├── .gitignore ├── LICENSE ├── README.md ├── composer.json ├── phpunit.xml ├── src └── Zap │ ├── Acsrf.php │ ├── AjaxSpider.php │ ├── Ascan.php │ ├── Authentication.php │ ├── Autoupdate.php │ ├── Brk.php │ ├── Context.php │ ├── Core.php │ ├── ForcedUser.php │ ├── HttpSessions.php │ ├── ImportLogFiles.php │ ├── Params.php │ ├── Pnh.php │ ├── Pscan.php │ ├── Reveal.php │ ├── Script.php │ ├── Search.php │ ├── Selenium.php │ ├── SessionManagement.php │ ├── Spider.php │ ├── Users.php │ └── Zapv2.php └── test ├── excluded └── SampleTest.php └── src └── Zap └── Zapv2Test.php /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | composer.lock 3 | /vendor 4 | /.idea 5 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | php-owasp-zap-v2 2 | ================ 3 | 4 | PHP client API for OWASP ZAP 2.4 5 | 6 | All API class files (except Zapv2.php) are generated automatically using the ZAProxy API generator. 7 | 8 | ##Getting Started 9 | 10 | 1. Add following lines to `composer.json` in your PHP project. 11 | 12 | ``` 13 | { 14 | ... 15 | "require": { 16 | ... 17 | "zaproxy/php-owasp-zap-v2": "2.4.*@beta", 18 | ... 19 | } 20 | ... 21 | } 22 | ``` 23 | 24 | 2. `$ php composer.phar install/update` 25 | 26 | ##Usage 27 | Example: 28 | 29 | ```php 30 | core->version(); 40 | if (is_null($version)) { 41 | echo "PHP API error\n"; 42 | exit(); 43 | } else { 44 | echo "version: ${version}\n"; 45 | } 46 | 47 | echo "Spidering target ${target}\n"; 48 | 49 | // Response JSON looks like {"scan":"1"} 50 | $scan_id = $zap->spider->scan($target, null, null, null, $api_key); 51 | $count = 0; 52 | while (true) { 53 | if ($count > 10) exit(); 54 | // Response JSON looks like {"status":"50"} 55 | $progress = intval($zap->spider->status($scan_id)); 56 | printf("Spider progress %d\n", $progress); 57 | if ($progress >= 100) break; 58 | sleep(2); 59 | $count++; 60 | } 61 | echo "Spider completed\n"; 62 | // Give the passive scanner a chance to finish 63 | sleep(5); 64 | 65 | echo "Scanning target ${target}\n"; 66 | // Response JSON for error looks like {"code":"url_not_found", "message":"URL is not found"} 67 | $scan_id = $zap->ascan->scan($target, null, null, null, null, null, $api_key); 68 | $count = 0; 69 | while (true) { 70 | if ($count > 10) exit(); 71 | $progress = intval($zap->ascan->status($scan_id)); 72 | printf("Scan progress %d\n", $progress); 73 | if ($progress >= 100) break; 74 | sleep(2); 75 | $count++; 76 | } 77 | echo "Scan completed\n"; 78 | 79 | // Report the results 80 | echo "Hosts: " . implode(",", $zap->core->hosts()) . "\n"; 81 | $alerts = $zap->core->alerts($target, "", ""); 82 | echo "Alerts (" . count($alerts) . "):\n"; 83 | print_r($alerts); 84 | 85 | ``` 86 | 87 | ## API 88 | OWASP ZAP Wiki: [ApiGen_Index · zaproxy/zaproxy Wiki](https://github.com/zaproxy/zaproxy/wiki/ApiGen_Index) 89 | 90 | 91 | ##License 92 | - Apache License, Version 2.0 93 | -------------------------------------------------------------------------------- /composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "zaproxy/php-owasp-zap-v2", 3 | "description": "PHP client API for OWASP ZAP", 4 | "keywords": ["ZAP"], 5 | "license": "Apache-2.0", 6 | "authors": [ 7 | { 8 | "name": "ZAP development team", 9 | "email": "yukisov@gmail.com", 10 | "homepage": "https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project" 11 | } 12 | ], 13 | "require-dev": { 14 | "phpunit/phpunit": "4.3.*", 15 | "mockery/mockery": "dev-master@dev" 16 | }, 17 | "require": { 18 | "php": ">=5.3.0" 19 | }, 20 | "autoload": { 21 | "psr-4": { 22 | "Zap\\": "src/Zap/", 23 | "Zap\\Test\\": "test/src/Zap/" 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /phpunit.xml: -------------------------------------------------------------------------------- 1 | 2 | 13 | 14 | 15 | ./test/src/ 16 | ./test/excluded 17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /src/Zap/Acsrf.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | /** 36 | * Lists the names of all anti CSRF tokens 37 | */ 38 | public function optionTokensNames() { 39 | $res = $this->zap->request($this->zap->base . 'acsrf/view/optionTokensNames/'); 40 | return reset($res); 41 | } 42 | 43 | /** 44 | * Adds an anti CSRF token with the given name, enabled by default 45 | */ 46 | public function addOptionToken($string, $apikey='') { 47 | $res = $this->zap->request($this->zap->base . 'acsrf/action/addOptionToken/', array('String' => $string, 'apikey' => $apikey)); 48 | return reset($res); 49 | } 50 | 51 | /** 52 | * Removes the anti CSRF token with the given name 53 | */ 54 | public function removeOptionToken($string, $apikey='') { 55 | $res = $this->zap->request($this->zap->base . 