├── api
├── sdlc-integration
│ ├── core
│ │ ├── __init__.py
│ │ ├── scan_module
│ │ │ └── __init__.py
│ │ ├── setup_module
│ │ │ ├── __init__.py
│ │ │ └── proxy_scripts
│ │ │ │ └── zapAddCsp.js
│ │ └── config.py
│ ├── requirements.txt
│ ├── demos
│ │ ├── shutdown-zap.sh
│ │ ├── targets_file_demo.txt
│ │ ├── start-zap.sh
│ │ └── rules_config_demo.txt
│ ├── run_scan.py
│ └── run_session_setup.py
└── mass-baseline
│ ├── docker-wrapper
│ ├── mass-basewrapper.sh
│ ├── README.md
│ ├── mass-baseline.sh
│ └── mass-baseline-default.conf
├── gradle.properties
├── settings.gradle.kts
├── gradle
├── wrapper
│ ├── gradle-wrapper.jar
│ └── gradle-wrapper.properties
└── spotless
│ └── license.java
├── payloadprocessor
├── sqlmap - lowercase.py
├── sqlmap - apostrophemask.py
├── sqlmap - space2comments.py
├── sqlmap - apostrophenullencode.py
├── sqlmap - equaltolike.py
├── deflate_gzip_encoding.py
├── to-hex.js
├── sqlmap - chardoubleencode.py
├── sqlmap - charunicodeencode.py
├── sqlmap - charencode.py
├── sqlmap - percentage.py
├── sqlmap - randomcase.py
└── README.md
├── scan-hooks
├── README.md
└── export_session.py
├── src
└── main
│ ├── resources
│ └── org
│ │ └── zaproxy
│ │ └── zap
│ │ └── extension
│ │ └── communityScripts
│ │ └── resources
│ │ ├── Messages.properties
│ │ ├── Messages_id_ID.properties
│ │ ├── Messages_ar_SA.properties
│ │ ├── Messages_bn_BD.properties
│ │ ├── Messages_bs_BA.properties
│ │ ├── Messages_ceb_PH.properties
│ │ ├── Messages_da_DK.properties
│ │ ├── Messages_de_DE.properties
│ │ ├── Messages_el_GR.properties
│ │ ├── Messages_ha_HG.properties
│ │ ├── Messages_he_IL.properties
│ │ ├── Messages_hi_IN.properties
│ │ ├── Messages_hr_HR.properties
│ │ ├── Messages_ko_KR.properties
│ │ ├── Messages_mk_MK.properties
│ │ ├── Messages_ms_MY.properties
│ │ ├── Messages_nb_NO.properties
│ │ ├── Messages_nl_NL.properties
│ │ ├── Messages_pcm_NG.properties
│ │ ├── Messages_pt_PT.properties
│ │ ├── Messages_ro_RO.properties
│ │ ├── Messages_si_LK.properties
│ │ ├── Messages_sk_SK.properties
│ │ ├── Messages_sl_SI.properties
│ │ ├── Messages_sq_AL.properties
│ │ ├── Messages_sr_CS.properties
│ │ ├── Messages_sr_SP.properties
│ │ ├── Messages_ur_PK.properties
│ │ ├── Messages_yo_NG.properties
│ │ ├── Messages_zh_TW.properties
│ │ ├── Messages_pt_BR.properties
│ │ ├── Messages_tr_TR.properties
│ │ ├── Messages_fil_PH.properties
│ │ ├── Messages_fr_FR.properties
│ │ ├── Messages_it_IT.properties
│ │ ├── Messages_zh_CN.properties
│ │ ├── Messages_az_AZ.properties
│ │ ├── Messages_pl_PL.properties
│ │ ├── Messages_hu_HU.properties
│ │ ├── Messages_vi_VN.properties
│ │ ├── Messages_ja_JP.properties
│ │ ├── Messages_es_ES.properties
│ │ ├── Messages_fa_IR.properties
│ │ ├── Messages_uk_UA.properties
│ │ ├── Messages_ru_RU.properties
│ │ └── cve-2021-22214.yml
│ └── javahelp
│ └── org
│ └── zaproxy
│ └── zap
│ └── extension
│ └── communityScripts
│ └── resources
│ ├── help
│ ├── contents
│ │ ├── images
│ │ │ └── script-share.png
│ │ └── communityScripts.html
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset.hs
│ ├── help_ar_SA
│ ├── contents
│ │ ├── images
│ │ │ └── script-share.png
│ │ └── communityScripts.html
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_ar_SA.hs
│ ├── help_az_AZ
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_az_AZ.hs
│ ├── help_bs_BA
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_bs_BA.hs
│ ├── help_da_DK
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_da_DK.hs
│ ├── help_de_DE
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_de_DE.hs
│ ├── help_el_GR
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_el_GR.hs
│ ├── help_es_ES
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_es_ES.hs
│ ├── help_fa_IR
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_fa_IR.hs
│ ├── help_fr_FR
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_fr_FR.hs
│ ├── help_hi_IN
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_hi_IN.hs
│ ├── help_hr_HR
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_hr_HR.hs
│ ├── help_hu_HU
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_hu_HU.hs
│ ├── help_id_ID
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_id_ID.hs
│ ├── help_it_IT
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_it_IT.hs
│ ├── help_ja_JP
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_ja_JP.hs
│ ├── help_ko_KR
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_ko_KR.hs
│ ├── help_ms_MY
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_ms_MY.hs
│ ├── help_pl_PL
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_pl_PL.hs
