOW, MEDIUM and HIGH

method recordsToScan

method recordsToScan() returns Mu

The number of records the passive scanner still has to scan

method scanOnlyInScope

method scanOnlyInScope() returns Mu

Tells whether or not the passive scan should be performed only on messages that are in scope.

method scanners

method scanners() returns Mu

Lists all passive scanners with its ID, name, enabled state and alert threshold.

class Zap::Sessionmanagement

class Zap::Sessionmanagement Methods

method getSupportedSessionManagementMethods

method getSupportedSessionManagementMethods() returns Mu

Gets the name of the session management methods.

method setSessionManagementMethod

method setSessionManagementMethod(
    :$contextId!,
    :$methodName!,
    :$methodConfigParams
) returns Mu

Sets the session management method for the context with the given ID.

class Zap::Script

class Zap::Script Methods

method globalVar

method globalVar(
    :$varKey!
) returns Mu

Gets the value of the global variable with the given key. Returns an API error (DOES_NOT_EXIST) if no value was previously set.

method globalVars

method globalVars() returns Mu

Gets all the global variables (key/value pairs).

method listEngines

method listEngines() returns Mu

Lists the script engines available

method listScripts

method listScripts() returns Mu

Lists the scripts available, with its engine, name, description, type and error state.

method listTypes

method listTypes() returns Mu

Lists the script types available.

method scriptCustomVar

method scriptCustomVar(
    :$scriptName!,
    :$varKey!
) returns Mu

Gets the value (string representation) of a custom variable. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists or if no value was previously set.

method scriptCustomVars

method scriptCustomVars(
    :$scriptName!
) returns Mu

Gets all the custom variables (key/value pairs, the value is the string representation) of a script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists.

method scriptVar

method scriptVar(
    :$scriptName!,
    :$varKey!
) returns Mu

Gets the value of the variable with the given key for the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists or if no value was previously set.

method scriptVars

method scriptVars(
    :$scriptName!
) returns Mu

Gets all the variables (key/value pairs) of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists.

method clearGlobalCustomVar

method clearGlobalCustomVar(
    :$varKey!
) returns Mu

Clears a global custom variable.

method clearGlobalVar

method clearGlobalVar(
    :$varKey!
) returns Mu

Clears the global variable with the given key.

method clearGlobalVars

method clearGlobalVars() returns Mu

Clears the global variables.

method clearScriptCustomVar

method clearScriptCustomVar(
    :$scriptName!,
    :$varKey!
) returns Mu

Clears a script custom variable.

method clearScriptVar

method clearScriptVar(
    :$scriptName!,
    :$varKey!
) returns Mu

Clears the variable with the given key of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists.

method clearScriptVars

method clearScriptVars(
    :$scriptName!
) returns Mu

Clears the variables of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists.

method disable

method disable(
    :$scriptName!
) returns Mu

Disables the script with the given name

method enable

method enable(
    :$scriptName!
) returns Mu

Enables the script with the given name

method load

method load(
    :$scriptName!,
    :$scriptType!,
    :$scriptEngine!,
    :$fileName!,
    :$scriptDescription,
    :$charset
) returns Mu

Loads a script into ZAP from the given local file, with the given name, type and engine, optionally with a description, and a charset name to read the script (the charset name is required if the script is not in UTF-8, for example, in ISO-8859-1).

method remove

method remove(
    :$scriptName!
) returns Mu

Removes the script with the given name

method runStandAloneScript

method runStandAloneScript(
    :$scriptName!
) returns Mu

Runs the stand alone script with the given name

method setGlobalVar

method setGlobalVar(
    :$varKey!,
    :$varValue
) returns Mu

Sets the value of the global variable with the given key.

method setScriptVar

method setScriptVar(
    :$scriptName!,
    :$varKey!,
    :$varValue
) returns Mu

Sets the value of the variable with the given key of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists.