'acsrf/action/removeOptionToken/', array('String' => $string, 'apikey' => $apikey)); 56 | return reset($res); 57 | } 58 | 59 | /** 60 | * Generate a form for testing lack of anti CSRF tokens - typically invoked via ZAP 61 | */ 62 | public function genForm($hrefid, $apikey='') { 63 | return $this->zap->requestother($this->zap->base_other . 'acsrf/other/genForm/', array('hrefId' => $hrefid, 'apikey' => $apikey)); 64 | } 65 | 66 | } 67 | -------------------------------------------------------------------------------- /src/Zap/AjaxSpider.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | /** 36 | * This component is optional and therefore the API will only work if it is installed 37 | */ 38 | public function status() { 39 | return $this->zap->request($this->zap->base . 'ajaxSpider/view/status/')->{'status'}; 40 | } 41 | 42 | /** 43 | * This component is optional and therefore the API will only work if it is installed 44 | */ 45 | public function results($start='', $count='') { 46 | return $this->zap->request($this->zap->base . 'ajaxSpider/view/results/', array('start' => $start, 'count' => $count))->{'results'}; 47 | } 48 | 49 | /** 50 | * This component is optional and therefore the API will only work if it is installed 51 | */ 52 | public function numberOfResults() { 53 | return $this->zap->request($this->zap->base . 'ajaxSpider/view/numberOfResults/')->{'numberOfResults'}; 54 | } 55 | 56 | /** 57 | * This component is optional and therefore the API will only work if it is installed 58 | */ 59 | public function scan($url, $inscope='', $apikey='') { 60 | return $this->zap->request($this->zap->base . 'ajaxSpider/action/scan/', array('url' => $url, 'inScope' => $inscope, 'apikey' => $apikey)); 61 | } 62 | 63 | /** 64 | * This component is optional and therefore the API will only work if it is installed 65 | */ 66 | public function stop($apikey='') { 67 | return $this->zap->request($this->zap->base . 'ajaxSpider/action/stop/', array('apikey' => $apikey)); 68 | } 69 | 70 | } 71 | -------------------------------------------------------------------------------- /src/Zap/Ascan.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | public function status($scanid=NULL) { 36 | $params = array(); 37 | if ($scanid !== NULL) { 38 | $params['scanId'] = $scanid; 39 | } 40 | $res = $this->zap->request($this->zap->base . 'ascan/view/status/', $params); 41 | return reset($res); 42 | } 43 | 44 | public function scanProgress($scanid=NULL) { 45 | $params = array(); 46 | if ($scanid !== NULL) { 47 | $params['scanId'] = $scanid; 48 | } 49 | $res = $this->zap->request($this->zap->base . 'ascan/view/scanProgress/', $params); 50 | return reset($res); 51 | } 52 | 53 | public function messagesIds($scanid) { 54 | $res = $this->zap->request($this->zap->base . 'ascan/view/messagesIds/', array('scanId' => $scanid)); 55 | return reset($res); 56 | } 57 | 58 | public function alertsIds($scanid) { 59 | $res = $this->zap->request($this->zap->base . 'ascan/view/alertsIds/', array('scanId' => $scanid)); 60 | return reset($res); 61 | } 62 | 63 | public function scans() { 64 | $res = $this->zap->request($this->zap->base . 'ascan/view/scans/'); 65 | return reset($res); 66 | } 67 | 68 | public function scanPolicyNames() { 69 | $res = $this->zap->request($this->zap->base . 'ascan/view/scanPolicyNames/'); 70 | return reset($res); 71 | } 72 | 73 | public function excludedFromScan() { 74 | $res = $this->zap->request($this->zap->base . 'ascan/view/excludedFromScan/'); 75 | return reset($res); 76 | } 77 | 78 | public function scanners($scanpolicyname=NULL, $policyid=NULL) { 79 | $params = array(); 80 | if ($scanpolicyname !== NULL) { 81 | $params['scanPolicyName'] = $scanpolicyname; 82 | } 83 | if ($policyid !== NULL) { 84 | $params['policyId'] = $policyid; 85 | } 86 | $res = $this->zap->request($this->zap->base . 'ascan/view/scanners/', $params); 87 | return reset($res); 88 | } 89 | 90 | public function policies($scanpolicyname=NULL, $policyid=NULL) { 91 | $params = array(); 92 | if ($scanpolicyname !== NULL) { 93 | $params['scanPolicyName'] = $scanpolicyname; 94 | } 95 | if ($policyid !== NULL) { 96 | $params['policyId'] = $policyid; 97 | } 98 | $res = $this->zap->request($this->zap->base . 'ascan/view/policies/', $params); 99 | return reset($res); 100 | } 101 | 102 | public function attackModeQueue() { 103 | $res = $this->zap->request($this->zap->base . 