│ ├── help_pt_BR
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_pt_BR.hs
│ ├── help_ro_RO
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_ro_RO.hs
│ ├── help_ru_RU
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_ru_RU.hs
│ ├── help_si_LK
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_si_LK.hs
│ ├── help_sk_SK
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_sk_SK.hs
│ ├── help_sl_SI
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_sl_SI.hs
│ ├── help_sq_AL
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_sq_AL.hs
│ ├── help_sr_CS
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_sr_CS.hs
│ ├── help_sr_SP
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_sr_SP.hs
│ ├── help_tr_TR
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_tr_TR.hs
│ ├── help_ur_PK
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_ur_PK.hs
│ ├── help_zh_CN
│ ├── contents
│ │ └── images
│ │ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_zh_CN.hs
│ └── help_fil_PH
│ ├── contents
│ └── images
│ │ └── script-share.png
│ ├── index.xml
│ ├── map.jhm
│ ├── toc.xml
│ └── helpset_fil_PH.hs
├── standalone
├── example_library.js
├── README.md
├── Traverse sites tree.js
├── enableDebugLogging.js
├── load_function_example.js
├── Loop through alerts.js
├── Loop through history table.js
├── Active scan rule list.js
├── window_creation_template.js
├── window_creation_template.py
├── Run report.js
├── scan_rule_list.js
├── Juice shop authentication by form.js
├── Split download extract.rb
└── Juice shop authentication by google.js
├── .gitattributes
├── httpsender
├── add_header_response.py
├── change_response.py
├── add_header_request.py
├── change_request.py
├── fingerprinter.js
├── AddBearerTokenHeader.js
└── juice-shop-maintain-auth.js
├── sequence
└── README.md
├── proxy
├── Emulate IE.js
├── Emulate Firefox.js
├── Emulate Chrome.js
├── Drop requests by response code.js
├── Emulate Safari.js
├── Emulate iOS.js
├── Emulate Android.js
├── dropCookiesSelectively.js
├── Drop requests not in scope.js
├── WAF_Bypass.js
├── Return fake response.js
└── Useragent Replace.js
├── targeted
├── Search www.xssposed.org for known XSS.js
├── search cvedetails using target server header.js
├── Find HTML comments.js
├── curl_command_generator.js
└── Find largest subtree.js
├── httpfuzzerprocessor
├── FuzzerStopOnStatusCode.js
├── random_x_forwarded_for_ip.js
├── http_status_code_filter.py
├── addCacheBusting.js
├── add_msgs_sites_tree.js
└── randomUserAgent.js
├── active
├── bxss.py
├── SSTI.py
└── RCE.py
├── .github
└── workflows
│ ├── crowdin-upload-files.yml
│ ├── prepare-release-add-on.yml
│ ├── release-add-on.yml
│ └── ci.yml
├── CONTRIBUTING.md
├── .gitignore
├── passive
├── clacks.js
├── Server Header Disclosure.js
├── X-Powered-By_header_checker.js
├── CookieHTTPOnly.js
└── Upload form discovery.js
├── payloadgenerator
├── securerandom.js
└── associated_fields.py
├── extender
└── ZAP onEvent Handler.js
├── RELEASING.md
└── selenium
└── Selenium Juice Shop.js
/api/sdlc-integration/core/__init__.py:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/api/sdlc-integration/core/scan_module/__init__.py:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/api/sdlc-integration/core/setup_module/__init__.py:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/gradle.properties:
--------------------------------------------------------------------------------
1 | version=15
2 | release=false
3 |
--------------------------------------------------------------------------------
/settings.gradle.kts:
--------------------------------------------------------------------------------
1 | rootProject.name = "community-scripts"
2 |
--------------------------------------------------------------------------------
/api/sdlc-integration/requirements.txt:
--------------------------------------------------------------------------------
1 | python-owasp-zap-v2.4
2 | requests
3 |
--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/gradle/wrapper/gradle-wrapper.jar
--------------------------------------------------------------------------------
/payloadprocessor/sqlmap - lowercase.py:
--------------------------------------------------------------------------------
1 | def process(payload):
2 |
3 | return payload.lower() if payload else payload
4 |
--------------------------------------------------------------------------------
/api/sdlc-integration/demos/shutdown-zap.sh:
--------------------------------------------------------------------------------
1 | echo "Shutting down ZAP..."