class Zap::Ajaxspider

class Zap::Ajaxspider Methods

method optionBrowserId

method optionBrowserId() returns Mu

No Doc

method optionClickDefaultElems

method optionClickDefaultElems() returns Mu

No Doc

method optionClickElemsOnce

method optionClickElemsOnce() returns Mu

No Doc

method optionEventWait

method optionEventWait() returns Mu

No Doc

method optionMaxCrawlDepth

method optionMaxCrawlDepth() returns Mu

No Doc

method optionMaxCrawlStates

method optionMaxCrawlStates() returns Mu

No Doc

method optionMaxDuration

method optionMaxDuration() returns Mu

No Doc

method optionNumberOfBrowsers

method optionNumberOfBrowsers() returns Mu

No Doc

method optionRandomInputs

method optionRandomInputs() returns Mu

No Doc

method optionReloadWait

method optionReloadWait() returns Mu

No Doc

method results

method results(
    :$start,
    :$count
) returns Mu

No Doc

method status

method status() returns Mu

No Doc

method scan

method scan(
    :$url,
    :$inScope,
    :$contextName,
    :$subtreeOnly
) returns Mu

Runs the spider against the given URL and/or context, optionally, spidering everything in scope. The parameter 'contextName' can be used to constrain the scan to a Context, the option 'in scope' is ignored if a context was also specified. The parameter 'subtreeOnly' allows to restrict the spider under a site's subtree (using the specified 'url').

method scanAsUser

method scanAsUser(
    :$contextName!,
    :$userName!,
    :$url,
    :$subtreeOnly
) returns Mu

Runs the spider from the perspective of a User, obtained using the given context name and user name. The parameter 'url' allows to specify the starting point for the spider, otherwise it's used an existing URL from the context (if any). The parameter 'subtreeOnly' allows to restrict the spider under a site's subtree (using the specified 'url').

method setOptionBrowserId

method setOptionBrowserId(
    :$String!
) returns Mu

No Doc

method setOptionClickDefaultElems

method setOptionClickDefaultElems(
    :$Boolean!
) returns Mu

No Doc

method setOptionClickElemsOnce

method setOptionClickElemsOnce(
    :$Boolean!
) returns Mu

No Doc

method setOptionEventWait

method setOptionEventWait(
    :$Integer!
) returns Mu

No Doc

method setOptionMaxCrawlDepth

method setOptionMaxCrawlDepth(
    :$Integer!
) returns Mu

No Doc

method setOptionMaxCrawlStates

method setOptionMaxCrawlStates(
    :$Integer!
) returns Mu

No Doc

method setOptionMaxDuration

method setOptionMaxDuration(
    :$Integer!
) returns Mu

No Doc

method setOptionNumberOfBrowsers

method setOptionNumberOfBrowsers(
    :$Integer!
) returns Mu

No Doc

method setOptionRandomInputs

method setOptionRandomInputs(
    :$Boolean!
) returns Mu

No Doc

method setOptionReloadWait

method setOptionReloadWait(
    :$Integer!
) returns Mu

No Doc

method stop

method stop() returns Mu

No Doc

class Zap::Core

class Zap::Core Methods

method alertsSummary

method alertsSummary(
    :$baseurl
) returns Mu

Gets number of alerts grouped by each risk level, optionally filtering by URL

method childNodes

method childNodes(
    :$url
) returns Mu

Gets the child nodes underneath the specified URL in the Sites tree

method excludedFromProxy

method excludedFromProxy() returns Mu

Gets the regular expressions, applied to URLs, to exclude from the local proxies.

method homeDirectory

method homeDirectory() returns Mu

No Doc

method hosts

method hosts() returns Mu

Gets the name of the hosts accessed through/by ZAP

method message

method message(
    :$id!
) returns Mu

Gets the HTTP message with the given ID. Returns the ID, request/response headers and bodies, cookies, note, type, RTT, and timestamp.