'ascan/view/attackModeQueue/'); 104 | return reset($res); 105 | } 106 | 107 | public function optionAttackPolicy() { 108 | $res = $this->zap->request($this->zap->base . 'ascan/view/optionAttackPolicy/'); 109 | return reset($res); 110 | } 111 | 112 | public function optionDefaultPolicy() { 113 | $res = $this->zap->request($this->zap->base . 'ascan/view/optionDefaultPolicy/'); 114 | return reset($res); 115 | } 116 | 117 | public function optionDelayInMs() { 118 | $res = $this->zap->request($this->zap->base . 'ascan/view/optionDelayInMs/'); 119 | return reset($res); 120 | } 121 | 122 | public function optionExcludedParamList() { 123 | $res = $this->zap->request($this->zap->base . 'ascan/view/optionExcludedParamList/'); 124 | return reset($res); 125 | } 126 | 127 | public function optionHandleAntiCSRFTokens() { 128 | $res = $this->zap->request($this->zap->base . 'ascan/view/optionHandleAntiCSRFTokens/'); 129 | return reset($res); 130 | } 131 | 132 | public function optionHostPerScan() { 133 | $res = $this->zap->request($this->zap->base . 'ascan/view/optionHostPerScan/'); 134 | return reset($res); 135 | } 136 | 137 | public function optionMaxChartTimeInMins() { 138 | $res = $this->zap->request($this->zap->base . 'ascan/view/optionMaxChartTimeInMins/'); 139 | return reset($res); 140 | } 141 | 142 | public function optionMaxResultsToList() { 143 | $res = $this->zap->request($this->zap->base . 'ascan/view/optionMaxResultsToList/'); 144 | return reset($res); 145 | } 146 | 147 | public function optionMaxScansInUI() { 148 | $res = $this->zap->request($this->zap->base . 'ascan/view/optionMaxScansInUI/'); 149 | return reset($res); 150 | } 151 | 152 | public function optionTargetParamsEnabledRPC() { 153 | $res = $this->zap->request($this->zap->base . 'ascan/view/optionTargetParamsEnabledRPC/'); 154 | return reset($res); 155 | } 156 | 157 | public function optionTargetParamsInjectable() { 158 | $res = $this->zap->request($this->zap->base . 'ascan/view/optionTargetParamsInjectable/'); 159 | return reset($res); 160 | } 161 | 162 | public function optionThreadPerHost() { 163 | $res = $this->zap->request($this->zap->base . 'ascan/view/optionThreadPerHost/'); 164 | return reset($res); 165 | } 166 | 167 | public function optionAllowAttackOnStart() { 168 | $res = $this->zap->request($this->zap->base . 'ascan/view/optionAllowAttackOnStart/'); 169 | return reset($res); 170 | } 171 | 172 | public function optionInjectPluginIdInHeader() { 173 | $res = $this->zap->request($this->zap->base . 'ascan/view/optionInjectPluginIdInHeader/'); 174 | return reset($res); 175 | } 176 | 177 | public function optionPromptInAttackMode() { 178 | $res = $this->zap->request($this->zap->base . 'ascan/view/optionPromptInAttackMode/'); 179 | return reset($res); 180 | } 181 | 182 | public function optionPromptToClearFinishedScans() { 183 | $res = $this->zap->request($this->zap->base . 'ascan/view/optionPromptToClearFinishedScans/'); 184 | return reset($res); 185 | } 186 | 187 | public function optionRescanInAttackMode() { 188 | $res = $this->zap->request($this->zap->base . 'ascan/view/optionRescanInAttackMode/'); 189 | return reset($res); 190 | } 191 | 192 | public function optionShowAdvancedDialog() { 193 | $res = $this->zap->request($this->zap->base . 'ascan/view/optionShowAdvancedDialog/'); 194 | return reset($res); 195 | } 196 | 197 | public function scan($url, $recurse=NULL, $inscopeonly=NULL, $scanpolicyname=NULL, $method=NULL, $postdata=NULL, $apikey='') { 198 | $params = array('url' => $url, 'apikey' => $apikey); 199 | if ($recurse !== NULL) { 200 | $params['recurse'] = $recurse; 201 | } 202 | if ($inscopeonly !== NULL) { 203 | $params['inScopeOnly'] = $inscopeonly; 204 | } 205 | if ($scanpolicyname !== NULL) { 206 | $params['scanPolicyName'] = $scanpolicyname; 207 | } 208 | if ($method !== NULL) { 209 | $params['method'] = $method; 210 | } 211 | if ($postdata !== NULL) { 212 | $params['postData'] = $postdata; 213 | } 214 | $res = $this->zap->request($this->zap->base . 'ascan/action/scan/', $params); 215 | return reset($res); 216 | } 217 | 218 | /** 219 | * Active Scans from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details. 220 | */ 221 | public function scanAsUser($url, $contextid, $userid, $recurse=NULL, $scanpolicyname=NULL, $method=NULL, $postdata=NULL, $apikey='') { 222 | $params = array('url' => $url, 'contextId' => $contextid, 'userId' => $userid, 'apikey' => $apikey); 223 | if ($recurse !== NULL) { 224 | $params['recurse'] = $recurse; 225 | } 226 | if ($scanpolicyname !== NULL) { 227 | $params['scanPolicyName'] = $scanpolicyname; 228 | } 229 | if ($method !