2 | curl "http://localhost:8080/JSON/core/action/shutdown/"
3 | echo
--------------------------------------------------------------------------------
/api/sdlc-integration/demos/targets_file_demo.txt:
--------------------------------------------------------------------------------
1 | https?://(\w+\.)*example.com/account/.*
2 | https?://(\w+\.)*example.com/profile.*
3 |
--------------------------------------------------------------------------------
/payloadprocessor/sqlmap - apostrophemask.py:
--------------------------------------------------------------------------------
1 | def process(payload):
2 |
3 | return payload.replace('\'', "%EF%BC%87") if payload else payload
4 |
--------------------------------------------------------------------------------
/payloadprocessor/sqlmap - space2comments.py:
--------------------------------------------------------------------------------
1 | def process(payload):
2 | processed_payload = payload.replace(" ", "/*1914*/");
3 | return processed_payload;
4 |
5 |
--------------------------------------------------------------------------------
/payloadprocessor/sqlmap - apostrophenullencode.py:
--------------------------------------------------------------------------------
1 | def process(payload):
2 | processed_payload = payload.replace("'", "%00%27");
3 | return processed_payload;
4 |
5 |
--------------------------------------------------------------------------------
/api/sdlc-integration/run_scan.py:
--------------------------------------------------------------------------------
1 | # This script should be used to run the actual ZAP scan
2 |
3 | import sys
4 | import core.scan_module.scan as scan
5 |
6 | scan.main(sys.argv[1:])
7 |
--------------------------------------------------------------------------------
/api/sdlc-integration/run_session_setup.py:
--------------------------------------------------------------------------------
1 | # This script should be run to clean and set up ZAP session
2 |
3 | import sys
4 | import core.setup_module.zap_session as setup
5 |
6 | setup.main(sys.argv[1:])
7 |
--------------------------------------------------------------------------------
/scan-hooks/README.md:
--------------------------------------------------------------------------------
1 | Scan Hooks run by the packaged Docker scans and provide methods that are called at all stages of the scans.
2 |
3 | For more details see https://www.zaproxy.org/docs/docker/scan-hooks/
4 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/payloadprocessor/sqlmap - equaltolike.py:
--------------------------------------------------------------------------------
1 | import re
2 |
3 | def process(payload):
4 |
5 | retVal = payload
6 |
7 | if payload:
8 | retVal = re.sub(r"\s*=\s*", " LIKE ", retVal)
9 |
10 | return retVal
11 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_id_ID.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Skrip Komunitas
2 | communityScripts.desc = Skrip Komunitas dari https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_ar_SA.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_bn_BD.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_bs_BA.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_ceb_PH.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_da_DK.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_de_DE.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_el_GR.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_ha_HG.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_he_IL.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_hi_IN.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_hr_HR.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_ko_KR.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_mk_MK.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_ms_MY.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_nb_NO.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_nl_NL.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts van https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_pcm_NG.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_pt_PT.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_ro_RO.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_si_LK.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_sk_SK.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_sl_SI.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_sq_AL.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_sr_CS.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_sr_SP.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_ur_PK.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_yo_NG.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_zh_TW.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Community Scripts
2 | communityScripts.desc = Community Scripts from https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_pt_BR.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Scripts da Comunidade
2 | communityScripts.desc = Scripts da Comunidade em https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_tr_TR.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Topluluk Betikleri
2 | communityScripts.desc = Topluluk Betikleri buradan\: https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_fil_PH.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Ang mga script ng komunidad
2 | communityScripts.desc = Iskrip Pang-komunidad mula sa https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_fr_FR.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Contributions de scripts
2 | communityScripts.desc = Contributions de scripts de\: https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_it_IT.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Script della comunit\u00e0
2 | communityScripts.desc = Script della comunit\u00e0 dal sito https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_zh_CN.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = \u793e\u533a\u811a\u672c
2 | communityScripts.desc = \u793e\u533a\u811a\u672c\u6765\u81ea https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_az_AZ.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = \u00dcmumi scriptl\u0259r
2 | communityScripts.desc = https\://github.com/zaproxy/community-scripts \u00fcnvan\u0131ndan \u00fcmumi scriptl\u0259r
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_pl_PL.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Skrypty spo\u0142eczno\u015bci
2 | communityScripts.desc = Skrypty spo\u0142eczno\u015bci ze strony https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_hu_HU.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = K\u00f6z\u00f6ss\u00e9gi szkriptek