method messages

method messages(
    :$baseurl,
    :$start,
    :$count
) returns Mu

Gets the HTTP messages sent by ZAP, request and response, optionally filtered by URL and paginated with 'start' position and 'count' of messages

method messagesById

method messagesById(
    :$ids!
) returns Mu

Gets the HTTP messages with the given IDs.

method mode

method mode() returns Mu

Gets the mode

method numberOfAlerts

method numberOfAlerts(
    :$baseurl,
    :$riskId
) returns Mu

Gets the number of alerts, optionally filtering by URL or riskId

method numberOfMessages

method numberOfMessages(
    :$baseurl
) returns Mu

Gets the number of messages, optionally filtering by URL

method optionAlertOverridesFilePath

method optionAlertOverridesFilePath() returns Mu

Gets the path to the file with alert overrides.

method optionDefaultUserAgent

method optionDefaultUserAgent() returns Mu

Gets the user agent that ZAP should use when creating HTTP messages (for example, spider messages or CONNECT requests to outgoing proxy).

method optionDnsTtlSuccessfulQueries

method optionDnsTtlSuccessfulQueries() returns Mu

Gets the TTL (in seconds) of successful DNS queries.

method optionHttpState

method optionHttpState() returns Mu

No Doc

method optionHttpStateEnabled

method optionHttpStateEnabled() returns Mu

No Doc

method optionMaximumAlertInstances

method optionMaximumAlertInstances() returns Mu

Gets the maximum number of alert instances to include in a report.

method optionMergeRelatedAlerts

method optionMergeRelatedAlerts() returns Mu

Gets whether or not related alerts will be merged in any reports generated.

method optionProxyChainName

method optionProxyChainName() returns Mu

No Doc

method optionProxyChainPassword

method optionProxyChainPassword() returns Mu

No Doc

method optionProxyChainPort

method optionProxyChainPort() returns Mu

No Doc

method optionProxyChainPrompt

method optionProxyChainPrompt() returns Mu

No Doc

method optionProxyChainRealm

method optionProxyChainRealm() returns Mu

No Doc

method optionProxyChainSkipName

method optionProxyChainSkipName() returns Mu

Use view proxyChainExcludedDomains instead.

method optionProxyChainUserName

method optionProxyChainUserName() returns Mu

No Doc

method optionProxyExcludedDomains

method optionProxyExcludedDomains() returns Mu

Use view proxyChainExcludedDomains instead.

method optionProxyExcludedDomainsEnabled

method optionProxyExcludedDomainsEnabled() returns Mu

Use view proxyChainExcludedDomains instead.

method optionSingleCookieRequestHeader

method optionSingleCookieRequestHeader() returns Mu

No Doc

method optionTimeoutInSecs

method optionTimeoutInSecs() returns Mu

Gets the connection time out, in seconds.

method optionUseProxyChain

method optionUseProxyChain() returns Mu

No Doc

method optionUseProxyChainAuth

method optionUseProxyChainAuth() returns Mu

No Doc

method proxyChainExcludedDomains

method proxyChainExcludedDomains() returns Mu

Gets all the domains that are excluded from the outgoing proxy. For each domain the following are shown: the index, the value (domain), if enabled, and if specified as a regex.

method sessionLocation

method sessionLocation() returns Mu

Gets the location of the current session file

method sites

method sites() returns Mu

Gets the sites accessed through/by ZAP (scheme and domain)

method urls

method urls(
    :$baseurl
) returns Mu

Gets the URLs accessed through/by ZAP, optionally filtering by (base) URL.

method version

method version() returns Mu

Gets ZAP version

method zapHomePath

method zapHomePath() returns Mu

Gets the path to ZAP's home directory.

method htmlreport

method htmlreport() returns Mu

Generates a report in HTML format

method jsonreport

method jsonreport() returns Mu

Generates a report in JSON format

method mdreport

method mdreport() returns Mu

Generates a report in Markdown format

method messageHar

method messageHar(
    :$id!
) returns Mu

Gets the message with the given ID in HAR format

method messagesHar

method messagesHar(
    :$baseurl,
    :$start,
    :$count
) returns Mu

Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages

method messagesHarById

method messagesHarById(
    :$ids!
) returns Mu

Gets the HTTP messages with the given IDs, in HAR format.