== NULL) { 230 | $params['method'] = $method; 231 | } 232 | if ($postdata !== NULL) { 233 | $params['postData'] = $postdata; 234 | } 235 | $res = $this->zap->request($this->zap->base . 'ascan/action/scanAsUser/', $params); 236 | return reset($res); 237 | } 238 | 239 | public function pause($scanid, $apikey='') { 240 | $res = $this->zap->request($this->zap->base . 'ascan/action/pause/', array('scanId' => $scanid, 'apikey' => $apikey)); 241 | return reset($res); 242 | } 243 | 244 | public function resume($scanid, $apikey='') { 245 | $res = $this->zap->request($this->zap->base . 'ascan/action/resume/', array('scanId' => $scanid, 'apikey' => $apikey)); 246 | return reset($res); 247 | } 248 | 249 | public function stop($scanid, $apikey='') { 250 | $res = $this->zap->request($this->zap->base . 'ascan/action/stop/', array('scanId' => $scanid, 'apikey' => $apikey)); 251 | return reset($res); 252 | } 253 | 254 | public function removeScan($scanid, $apikey='') { 255 | $res = $this->zap->request($this->zap->base . 'ascan/action/removeScan/', array('scanId' => $scanid, 'apikey' => $apikey)); 256 | return reset($res); 257 | } 258 | 259 | public function pauseAllScans($apikey='') { 260 | $res = $this->zap->request($this->zap->base . 'ascan/action/pauseAllScans/', array('apikey' => $apikey)); 261 | return reset($res); 262 | } 263 | 264 | public function resumeAllScans($apikey='') { 265 | $res = $this->zap->request($this->zap->base . 'ascan/action/resumeAllScans/', array('apikey' => $apikey)); 266 | return reset($res); 267 | } 268 | 269 | public function stopAllScans($apikey='') { 270 | $res = $this->zap->request($this->zap->base . 'ascan/action/stopAllScans/', array('apikey' => $apikey)); 271 | return reset($res); 272 | } 273 | 274 | public function removeAllScans($apikey='') { 275 | $res = $this->zap->request($this->zap->base . 'ascan/action/removeAllScans/', array('apikey' => $apikey)); 276 | return reset($res); 277 | } 278 | 279 | public function clearExcludedFromScan($apikey='') { 280 | $res = $this->zap->request($this->zap->base . 'ascan/action/clearExcludedFromScan/', array('apikey' => $apikey)); 281 | return reset($res); 282 | } 283 | 284 | public function excludeFromScan($regex, $apikey='') { 285 | $res = $this->zap->request($this->zap->base . 'ascan/action/excludeFromScan/', array('regex' => $regex, 'apikey' => $apikey)); 286 | return reset($res); 287 | } 288 | 289 | public function enableAllScanners($scanpolicyname=NULL, $apikey='') { 290 | $params = array('apikey' => $apikey); 291 | if ($scanpolicyname !== NULL) { 292 | $params['scanPolicyName'] = $scanpolicyname; 293 | } 294 | $res = $this->zap->request($this->zap->base . 'ascan/action/enableAllScanners/', $params); 295 | return reset($res); 296 | } 297 | 298 | public function disableAllScanners($scanpolicyname=NULL, $apikey='') { 299 | $params = array('apikey' => $apikey); 300 | if ($scanpolicyname !== NULL) { 301 | $params['scanPolicyName'] = $scanpolicyname; 302 | } 303 | $res = $this->zap->request($this->zap->base . 'ascan/action/disableAllScanners/', $params); 304 | return reset($res); 305 | } 306 | 307 | public function enableScanners($ids, $apikey='') { 308 | $res = $this->zap->request($this->zap->base . 'ascan/action/enableScanners/', array('ids' => $ids, 'apikey' => $apikey)); 309 | return reset($res); 310 | } 311 | 312 | public function disableScanners($ids, $apikey='') { 313 | $res = $this->zap->request($this->zap->base . 'ascan/action/disableScanners/', array('ids' => $ids, 'apikey' => $apikey)); 314 | return reset($res); 315 | } 316 | 317 | public function setEnabledPolicies($ids, $apikey='') { 318 | $res = $this->zap->request($this->zap->base . 'ascan/action/setEnabledPolicies/', array('ids' => $ids, 'apikey' => $apikey)); 319 | return reset($res); 320 | } 321 | 322 | public function setPolicyAttackStrength($id, $attackstrength, $scanpolicyname=NULL, $apikey='') { 323 | $params = array('id' => $id, 'attackStrength' => $attackstrength, 'apikey' => $apikey); 324 | if ($scanpolicyname !== NULL) { 325 | $params['scanPolicyName'] = $scanpolicyname; 326 | } 327 | $res = $this->zap->request($this->zap->base . 'ascan/action/setPolicyAttackStrength/', $params); 328 | return reset($res); 329 | } 330 | 331 | public function setPolicyAlertThreshold($id, $alertthreshold, $scanpolicyname=NULL, $apikey='') { 332 | $params = array('id' => $id, 'alertThreshold' => $alertthreshold, 'apikey' => $apikey); 333 | if ($scanpolicyname !== NULL) { 334 | $params['scanPolicyName'] = $scanpolicyname; 335 | } 336 | $res = $this->zap->request($this->zap->base . 