2 | communityScripts.desc = K\u00f6z\u00f6ss\u00e9gi szkriptek innen\: https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ar_SA/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ar_SA/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_az_AZ/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_az_AZ/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_bs_BA/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_bs_BA/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_da_DK/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_da_DK/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_de_DE/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_de_DE/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_el_GR/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_el_GR/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_es_ES/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_es_ES/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_fa_IR/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_fa_IR/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_fr_FR/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_fr_FR/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_hi_IN/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_hi_IN/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_hr_HR/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_hr_HR/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_hu_HU/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_hu_HU/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_id_ID/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_id_ID/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_it_IT/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_it_IT/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ja_JP/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ja_JP/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ko_KR/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ko_KR/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ms_MY/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ms_MY/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_pl_PL/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_pl_PL/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_pt_BR/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_pt_BR/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ro_RO/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ro_RO/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ru_RU/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ru_RU/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_si_LK/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_si_LK/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sk_SK/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sk_SK/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sl_SI/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sl_SI/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sq_AL/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sq_AL/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sr_CS/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sr_CS/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sr_SP/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sr_SP/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_tr_TR/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_tr_TR/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ur_PK/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ur_PK/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_zh_CN/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_zh_CN/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_fil_PH/contents/images/script-share.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hahwul/community-scripts/main/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_fil_PH/contents/images/script-share.png
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_vi_VN.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = C\u00e1c t\u1eadp l\u1ec7nh c\u1ed9ng \u0111\u1ed3ng
2 | communityScripts.desc = C\u00e1c t\u1eadp l\u1ec7nh c\u1ed9ng \u0111\u1ed3ng t\u1eeb https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/standalone/example_library.js:
--------------------------------------------------------------------------------
1 | //@zaproxy-standalone
2 |
3 | // Every function in this file will be imported and added in the global context in ./load_function_example.js
4 |
5 | var number = 1
6 |
7 | function customFunction(customParam) {
8 | print(customParam)
9 | return 'the return'
10 | }
11 |
--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | * text=auto eol=lf
2 |
3 | *.conf text
4 | *.gradle text
5 | *.gradle.kts text
6 | *.java text
7 | *.js text
8 | *.md text
9 | *.properties text
10 | *.py text
11 | *.txt text
12 | *.zest text
13 | *.zst text
14 |
15 | *.bat text eol=crlf
16 | *.sh text
17 | gradlew text
18 |
19 | *.jar binary
20 |
--------------------------------------------------------------------------------
/httpsender/add_header_response.py:
--------------------------------------------------------------------------------
1 |
2 | headers = dict({"Content-Type": "text/plain"});
3 |
4 | def sendingRequest(msg, initiator, helper):
5 | pass;
6 |
7 |
8 | def responseReceived(msg, initiator, helper):
9 | for x in list(headers):
10 | msg.getResponseHeader().setHeader(x, headers[x]);
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_ja_JP.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = \u30b3\u30df\u30e5\u30cb\u30c6\u30a3\u30b9\u30af\u30ea\u30d7\u30c8
2 | communityScripts.desc = \u30b3\u30df\u30e5\u30cb\u30c6\u30a3\u30b9\u30af\u30ea\u30d7\u30c8 https\://github.com/zaproxy/community-scripts \u304b\u3089
3 |
--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.properties:
--------------------------------------------------------------------------------
1 | distributionBase=GRADLE_USER_HOME
2 | distributionPath=wrapper/dists
3 | distributionSha256Sum=13bf8d3cf8eeeb5770d19741a59bde9bd966dd78d17f1bbad787a05ef19d1c2d
4 | distributionUrl=https\://services.gradle.org/distributions/gradle-7.0.2-all.zip
5 | zipStoreBase=GRADLE_USER_HOME
6 | zipStorePath=wrapper/dists
7 |
--------------------------------------------------------------------------------
/sequence/README.md:
--------------------------------------------------------------------------------
1 | Sequence scripts
2 | ================
3 |
4 | Scripts which define sequences of requests that should perform a specific task in an application.
5 | Sequence scripts must be implemented in Zest, and are used by the optional [Sequence Scanner](https://www.zaproxy.org/docs/desktop/addons/sequence-scanner/) add-on that is available from the ZAP Marketplace.
6 |
7 |
8 |
--------------------------------------------------------------------------------
/api/mass-baseline/docker-wrapper:
--------------------------------------------------------------------------------
1 | # This dockerfile builds the Mass Baseline wrapper around the ZAP weekly release
2 | FROM owasp/zap2docker-weekly
3 | MAINTAINER Simon Bennetts "psiinon@gmail.com"
4 |
5 | USER zap
6 | COPY mass-base* /zap/
7 | RUN mkdir /zap/wrk
8 | COPY mass-baseline-default.conf /zap/wrk/mass-baseline-default.conf
9 |
10 | USER root
11 | RUN chown zap /zap/mass-base*
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_es_ES.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = Guiones de la Comunidad \n\nEste archivo define todas las variantes predeterminadas (en ingl\u00e9s) de todos los mensajes internacionalizados\n\ncommunityScripts.name
2 | communityScripts.desc = Guiones de la Comunidad de https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_fa_IR.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = \u0627\u062c\u062a\u0645\u0627\u0639 \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0647\u0627
2 | communityScripts.desc = \u0627\u062c\u062a\u0645\u0627\u0639 \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0647\u0627 \u0627\u0632 https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/payloadprocessor/deflate_gzip_encoding.py:
--------------------------------------------------------------------------------
1 | # Auxiliary variables/constants for processing.
2 |
3 | import zlib;
4 |
5 | # Called for each payload that needs to be processed.