method proxypac

method proxypac() returns Mu

No Doc

method rootcert

method rootcert() returns Mu

Gets the Root CA certificate used by the local proxies.

method sendHarRequest

method sendHarRequest(
    :$request!,
    :$followRedirects
) returns Mu

Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirections), custom manual requests are not allowed in 'Safe' mode nor in 'Protected' mode if out of scope.

method setproxy

method setproxy(
    :$proxy!
) returns Mu

No Doc

method xmlreport

method xmlreport() returns Mu

Generates a report in XML format

method accessUrl

method accessUrl(
    :$url!,
    :$followRedirects
) returns Mu

Convenient and simple action to access a URL, optionally following redirections. Returns the request sent and response received and followed redirections, if any. Other actions are available which offer more control on what is sent, like, 'sendRequest' or 'sendHarRequest'.

method addProxyChainExcludedDomain

method addProxyChainExcludedDomain(
    :$value!,
    :$isRegex,
    :$isEnabled
) returns Mu

Adds a domain to be excluded from the outgoing proxy, using the specified value. Optionally sets if the new entry is enabled (default, true) and whether or not the new value is specified as a regex (default, false).

method clearExcludedFromProxy

method clearExcludedFromProxy() returns Mu

Clears the regexes of URLs excluded from the local proxies.

method deleteAlert

method deleteAlert(
    :$id!
) returns Mu

Deletes the alert with the given ID.

method deleteAllAlerts

method deleteAllAlerts() returns Mu

Deletes all alerts of the current session.

method deleteSiteNode

method deleteSiteNode(
    :$url!,
    :$method,
    :$postData
) returns Mu

Deletes the site node found in the Sites Tree on the basis of the URL, HTTP method, and post data (if applicable and specified).

method disableAllProxyChainExcludedDomains

method disableAllProxyChainExcludedDomains() returns Mu

Disables all domains excluded from the outgoing proxy.

method disableClientCertificate

method disableClientCertificate() returns Mu

Disables the option for use of client certificates.

method enableAllProxyChainExcludedDomains

method enableAllProxyChainExcludedDomains() returns Mu

Enables all domains excluded from the outgoing proxy.

method enablePKCS12ClientCertificate

method enablePKCS12ClientCertificate(
    :$filePath!,
    :$password!,
    :$index
) returns Mu

Enables use of a PKCS12 client certificate for the certificate with the given file system path, password, and optional index.

method excludeFromProxy

method excludeFromProxy(
    :$regex!
) returns Mu

Adds a regex of URLs that should be excluded from the local proxies.

method generateRootCA

method generateRootCA() returns Mu

Generates a new Root CA certificate for the local proxies.

method loadSession

method loadSession(
    :$name!
) returns Mu

Loads the session with the given name. If a relative path is specified it will be resolved against the "session" directory in ZAP "home" dir.

method modifyProxyChainExcludedDomain

method modifyProxyChainExcludedDomain(
    :$idx!,
    :$value,
    :$isRegex,
    :$isEnabled
) returns Mu

Modifies a domain excluded from the outgoing proxy. Allows to modify the value, if enabled or if a regex. The domain is selected with its index, which can be obtained with the view proxyChainExcludedDomains.

method newSession

method newSession(
    :$name,
    :$overwrite
) returns Mu

Creates a new session, optionally overwriting existing files. If a relative path is specified it will be resolved against the "session" directory in ZAP "home" dir.

method removeProxyChainExcludedDomain

method removeProxyChainExcludedDomain(
    :$idx!
) returns Mu

Removes a domain excluded from the outgoing proxy, with the given index. The index can be obtained with the view proxyChainExcludedDomains.

