Skip to content

Releases: zaproxy/community-scripts

Version 9

30 Jan 11:33
@github-actions github-actions
v9
This tag was signed with the committer’s verified signature.
thc202
GPG key ID: F29DBD3500548AA2
Learn about vigilant mode.
06561f0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 9

Added

  • Add repo URL, shown in the marketplace and Manage Add-ons dialogue.
  • active/cve-2019-5418.js > An active scanner for Ruby on Rails Accept header content disclosure issue.
  • active/JWT None Exploit.js > Checks if the application's JWT implementation allows the usage of the 'none' algorithm.
  • authentication/DjangoAuthentication.js > Django authentication script.
  • authentication/GetsWithRedirectThenPost.js > An authentication script that follows GET redirects and then submits a POST with the authentication credentials.
  • extender/Simple Reverse Proxy.js > Adds a simple reverse proxy.
  • extender/ZAP onEvent Handler.js > An example for how to listen for internal ZAP events.
  • httpsender/add-extra-headers.js > Adds encountered 'extra' headers to all requests.
  • httpsender/aws-signing-for-owasp-zap.py > Signs requests to AWS.
  • httpsender/fingerprinter.js > Logs MD5s of responses.
  • httpsender/greenbone-maintain-auth.js > An auth helper script for OpenVAS Greenbone web interface.
  • httpsender/inject-xss.js > Injects XSS payloads into JSON responses.
  • httpsender/juice-shop-maintain-auth.js > An auth helper script for OWASP JuiceShop.
  • httpsender/keep-cookies-going.js > An auth helper script.
  • httpsender/maintain-jwt.js > Tracks JWTs and updates Authorization bearer headers.
  • passive/Find IBANs.js > Finds IBANs in HTTP response bodies.
  • passive/HUNT.py > Merge of existing HUNT scripts.
  • proxy/Drop requests by response code.js > Drops requests that have a given response code.
  • standalone/scan_rule_list.js > Lists details from both active and passive scan rules.
  • standalone/Split download extract.rb > Concatenates split file downloads.

Changed

  • Change info URL to link to the online help page.
  • Updated to target ZAP 2.9

Removed

  • The following scripts were merged into a new script HUNT.py:
    • passive/HUNT - Debug & Logic Parameters.py
    • passive/HUNT - File Inclusion.py
    • passive/HUNT - IDOR.py
    • passive/HUNT - RCE.py
    • passive/HUNT - SQLi.py
    • passive/HUNT - SSRF.py
    • passive/HUNT - SSTI.py

Fixed

  • Fix links to source files in zaproxy repo.
Assets 3
Loading