6 | # The type of variable 'payload' is string.
7 |
8 | def process(payload):
9 | # Do some processing to payload
10 | compressed_payload = zlib.compress(payload);
11 | return compressed_payload;
12 |
13 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_uk_UA.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = \u0421\u043a\u0440\u0438\u043f\u0442\u0438 \u0421\u043f\u0456\u043b\u044c\u043d\u043e\u0442\u0438
2 | communityScripts.desc = \u0421\u043a\u0440\u0438\u043f\u0442\u0438 \u0421\u043f\u0456\u043b\u044c\u043d\u043e\u0442\u0438 \u0437 https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/proxy/Emulate IE.js:
--------------------------------------------------------------------------------
1 | // This script was lazily crafted by Anthony Cozamanis, kurobeats@yahoo.co.jp
2 |
3 | function proxyRequest(msg) {
4 | var ua
5 | ua = 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko'
6 | msg.getRequestHeader().setHeader('User-Agent', ua)
7 | return true
8 | }
9 |
10 | function proxyResponse(msg) {
11 | // Leave the response alone
12 | return true
13 | }
14 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/Messages_ru_RU.properties:
--------------------------------------------------------------------------------
1 | communityScripts.name = \u0421\u043a\u0440\u0438\u043f\u0442\u044b \u0441\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u0430
2 | communityScripts.desc = \u0421\u043a\u0440\u0438\u043f\u0442\u044b \u0441\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u0430 \u043e\u0442 https\://github.com/zaproxy/community-scripts
3 |
--------------------------------------------------------------------------------
/proxy/Emulate Firefox.js:
--------------------------------------------------------------------------------
1 | // This script was lazily crafted by Anthony Cozamanis, kurobeats@yahoo.co.jp
2 |
3 | function proxyRequest(msg) {
4 | var ua
5 | ua = 'Mozilla/5.0 (X11; Linux i686 on x86_64; rv:28.0) Gecko/20100101 Firefox/28.0'
6 | msg.getRequestHeader().setHeader('User-Agent', ua)
7 | return true
8 | }
9 |
10 | function proxyResponse(msg) {
11 | // Leave the response alone
12 | return true
13 | }
14 |
--------------------------------------------------------------------------------
/targeted/Search www.xssposed.org for known XSS.js:
--------------------------------------------------------------------------------
1 | // Searches www.xssposed.org for known XSS vulnerabilities.
2 | // This script just launches your default browser to perform the search.
3 |
4 | function invokeWith(msg) {
5 | var host = msg.getRequestHeader().getURI().getHost();
6 |
7 | org.zaproxy.zap.utils.DesktopUtils.openUrlInBrowser(
8 | "https://www.xssposed.org/search/?search=" + host + "&type=host");
9 | }
10 |
--------------------------------------------------------------------------------
/payloadprocessor/to-hex.js:
--------------------------------------------------------------------------------
1 | /**
2 | * Converts a string payload to hex.
3 | *
4 | * Created to add functionality found in Burp to solve Natas19
5 | * https://www.youtube.com/watch?v=z3RtpWZ_R3Q
6 | *
7 | * EN10
8 | */
9 |
10 | function process(payload) {
11 | var hex = '';
12 | var i;
13 | for (i = 0; i < payload.length; i++) {
14 | hex += payload.charCodeAt(i).toString(16);
15 | }
16 | return hex;
17 | }
18 |
--------------------------------------------------------------------------------
/httpfuzzerprocessor/FuzzerStopOnStatusCode.js:
--------------------------------------------------------------------------------
1 | var STATUS_CODE_PARAM = "Status Code"
2 |
3 | function processMessage(utils, message) {
4 | }
5 |
6 | function processResult(utils, fuzzResult){
7 | if (fuzzResult.getHttpMessage().getResponseHeader().getStatusCode() == utils.getParameters().get(STATUS_CODE_PARAM))
8 | utils.stopFuzzer();
9 | return true;
10 | }
11 |
12 | function getRequiredParamsNames(){
13 | return [STATUS_CODE_PARAM]
14 | }
15 |
--------------------------------------------------------------------------------
/proxy/Emulate Chrome.js:
--------------------------------------------------------------------------------
1 | // This script was lazily crafted by Anthony Cozamanis, kurobeats@yahoo.co.jp
2 |
3 | function proxyRequest(msg) {
4 | var ua
5 | ua = 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36'
6 | msg.getRequestHeader().setHeader('User-Agent', ua)
7 | return true
8 | }
9 |
10 | function proxyResponse(msg) {
11 | // Leave the response alone
12 | return true
13 | }
14 |
--------------------------------------------------------------------------------
/proxy/Drop requests by response code.js:
--------------------------------------------------------------------------------
1 | // This script was lazily crafted by Anthony Cozamanis, kurobeats@yahoo.co.jp
2 | function proxyRequest(msg) {
3 | return true
4 | }
5 |
6 | function proxyResponse(msg) {
7 | var code = msg.getResponseHeader().getStatusCode()
8 | // You can add more codes here
9 | if (code == 404 || code == 403 || code == 500 || code == 502) {
10 | // Drop the response
11 | return false
12 | }
13 | return true
14 | }
15 |
--------------------------------------------------------------------------------
/proxy/Emulate Safari.js:
--------------------------------------------------------------------------------
1 | // This script was lazily crafted by Anthony Cozamanis, kurobeats@yahoo.co.jp
2 |
3 | function proxyRequest(msg) {
4 | var ua
5 | ua = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/7.0.2 Safari/537.74.9'
6 | msg.getRequestHeader().setHeader('User-Agent', ua)
7 | return true
8 | }
9 |
10 | function proxyResponse(msg) {
11 | // Leave the response alone
12 | return true
13 | }
14 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/proxy/Emulate iOS.js:
--------------------------------------------------------------------------------
1 | // This script was lazily crafted by Anthony Cozamanis, kurobeats@yahoo.co.jp
2 |
3 | function proxyRequest(msg) {
4 | var ua
5 | ua = 'Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3'
6 | msg.getRequestHeader().setHeader('User-Agent', ua)
7 | return true
8 | }
9 |
10 | function proxyResponse(msg) {
11 | // Leave the response alone
12 | return true
13 | }
14 |
--------------------------------------------------------------------------------
/proxy/Emulate Android.js:
--------------------------------------------------------------------------------
1 | // This script was lazily crafted by Anthony Cozamanis, kurobeats@yahoo.co.jp
2 |
3 | function proxyRequest(msg) {
4 | var ua
5 | ua = 'Mozilla/5.0 (Linux; U; Android 2.2; en-us; Droid Build/FRG22D) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1'
6 | msg.getRequestHeader().setHeader('User-Agent', ua)
7 | return true
8 | }
9 |
10 | function proxyResponse(msg) {
11 | // Leave the response alone
12 | return true
13 | }
14 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ar_SA/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_az_AZ/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_bs_BA/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_da_DK/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_de_DE/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_el_GR/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_es_ES/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_fa_IR/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_fr_FR/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_hi_IN/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_hr_HR/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_hu_HU/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_id_ID/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_it_IT/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ja_JP/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ko_KR/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ms_MY/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_pl_PL/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_pt_BR/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ro_RO/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ru_RU/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_si_LK/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sk_SK/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sl_SI/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sq_AL/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sr_CS/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sr_SP/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_tr_TR/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ur_PK/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_zh_CN/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ar_SA/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_az_AZ/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_bs_BA/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_da_DK/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_de_DE/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_el_GR/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_es_ES/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_fa_IR/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_fil_PH/index.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_fil_PH/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_fr_FR/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_hi_IN/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_hr_HR/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_hu_HU/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_id_ID/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_it_IT/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ja_JP/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ko_KR/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ms_MY/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_pl_PL/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_pt_BR/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ro_RO/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ru_RU/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_si_LK/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sk_SK/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sl_SI/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sq_AL/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sr_CS/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sr_SP/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_tr_TR/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ur_PK/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_zh_CN/map.jhm:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
10 |
--------------------------------------------------------------------------------
/src/main/resources/org/zaproxy/zap/extension/communityScripts/resources/cve-2021-22214.yml:
--------------------------------------------------------------------------------
1 | # This is a sample file for the purpose of demonstrating Cve-2021-22214, Unauthenticated GitLab SSRF - CI Lint API
2 | :.api_test:
3 | :rules:
4 | - :if: $CI_PIPELINE_SOURCE=="merge_request_event"
5 | :changes:
6 | - src/api/*
7 | :deploy:
8 | :rules:
9 | - :when: manual
10 | :allow_failure: true
11 | :extends:
12 | - ".api_test"
13 | :script:
14 | - echo "hello world"
--------------------------------------------------------------------------------
/targeted/search cvedetails using target server header.js:
--------------------------------------------------------------------------------
1 | // Captures Server header from the application response and searches cvedetails.com for known target server vulnerabilities.