method runGarbageCollection

method runGarbageCollection() returns Mu

No Doc

method saveSession

method saveSession(
    :$name!,
    :$overwrite
) returns Mu

Saves the session.

method sendRequest

method sendRequest(
    :$request!,
    :$followRedirects
) returns Mu

Sends the HTTP request, optionally following redirections. Returns the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirections), custom manual requests are not allowed in 'Safe' mode nor in 'Protected' mode if out of scope.

method setHomeDirectory

method setHomeDirectory(
    :$dir!
) returns Mu

No Doc

method setMode

method setMode(
    :$mode!
) returns Mu

Sets the mode, which may be one of [safe, protect, standard, attack]

method setOptionAlertOverridesFilePath

method setOptionAlertOverridesFilePath(
    :$filePath
) returns Mu

Sets (or clears, if empty) the path to the file with alert overrides.

method setOptionDefaultUserAgent

method setOptionDefaultUserAgent(
    :$String!
) returns Mu

Sets the user agent that ZAP should use when creating HTTP messages (for example, spider messages or CONNECT requests to outgoing proxy).

method setOptionDnsTtlSuccessfulQueries

method setOptionDnsTtlSuccessfulQueries(
    :$Integer!
) returns Mu

Sets the TTL (in seconds) of successful DNS queries (applies after ZAP restart).

method setOptionHttpStateEnabled

method setOptionHttpStateEnabled(
    :$Boolean!
) returns Mu

No Doc

method setOptionMaximumAlertInstances

method setOptionMaximumAlertInstances(
    :$numberOfInstances!
) returns Mu

Sets the maximum number of alert instances to include in a report. A value of zero is treated as unlimited.

method setOptionMergeRelatedAlerts

method setOptionMergeRelatedAlerts(
    :$enabled!
) returns Mu

Sets whether or not related alerts will be merged in any reports generated.

method setOptionProxyChainName

method setOptionProxyChainName(
    :$String!
) returns Mu

No Doc

method setOptionProxyChainPassword

method setOptionProxyChainPassword(
    :$String!
) returns Mu

No Doc

method setOptionProxyChainPort

method setOptionProxyChainPort(
    :$Integer!
) returns Mu

No Doc

method setOptionProxyChainPrompt

method setOptionProxyChainPrompt(
    :$Boolean!
) returns Mu

No Doc

method setOptionProxyChainRealm

method setOptionProxyChainRealm(
    :$String!
) returns Mu

No Doc

method setOptionProxyChainSkipName

method setOptionProxyChainSkipName(
    :$String!
) returns Mu

Use actions [add|modify|remove]ProxyChainExcludedDomain instead.

method setOptionProxyChainUserName

method setOptionProxyChainUserName(
    :$String!
) returns Mu

No Doc

method setOptionSingleCookieRequestHeader

method setOptionSingleCookieRequestHeader(
    :$Boolean!
) returns Mu

No Doc

method setOptionTimeoutInSecs

method setOptionTimeoutInSecs(
    :$Integer!
) returns Mu

Sets the connection time out, in seconds.

method setOptionUseProxyChain

method setOptionUseProxyChain(
    :$Boolean!
) returns Mu

Sets whether or not the outgoing proxy should be used. The address/hostname of the outgoing proxy must be set to enable this option.

method setOptionUseProxyChainAuth

method setOptionUseProxyChainAuth(
    :$Boolean!
) returns Mu

No Doc

method shutdown

method shutdown() returns Mu

Shuts down ZAP

method snapshotSession

method snapshotSession(
    :$name,
    :$overwrite
) returns Mu

Snapshots the session, optionally with the given name, and overwriting existing files. If no name is specified the name of the current session with a timestamp appended is used. If a relative path is specified it will be resolved against the "session" directory in ZAP "home" dir.

class Zap::Users

class Zap::Users Methods

method newUser

method newUser(
    :$contextId!,
    :$name!
) returns Mu

Creates a new user with the given name for the context with the given ID.