'ascan/action/setPolicyAlertThreshold/', $params); 337 | return reset($res); 338 | } 339 | 340 | public function setScannerAttackStrength($id, $attackstrength, $scanpolicyname=NULL, $apikey='') { 341 | $params = array('id' => $id, 'attackStrength' => $attackstrength, 'apikey' => $apikey); 342 | if ($scanpolicyname !== NULL) { 343 | $params['scanPolicyName'] = $scanpolicyname; 344 | } 345 | $res = $this->zap->request($this->zap->base . 'ascan/action/setScannerAttackStrength/', $params); 346 | return reset($res); 347 | } 348 | 349 | public function setScannerAlertThreshold($id, $alertthreshold, $scanpolicyname=NULL, $apikey='') { 350 | $params = array('id' => $id, 'alertThreshold' => $alertthreshold, 'apikey' => $apikey); 351 | if ($scanpolicyname !== NULL) { 352 | $params['scanPolicyName'] = $scanpolicyname; 353 | } 354 | $res = $this->zap->request($this->zap->base . 'ascan/action/setScannerAlertThreshold/', $params); 355 | return reset($res); 356 | } 357 | 358 | public function addScanPolicy($scanpolicyname, $apikey='') { 359 | $res = $this->zap->request($this->zap->base . 'ascan/action/addScanPolicy/', array('scanPolicyName' => $scanpolicyname, 'apikey' => $apikey)); 360 | return reset($res); 361 | } 362 | 363 | public function removeScanPolicy($scanpolicyname, $apikey='') { 364 | $res = $this->zap->request($this->zap->base . 'ascan/action/removeScanPolicy/', array('scanPolicyName' => $scanpolicyname, 'apikey' => $apikey)); 365 | return reset($res); 366 | } 367 | 368 | public function setOptionAttackPolicy($string, $apikey='') { 369 | $res = $this->zap->request($this->zap->base . 'ascan/action/setOptionAttackPolicy/', array('String' => $string, 'apikey' => $apikey)); 370 | return reset($res); 371 | } 372 | 373 | public function setOptionDefaultPolicy($string, $apikey='') { 374 | $res = $this->zap->request($this->zap->base . 'ascan/action/setOptionDefaultPolicy/', array('String' => $string, 'apikey' => $apikey)); 375 | return reset($res); 376 | } 377 | 378 | public function setOptionAllowAttackOnStart($boolean, $apikey='') { 379 | $res = $this->zap->request($this->zap->base . 'ascan/action/setOptionAllowAttackOnStart/', array('Boolean' => $boolean, 'apikey' => $apikey)); 380 | return reset($res); 381 | } 382 | 383 | public function setOptionDelayInMs($integer, $apikey='') { 384 | $res = $this->zap->request($this->zap->base . 'ascan/action/setOptionDelayInMs/', array('Integer' => $integer, 'apikey' => $apikey)); 385 | return reset($res); 386 | } 387 | 388 | public function setOptionHandleAntiCSRFTokens($boolean, $apikey='') { 389 | $res = $this->zap->request($this->zap->base . 'ascan/action/setOptionHandleAntiCSRFTokens/', array('Boolean' => $boolean, 'apikey' => $apikey)); 390 | return reset($res); 391 | } 392 | 393 | public function setOptionHostPerScan($integer, $apikey='') { 394 | $res = $this->zap->request($this->zap->base . 'ascan/action/setOptionHostPerScan/', array('Integer' => $integer, 'apikey' => $apikey)); 395 | return reset($res); 396 | } 397 | 398 | public function setOptionInjectPluginIdInHeader($boolean, $apikey='') { 399 | $res = $this->zap->request($this->zap->base . 'ascan/action/setOptionInjectPluginIdInHeader/', array('Boolean' => $boolean, 'apikey' => $apikey)); 400 | return reset($res); 401 | } 402 | 403 | public function setOptionMaxChartTimeInMins($integer, $apikey='') { 404 | $res = $this->zap->request($this->zap->base . 'ascan/action/setOptionMaxChartTimeInMins/', array('Integer' => $integer, 'apikey' => $apikey)); 405 | return reset($res); 406 | } 407 | 408 | public function setOptionMaxResultsToList($integer, $apikey='') { 409 | $res = $this->zap->request($this->zap->base . 'ascan/action/setOptionMaxResultsToList/', array('Integer' => $integer, 'apikey' => $apikey)); 410 | return reset($res); 411 | } 412 | 413 | public function setOptionMaxScansInUI($integer, $apikey='') { 414 | $res = $this->zap->request($this->zap->base . 'ascan/action/setOptionMaxScansInUI/', array('Integer' => $integer, 'apikey' => $apikey)); 415 | return reset($res); 416 | } 417 | 418 | public function setOptionPromptInAttackMode($boolean, $apikey='') { 419 | $res = $this->zap->request($this->zap->base . 'ascan/action/setOptionPromptInAttackMode/', array('Boolean' => $boolean, 'apikey' => $apikey)); 420 | return reset($res); 421 | } 422 | 423 | public function setOptionPromptToClearFinishedScans($boolean, $apikey='') { 424 | $res = $this->zap->request($this->zap->base . 