2 |
3 |
4 | function invokeWith(msg) {
5 |
6 | var header = msg.getResponseHeader().getHeader("Server")
7 | if (header != null) {
8 | org.zaproxy.zap.utils.DesktopUtils.openUrlInBrowser(
9 | "http://www.cvedetails.com/google-search-results.php?q=" + encodeURIComponent(header) + "&sa=Search");
10 | }
11 |
12 | }
13 |
--------------------------------------------------------------------------------
/active/bxss.py:
--------------------------------------------------------------------------------
1 | # by: Khaled Nassar @knassar702
2 |
3 | # YOUR XSSHUNTER PAYLOAD
4 | bxss = '">'
5 | def scanNode(sas, msg):
6 | pass
7 |
8 |
9 | def scan(sas, msg, param, value):
10 |
11 | # Copy requests before reusing them
12 | msg = msg.cloneRequest();
13 |
14 | # setParam (message, parameterName, newValue)
15 | sas.setParam(msg, param, bxss);
16 |
17 | # sendAndReceive(msg, followRedirect, handleAntiCSRFtoken)
18 | sas.sendAndReceive(msg, False, False);
--------------------------------------------------------------------------------
/httpsender/change_response.py:
--------------------------------------------------------------------------------
1 |
2 | OLD_STRING = "display:none;";
3 | NEW_STRING = "";
4 |
5 | def sendingRequest(msg, initiator, helper):
6 | pass;
7 |
8 |
9 |
10 | def responseReceived(msg, initiator, helper):
11 | global OLD_STRING;
12 | global NEW_STRING;
13 |
14 | body = msg.getResponseBody().toString();
15 | newbody = body.replace(OLD_STRING, NEW_STRING);
16 | msg.setResponseBody(newbody);
17 | msg.getResponseHeader().setContentLength(msg.getResponseBody().length())
18 |
19 |
20 |
--------------------------------------------------------------------------------
/.github/workflows/crowdin-upload-files.yml:
--------------------------------------------------------------------------------
1 | name: Crowdin Upload Files
2 |
3 | on:
4 | workflow_dispatch:
5 |
6 | jobs:
7 | upload:
8 | name: Upload Files
9 | runs-on: ubuntu-latest
10 | steps:
11 | - uses: actions/checkout@v2
12 | - name: Setup Java
13 | uses: actions/setup-java@v1
14 | with:
15 | java-version: 8
16 | - name: Upload Files
17 | env:
18 | CROWDIN_AUTH_TOKEN: ${{ secrets.ZAPBOT_CROWDIN_TOKEN }}
19 | run: ./gradlew crowdinUploadSourceFiles
20 |
--------------------------------------------------------------------------------
/httpsender/add_header_request.py:
--------------------------------------------------------------------------------
1 |
2 | headers = dict({"X-MIP-ACCESS-TOKEN": "XXXXXxXX-xxXX-XXXx-xxxX-XXxxXxXXxXxX",
3 | "X-MIP-CHANNEL": "ANDROID",
4 | "X-MIP-Device-Id": "1",
5 | "X-MIP-APP-VERSION": "1.0.1",
6 | "X-MIP-APP-VERSION-ID": "1"});
7 |
8 | def sendingRequest(msg, initiator, helper):
9 | for x in list(headers):
10 | msg.getRequestHeader().setHeader(x, headers[x]);
11 |
12 |
13 | def responseReceived(msg, initiator, helper):
14 | pass;
15 |
16 |
--------------------------------------------------------------------------------
/httpsender/change_request.py:
--------------------------------------------------------------------------------
1 |
2 | OLD_STRING = "00.000.000/0000-00";
3 | NEW_STRING = "88.888.888/8888-88";
4 |
5 | def sendingRequest(msg, initiator, helper):
6 | global OLD_STRING;
7 | global NEW_STRING;
8 |
9 | body = msg.getRequestBody().toString();
10 | newbody = body.replace(OLD_STRING, NEW_STRING);
11 | msg.setRequestBody(newbody);
12 | msg.getRequestHeader().setContentLength(msg.getRequestBody().length());
13 |
14 |
15 |
16 | def responseReceived(msg, initiator, helper):
17 | pass;
18 |
19 |
20 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ja_JP/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/httpfuzzerprocessor/random_x_forwarded_for_ip.js:
--------------------------------------------------------------------------------
1 | function processMessage(utils, message) {
2 | var random_ip = Math.floor(Math.random() * 254)+ "." + Math.floor(Math.random() * 254) + "." + Math.floor(Math.random() * 254) + "." + Math.floor(Math.random() * 254);
3 | message.getRequestHeader().setHeader("X-Forwarded-For", random_ip);
4 | }
5 |
6 | function processResult(utils, fuzzResult){
7 | return true;
8 | }
9 |
10 | function getRequiredParamsNames(){
11 | return [];
12 | }
13 |
14 | function getOptionalParamsNames(){
15 | return [];
16 | }
17 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ar_SA/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_az_AZ/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_bs_BA/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_da_DK/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_de_DE/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_el_GR/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_es_ES/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_fa_IR/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_fr_FR/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_hi_IN/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_hr_HR/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_hu_HU/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_it_IT/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ko_KR/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ms_MY/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_pl_PL/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ro_RO/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_si_LK/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sk_SK/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sl_SI/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sq_AL/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sr_CS/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_sr_SP/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ur_PK/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_zh_CN/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_id_ID/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_pt_BR/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_tr_TR/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_fil_PH/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help_ru_RU/toc.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # Contributing to Community Scripts
2 |
3 | ## Changelog
4 |
5 | The relevant changes done to the Community Scripts add-on are tracked in the [CHANGELOG.md] file,
6 | when doing a pull request consider updating it with the change done. The changes should be added to
7 | the Unreleased section.
8 |
9 | ## Further Contribution Guidance
10 |
11 | For full information about contributing to ZAP repositories please read [CONTRIBUTING.md].