method removeUser

method removeUser(
    :$contextId!,
    :$userId!
) returns Mu

Removes the user with the given ID that belongs to the context with the given ID.

method setAuthenticationCredentials

method setAuthenticationCredentials(
    :$contextId!,
    :$userId!,
    :$authCredentialsConfigParams
) returns Mu

Sets the authentication credentials for the user with the given ID that belongs to the context with the given ID.

method setUserEnabled

method setUserEnabled(
    :$contextId!,
    :$userId!,
    :$enabled!
) returns Mu

Sets whether or not the user, with the given ID that belongs to the context with the given ID, should be enabled.

method setUserName

method setUserName(
    :$contextId!,
    :$userId!,
    :$name!
) returns Mu

Renames the user with the given ID that belongs to the context with the given ID.

method getUserById

method getUserById(
    :$contextId!,
    :$userId!
) returns Mu

Gets the data of the user with the given ID that belongs to the context with the given ID.

method usersList

method usersList(
    :$contextId
) returns Mu

Gets a list of users that belong to the context with the given ID, or all users if none provided.

class Zap::Acsrf

class Zap::Acsrf Methods

method removeOptionToken

method removeOptionToken(
    :$String!
) returns Mu

Removes the anti-CSRF token with the given name

method genForm

method genForm(
    :$hrefId!
) returns Mu

Generate a form for testing lack of anti-CSRF tokens - typically invoked via ZAP

class Zap::Search

class Zap::Search Methods

method harByHeaderRegex

method harByHeaderRegex(
    :$regex!,
    :$baseurl,
    :$start,
    :$count
) returns Mu

Returns the HTTP messages, in HAR format, that match the given regular expression in the header(s) optionally filtered by URL and paginated with 'start' position and 'count' of messages.

method harByRequestRegex

method harByRequestRegex(
    :$regex!,
    :$baseurl,
    :$start,
    :$count
) returns Mu

Returns the HTTP messages, in HAR format, that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages.

method harByResponseRegex

method harByResponseRegex(
    :$regex!,
    :$baseurl,
    :$start,
    :$count
) returns Mu

Returns the HTTP messages, in HAR format, that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages.

method harByUrlRegex

method harByUrlRegex(
    :$regex!,
    :$baseurl,
    :$start,
    :$count
) returns Mu

Returns the HTTP messages, in HAR format, that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages.

method messagesByResponseRegex

method messagesByResponseRegex(
    :$regex!,
    :$baseurl,
    :$start,
    :$count
) returns Mu

Returns the HTTP messages that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages.

method messagesByUrlRegex

method messagesByUrlRegex(
    :$regex!,
    :$baseurl,
    :$start,
    :$count
) returns Mu

Returns the HTTP messages that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages.

method urlsByHeaderRegex

method urlsByHeaderRegex(
    :$regex!,
    :$baseurl,
    :$start,
    :$count
) returns Mu

Returns the URLs of the HTTP messages that match the given regular expression in the header(s) optionally filtered by URL and paginated with 'start' position and 'count' of messages.

method urlsByRequestRegex

method urlsByRequestRegex(
    :$regex!,
    :$baseurl,
    :$start,
    :$count
) returns Mu

Returns the URLs of the HTTP messages that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages.

method urlsByResponseRegex

method urlsByResponseRegex(
    :$regex!,
    :$baseurl,
    :$start,
    :$count
) returns Mu

Returns the URLs of the HTTP messages that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages.

method urlsByUrlRegex

method urlsByUrlRegex(
    :$regex!,
    :$baseurl,
    :$start,
    :$count
) returns Mu

Returns the URLs of the HTTP messages that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages.