'ascan/action/setOptionPromptToClearFinishedScans/', array('Boolean' => $boolean, 'apikey' => $apikey)); 425 | return reset($res); 426 | } 427 | 428 | public function setOptionRescanInAttackMode($boolean, $apikey='') { 429 | $res = $this->zap->request($this->zap->base . 'ascan/action/setOptionRescanInAttackMode/', array('Boolean' => $boolean, 'apikey' => $apikey)); 430 | return reset($res); 431 | } 432 | 433 | public function setOptionShowAdvancedDialog($boolean, $apikey='') { 434 | $res = $this->zap->request($this->zap->base . 'ascan/action/setOptionShowAdvancedDialog/', array('Boolean' => $boolean, 'apikey' => $apikey)); 435 | return reset($res); 436 | } 437 | 438 | public function setOptionTargetParamsEnabledRPC($integer, $apikey='') { 439 | $res = $this->zap->request($this->zap->base . 'ascan/action/setOptionTargetParamsEnabledRPC/', array('Integer' => $integer, 'apikey' => $apikey)); 440 | return reset($res); 441 | } 442 | 443 | public function setOptionTargetParamsInjectable($integer, $apikey='') { 444 | $res = $this->zap->request($this->zap->base . 'ascan/action/setOptionTargetParamsInjectable/', array('Integer' => $integer, 'apikey' => $apikey)); 445 | return reset($res); 446 | } 447 | 448 | public function setOptionThreadPerHost($integer, $apikey='') { 449 | $res = $this->zap->request($this->zap->base . 'ascan/action/setOptionThreadPerHost/', array('Integer' => $integer, 'apikey' => $apikey)); 450 | return reset($res); 451 | } 452 | 453 | } 454 | -------------------------------------------------------------------------------- /src/Zap/Authentication.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | public function getSupportedAuthenticationMethods() { 36 | $res = $this->zap->request($this->zap->base . 'authentication/view/getSupportedAuthenticationMethods/'); 37 | return reset($res); 38 | } 39 | 40 | public function getAuthenticationMethodConfigParams($authmethodname) { 41 | $res = $this->zap->request($this->zap->base . 'authentication/view/getAuthenticationMethodConfigParams/', array('authMethodName' => $authmethodname)); 42 | return reset($res); 43 | } 44 | 45 | public function getAuthenticationMethod($contextid) { 46 | $res = $this->zap->request($this->zap->base . 'authentication/view/getAuthenticationMethod/', array('contextId' => $contextid)); 47 | return reset($res); 48 | } 49 | 50 | public function getLoggedInIndicator($contextid) { 51 | $res = $this->zap->request($this->zap->base . 'authentication/view/getLoggedInIndicator/', array('contextId' => $contextid)); 52 | return reset($res); 53 | } 54 | 55 | public function getLoggedOutIndicator($contextid) { 56 | $res = $this->zap->request($this->zap->base . 'authentication/view/getLoggedOutIndicator/', array('contextId' => $contextid)); 57 | return reset($res); 58 | } 59 | 60 | public function setAuthenticationMethod($contextid, $authmethodname, $authmethodconfigparams=NULL, $apikey='') { 61 | $params = array('contextId' => $contextid, 'authMethodName' => $authmethodname, 'apikey' => $apikey); 62 | if ($authmethodconfigparams !== NULL) { 63 | $params['authMethodConfigParams'] = $authmethodconfigparams; 64 | } 65 | $res = $this->zap->request($this->zap->base . 'authentication/action/setAuthenticationMethod/', $params); 66 | return reset($res); 67 | } 68 | 69 | public function setLoggedInIndicator($contextid, $loggedinindicatorregex, $apikey='') { 70 | $res = $this->zap->request($this->zap->base . 'authentication/action/setLoggedInIndicator/', array('contextId' => $contextid, 'loggedInIndicatorRegex' => $loggedinindicatorregex, 'apikey' => $apikey)); 71 | return reset($res); 72 | } 73 | 74 | public function setLoggedOutIndicator($contextid, $loggedoutindicatorregex, $apikey='') { 75 | $res = $this->zap->request($this->zap->base . 'authentication/action/setLoggedOutIndicator/', array('contextId' => $contextid, 'loggedOutIndicatorRegex' => $loggedoutindicatorregex, 'apikey' => $apikey)); 76 | return reset($res); 77 | } 78 | 79 | } 80 | -------------------------------------------------------------------------------- /src/Zap/Autoupdate.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | /** 36 | * Returns the latest version number 37 | */ 38 | public function latestVersionNumber() { 39 | $res = $this->zap->request($this->zap->base . 'autoupdate/view/latestVersionNumber/'); 40 | return reset($res); 41 | } 42 | 43 | /** 44 | * Returns 'true' if ZAP is on the latest version 45 | */ 46 | public function isLatestVersion() { 47 | $res = $this->zap->request($this->zap->base . 'autoupdate/view/isLatestVersion/'); 48 | return reset($res); 49 | } 50 | 51 | public function optionAddonDirectories() { 52 | $res = $this->zap->request($this->zap->base . 