12 |
13 | [CHANGELOG.md]: CHANGELOG.md
14 | [CONTRIBUTING.md]: https://github.com/zaproxy/zaproxy/blob/main/CONTRIBUTING.md
15 |
--------------------------------------------------------------------------------
/payloadprocessor/sqlmap - chardoubleencode.py:
--------------------------------------------------------------------------------
1 | import string
2 |
3 | def process(payload):
4 |
5 | retVal = payload
6 |
7 | if payload:
8 | retVal = ""
9 | i = 0
10 |
11 | while i < len(payload):
12 | if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:
13 | retVal += '%%25%s' % payload[i + 1:i + 3]
14 | i += 3
15 | else:
16 | retVal += '%%25%.2X' % ord(payload[i])
17 | i += 1
18 |
19 | return retVal
20 |
--------------------------------------------------------------------------------
/payloadprocessor/sqlmap - charunicodeencode.py:
--------------------------------------------------------------------------------
1 | import string
2 |
3 | def process(payload):
4 |
5 | retVal = payload
6 |
7 | if payload:
8 | retVal = ""
9 | i = 0
10 |
11 | while i < len(payload):
12 | if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:
13 | retVal += "%%u00%s" % payload[i + 1:i + 3]
14 | i += 3
15 | else:
16 | retVal += '%%u%.4X' % ord(payload[i])
17 | i += 1
18 |
19 | return retVal
20 |
21 |
--------------------------------------------------------------------------------
/standalone/README.md:
--------------------------------------------------------------------------------
1 | Standalone scripts
2 | ==================
3 |
4 | Scripts that are self contained and are only run when you start them manually.
5 |
6 | **Note**: "_Persona Create Account.zst_" will no longer work as of November 30th 2016, for more information see: [Identity/Persona Shutdown Guidelines for Reliers](https://wiki.mozilla.org/Identity/Persona_Shutdown_Guidelines_for_Reliers). The script is being kept in the repository as an example.
7 |
8 | ## JavaScript template
9 |
10 | ```JavaScript
11 | // Standalone scripts have no template.
12 | // They are only evaluated when you run them.
13 | ```
14 |
--------------------------------------------------------------------------------
/payloadprocessor/sqlmap - charencode.py:
--------------------------------------------------------------------------------
1 | import string
2 | import time
3 |
4 | def process(payload):
5 |
6 | retVal = payload
7 |
8 | if payload:
9 | retVal = ""
10 | i = 0
11 |
12 | while i < len(payload):
13 | if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:
14 | retVal += payload[i:i + 3]
15 | i += 3
16 | else:
17 | retVal += '%%%.2X' % ord(payload[i])
18 | i += 1
19 | time.sleep(10)
20 | return retVal
21 |
--------------------------------------------------------------------------------
/api/sdlc-integration/demos/start-zap.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | WD="$( cd "$( dirname "$0" )" && pwd )"
4 |
5 | # Restart ?
6 | if $(curl -sSf localhost:8080 &> /dev/null)
7 | then
8 | echo "Restarting ZAP..."
9 | curl "http://localhost:8080/JSON/core/action/shutdown/"
10 | sleep 4
11 | fi
12 |
13 | # Start
14 | /Applications/OWASP\ ZAP.app/Contents/Java/zap.sh -daemon -port 8080 -config api.disablekey=true &
15 |
16 | # Wait for it to init
17 | while ! $(curl -sSf localhost:8080 &> /dev/null)
18 | do
19 | echo "Waiting for proxy to start..."
20 | sleep 3
21 | done
22 | sleep 3
23 |
24 | echo "Proxy is running..."
25 | echo
26 |
--------------------------------------------------------------------------------
/.github/workflows/prepare-release-add-on.yml:
--------------------------------------------------------------------------------
1 | name: Prepare Release Add-on
2 |
3 | on:
4 | workflow_dispatch:
5 |
6 | jobs:
7 | prepare-release:
8 | name: Prepare Release
9 | runs-on: ubuntu-latest
10 | steps:
11 | - uses: actions/checkout@v2
12 | with:
13 | fetch-depth: 0
14 | persist-credentials: false
15 | - name: Setup Java
16 | uses: actions/setup-java@v1
17 | with:
18 | java-version: 8
19 | - name: Prepare Release and Create Pull Request
20 | env:
21 | ZAPBOT_TOKEN: ${{ secrets.ZAPBOT_TOKEN }}
22 | run: ./gradlew createPullRequestRelease
23 |
--------------------------------------------------------------------------------
/standalone/Traverse sites tree.js:
--------------------------------------------------------------------------------
1 | // This script traverses the sites tree - change it to do whatever you want to do :)
2 | //
3 | // Standalone scripts have no template.
4 | // They are only evaluated when you run them.
5 |
6 | function listChildren(node, level) {
7 | var j;
8 | for (j=0;j 0) {
10 | var o = body.indexOf('', o);
13 | print("\t" + body.substr(o,e-o+3))
14 | o = body.indexOf('