class Zap::Replacer

class Zap::Replacer Methods

method removeRule

method removeRule(
    :$description!
) returns Mu

Removes the rule with the given description

method setEnabled

method setEnabled(
    :$description!,
    :$bool!
) returns Mu

Enables or disables the rule with the given description based on the bool parameter

class Zap::Context

class Zap::Context Methods

method excludeAllContextTechnologies

method excludeAllContextTechnologies(
    :$contextName!
) returns Mu

Excludes all built in technologies from a context

method excludeContextTechnologies

method excludeContextTechnologies(
    :$contextName!,
    :$technologyNames!
) returns Mu

Excludes technologies with the given names, separated by a comma, from a context

method excludeFromContext

method excludeFromContext(
    :$contextName!,
    :$regex!
) returns Mu

Add exclude regex to context

method exportContext

method exportContext(
    :$contextName!,
    :$contextFile!
) returns Mu

Exports the context with the given name to a file. If a relative file path is specified it will be resolved against the "contexts" directory in ZAP "home" dir.

method importContext

method importContext(
    :$contextFile!
) returns Mu

Imports a context from a file. If a relative file path is specified it will be resolved against the "contexts" directory in ZAP "home" dir.

method includeAllContextTechnologies

method includeAllContextTechnologies(
    :$contextName!
) returns Mu

Includes all built in technologies in to a context

method includeContextTechnologies

method includeContextTechnologies(
    :$contextName!,
    :$technologyNames!
) returns Mu

Includes technologies with the given names, separated by a comma, to a context

method includeInContext

method includeInContext(
    :$contextName!,
    :$regex!
) returns Mu

Add include regex to context

method newContext

method newContext(
    :$contextName!
) returns Mu

Creates a new context with the given name in the current session

method removeContext

method removeContext(
    :$contextName!
) returns Mu

Removes a context in the current session

method setContextInScope

method setContextInScope(
    :$contextName!,
    :$booleanInScope!
) returns Mu

Sets a context to in scope (contexts are in scope by default)

method setContextRegexs

method setContextRegexs(
    :$contextName!,
    :$incRegexs!,
    :$excRegexs!
) returns Mu

Set the regexs to include and exclude for a context, both supplied as JSON string arrays

method excludeRegexs

method excludeRegexs(
    :$contextName!
) returns Mu

List excluded regexs for context

method excludedTechnologyList

method excludedTechnologyList(
    :$contextName!
) returns Mu

Lists the names of all technologies excluded from a context

method includeRegexs

method includeRegexs(
    :$contextName!
) returns Mu

List included regexs for context

method includedTechnologyList

method includedTechnologyList(
    :$contextName!
) returns Mu

Lists the names of all technologies included in a context

method technologyList

method technologyList() returns Mu

Lists the names of all built in technologies

method urls

method urls(
    :$contextName!
) returns Mu

Lists the URLs accessed through/by ZAP, that belong to the context with the given name.

class Zap::Autoupdate

class Zap::Autoupdate Methods

method downloadLatestRelease

method downloadLatestRelease() returns Mu

Downloads the latest release, if any

method installAddon

method installAddon(
    :$id!
) returns Mu

Installs or updates the specified add-on, returning when complete (i.e. not asynchronously)

method setOptionCheckAddonUpdates

method setOptionCheckAddonUpdates(
    :$Boolean!
) returns Mu

No Doc

method setOptionCheckOnStart

method setOptionCheckOnStart(
    :$Boolean!
) returns Mu

No Doc

method setOptionDownloadNewRelease

method setOptionDownloadNewRelease(
    :$Boolean!
) returns Mu

No Doc

method setOptionInstallAddonUpdates

method setOptionInstallAddonUpdates(
    :$Boolean!
) returns Mu

No Doc

method setOptionInstallScannerRules

method setOptionInstallScannerRules(
    :$Boolean!
) returns Mu

No Doc

method setOptionReportAlphaAddons

method setOptionReportAlphaAddons(
    :$Boolean!
) returns Mu

No Doc

method setOptionReportBetaAddons

method setOptionReportBetaAddons(
    :$Boolean!
) returns Mu

No Doc

method setOptionReportReleaseAddons

method setOptionReportReleaseAddons(
    :$Boolean!
) returns Mu

No Doc

method uninstallAddon

method uninstallAddon(
    :$id!
) returns Mu

Uninstalls the specified add-on

method latestVersionNumber

method latestVersionNumber() returns Mu

Returns the latest version number

method localAddons

method localAddons() returns Mu

Returns a list with all local add-ons, installed or not.