'autoupdate/view/optionAddonDirectories/'); 53 | return reset($res); 54 | } 55 | 56 | public function optionDayLastChecked() { 57 | $res = $this->zap->request($this->zap->base . 'autoupdate/view/optionDayLastChecked/'); 58 | return reset($res); 59 | } 60 | 61 | public function optionDayLastInstallWarned() { 62 | $res = $this->zap->request($this->zap->base . 'autoupdate/view/optionDayLastInstallWarned/'); 63 | return reset($res); 64 | } 65 | 66 | public function optionDayLastUpdateWarned() { 67 | $res = $this->zap->request($this->zap->base . 'autoupdate/view/optionDayLastUpdateWarned/'); 68 | return reset($res); 69 | } 70 | 71 | public function optionDownloadDirectory() { 72 | $res = $this->zap->request($this->zap->base . 'autoupdate/view/optionDownloadDirectory/'); 73 | return reset($res); 74 | } 75 | 76 | public function optionCheckAddonUpdates() { 77 | $res = $this->zap->request($this->zap->base . 'autoupdate/view/optionCheckAddonUpdates/'); 78 | return reset($res); 79 | } 80 | 81 | public function optionCheckOnStart() { 82 | $res = $this->zap->request($this->zap->base . 'autoupdate/view/optionCheckOnStart/'); 83 | return reset($res); 84 | } 85 | 86 | public function optionDownloadNewRelease() { 87 | $res = $this->zap->request($this->zap->base . 'autoupdate/view/optionDownloadNewRelease/'); 88 | return reset($res); 89 | } 90 | 91 | public function optionInstallAddonUpdates() { 92 | $res = $this->zap->request($this->zap->base . 'autoupdate/view/optionInstallAddonUpdates/'); 93 | return reset($res); 94 | } 95 | 96 | public function optionInstallScannerRules() { 97 | $res = $this->zap->request($this->zap->base . 'autoupdate/view/optionInstallScannerRules/'); 98 | return reset($res); 99 | } 100 | 101 | public function optionReportAlphaAddons() { 102 | $res = $this->zap->request($this->zap->base . 'autoupdate/view/optionReportAlphaAddons/'); 103 | return reset($res); 104 | } 105 | 106 | public function optionReportBetaAddons() { 107 | $res = $this->zap->request($this->zap->base . 'autoupdate/view/optionReportBetaAddons/'); 108 | return reset($res); 109 | } 110 | 111 | public function optionReportReleaseAddons() { 112 | $res = $this->zap->request($this->zap->base . 'autoupdate/view/optionReportReleaseAddons/'); 113 | return reset($res); 114 | } 115 | 116 | /** 117 | * Downloads the latest release, if any 118 | */ 119 | public function downloadLatestRelease($apikey='') { 120 | $res = $this->zap->request($this->zap->base . 'autoupdate/action/downloadLatestRelease/', array('apikey' => $apikey)); 121 | return reset($res); 122 | } 123 | 124 | public function setOptionCheckAddonUpdates($boolean, $apikey='') { 125 | $res = $this->zap->request($this->zap->base . 'autoupdate/action/setOptionCheckAddonUpdates/', array('Boolean' => $boolean, 'apikey' => $apikey)); 126 | return reset($res); 127 | } 128 | 129 | public function setOptionCheckOnStart($boolean, $apikey='') { 130 | $res = $this->zap->request($this->zap->base . 'autoupdate/action/setOptionCheckOnStart/', array('Boolean' => $boolean, 'apikey' => $apikey)); 131 | return reset($res); 132 | } 133 | 134 | public function setOptionDownloadNewRelease($boolean, $apikey='') { 135 | $res = $this->zap->request($this->zap->base . 'autoupdate/action/setOptionDownloadNewRelease/', array('Boolean' => $boolean, 'apikey' => $apikey)); 136 | return reset($res); 137 | } 138 | 139 | public function setOptionInstallAddonUpdates($boolean, $apikey='') { 140 | $res = $this->zap->request($this->zap->base . 'autoupdate/action/setOptionInstallAddonUpdates/', array('Boolean' => $boolean, 'apikey' => $apikey)); 141 | return reset($res); 142 | } 143 | 144 | public function setOptionInstallScannerRules($boolean, $apikey='') { 145 | $res = $this->zap->request($this->zap->base . 'autoupdate/action/setOptionInstallScannerRules/', array('Boolean' => $boolean, 'apikey' => $apikey)); 146 | return reset($res); 147 | } 148 | 149 | public function setOptionReportAlphaAddons($boolean, $apikey='') { 150 | $res = $this->zap->request($this->zap->base . 'autoupdate/action/setOptionReportAlphaAddons/', array('Boolean' => $boolean, 'apikey' => $apikey)); 151 | return reset($res); 152 | } 153 | 154 | public function setOptionReportBetaAddons($boolean, $apikey='') { 155 | $res = $this->zap->request($this->zap->base . 'autoupdate/action/setOptionReportBetaAddons/', array('Boolean' => $boolean, 'apikey' => $apikey)); 156 | return reset($res); 157 | } 158 | 159 | public function setOptionReportReleaseAddons($boolean, $apikey='') { 160 | $res = $this->zap->request($this->zap->base . 