method marketplaceAddons

method marketplaceAddons() returns Mu

Return a list of all of the add-ons on the ZAP Marketplace (this information is read once and then cached)

method newAddons

method newAddons() returns Mu

Return a list of any add-ons that have been added to the Marketplace since the last check for updates

method optionAddonDirectories

method optionAddonDirectories() returns Mu

No Doc

method optionCheckAddonUpdates

method optionCheckAddonUpdates() returns Mu

No Doc

method optionCheckOnStart

method optionCheckOnStart() returns Mu

No Doc

method optionDayLastChecked

method optionDayLastChecked() returns Mu

No Doc

method optionDayLastInstallWarned

method optionDayLastInstallWarned() returns Mu

No Doc

method optionDayLastUpdateWarned

method optionDayLastUpdateWarned() returns Mu

No Doc

method optionDownloadDirectory

method optionDownloadDirectory() returns Mu

No Doc

method optionDownloadNewRelease

method optionDownloadNewRelease() returns Mu

No Doc

method optionInstallAddonUpdates

method optionInstallAddonUpdates() returns Mu

No Doc

method optionInstallScannerRules

method optionInstallScannerRules() returns Mu

No Doc

method optionReportAlphaAddons

method optionReportAlphaAddons() returns Mu

No Doc

method optionReportBetaAddons

method optionReportBetaAddons() returns Mu

No Doc

method optionReportReleaseAddons

method optionReportReleaseAddons() returns Mu

No Doc

method updatedAddons

method updatedAddons() returns Mu

Return a list of any add-ons that have been changed in the Marketplace since the last check for updates

class Zap::Alert

class Zap::Alert Methods

method addAlert

method addAlert(
    :$messageId!,
    :$name!,
    :$riskId!,
    :$confidenceId!,
    :$description!,
    :$param,
    :$attack,
    :$otherInfo,
    :$solution,
    :$references,
    :$evidence,
    :$cweId,
    :$wascId
) returns Mu

Add an alert associated with the given message ID, with the provided details. (The ID of the created alert is returned.)

method deleteAlert

method deleteAlert(
    :$id!
) returns Mu

Deletes the alert with the given ID.

method deleteAllAlerts

method deleteAllAlerts() returns Mu

Deletes all alerts of the current session.

method updateAlert

method updateAlert(
    :$id!,
    :$name!,
    :$riskId!,
    :$confidenceId!,
    :$description!,
    :$param,
    :$attack,
    :$otherInfo,
    :$solution,
    :$references,
    :$evidence,
    :$cweId,
    :$wascId
) returns Mu

Update the alert with the given ID, with the provided details.

method alerts

method alerts(
    :$baseurl,
    :$start,
    :$count,
    :$riskId
) returns Mu

Gets the alerts raised by ZAP, optionally filtering by URL or riskId, and paginating with 'start' position and 'count' of alerts

method alertsByRisk

method alertsByRisk(
    :$url,
    :$recurse
) returns Mu

Gets a summary of the alerts, optionally filtered by a 'url'. If 'recurse' is true then all alerts that apply to urls that start with the specified 'url' will be returned, otherwise only those on exactly the same 'url' (ignoring url parameters)

method alertsSummary

method alertsSummary(
    :$baseurl
) returns Mu

Gets number of alerts grouped by each risk level, optionally filtering by URL

method numberOfAlerts

method numberOfAlerts(
    :$baseurl,
    :$riskId
) returns Mu

Gets the number of alerts, optionally filtering by URL or riskId