'autoupdate/action/setOptionReportReleaseAddons/', array('Boolean' => $boolean, 'apikey' => $apikey)); 161 | return reset($res); 162 | } 163 | 164 | } 165 | -------------------------------------------------------------------------------- /src/Zap/Brk.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | public function brk($type, $scope, $state, $apikey='') { 36 | $res = $this->zap->request($this->zap->base . 'break/action/break/', array('type' => $type, 'scope' => $scope, 'state' => $state, 'apikey' => $apikey)); 37 | return reset($res); 38 | } 39 | 40 | public function addHttpBreakpoint($string, $location, $match, $inverse, $ignorecase, $apikey='') { 41 | $res = $this->zap->request($this->zap->base . 'break/action/addHttpBreakpoint/', array('string' => $string, 'location' => $location, 'match' => $match, 'inverse' => $inverse, 'ignorecase' => $ignorecase, 'apikey' => $apikey)); 42 | return reset($res); 43 | } 44 | 45 | public function removeHttpBreakpoint($string, $location, $match, $inverse, $ignorecase, $apikey='') { 46 | $res = $this->zap->request($this->zap->base . 'break/action/removeHttpBreakpoint/', array('string' => $string, 'location' => $location, 'match' => $match, 'inverse' => $inverse, 'ignorecase' => $ignorecase, 'apikey' => $apikey)); 47 | return reset($res); 48 | } 49 | 50 | } 51 | -------------------------------------------------------------------------------- /src/Zap/Context.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | /** 36 | * List context names of current session 37 | */ 38 | public function contextList() { 39 | $res = $this->zap->request($this->zap->base . 'context/view/contextList/'); 40 | return reset($res); 41 | } 42 | 43 | /** 44 | * List excluded regexs for context 45 | */ 46 | public function excludeRegexs($contextname) { 47 | $res = $this->zap->request($this->zap->base . 'context/view/excludeRegexs/', array('contextName' => $contextname)); 48 | return reset($res); 49 | } 50 | 51 | /** 52 | * List included regexs for context 53 | */ 54 | public function includeRegexs($contextname) { 55 | $res = $this->zap->request($this->zap->base . 'context/view/includeRegexs/', array('contextName' => $contextname)); 56 | return reset($res); 57 | } 58 | 59 | /** 60 | * List the information about the named context 61 | */ 62 | public function context($contextname) { 63 | $res = $this->zap->request($this->zap->base . 'context/view/context/', array('contextName' => $contextname)); 64 | return reset($res); 65 | } 66 | 67 | /** 68 | * Lists the names of all built in technologies 69 | */ 70 | public function technologyList() { 71 | $res = $this->zap->request($this->zap->base . 'context/view/technologyList/'); 72 | return reset($res); 73 | } 74 | 75 | /** 76 | * Lists the names of all technologies included in a context 77 | */ 78 | public function includedTechnologyList($contextname) { 79 | $res = $this->zap->request($this->zap->base . 'context/view/includedTechnologyList/', array('contextName' => $contextname)); 80 | return reset($res); 81 | } 82 | 83 | /** 84 | * Lists the names of all technologies excluded from a context 85 | */ 86 | public function excludedTechnologyList($contextname) { 87 | $res = $this->zap->request($this->zap->base . 'context/view/excludedTechnologyList/', array('contextName' => $contextname)); 88 | return reset($res); 89 | } 90 | 91 | /** 92 | * Add exclude regex to context 93 | */ 94 | public function excludeFromContext($contextname, $regex, $apikey='') { 95 | $res = $this->zap->request($this->zap->base . 'context/action/excludeFromContext/', array('contextName' => $contextname, 'regex' => $regex, 'apikey' => $apikey)); 96 | return reset($res); 97 | } 98 | 99 | /** 100 | * Add include regex to context 101 | */ 102 | public function includeInContext($contextname, $regex, $apikey='') { 103 | $res = $this->zap->request($this->zap->base . 'context/action/includeInContext/', array('contextName' => $contextname, 'regex' => $regex, 'apikey' => $apikey)); 104 | return reset($res); 105 | } 106 | 107 | /** 108 | * Creates a new context with the given name in the current session 109 | */ 110 | public function newContext($contextname, $apikey='') { 111 | $res = $this->zap->request($this->zap->base . 'context/action/newContext/', array('contextName' => $contextname, 'apikey' => $apikey)); 112 | return reset($res); 113 | } 114 | 115 | /** 116 | * Removes a context in the current session 117 | */ 118 | public function removeContext($contextname, $apikey='') { 119 | $res = $this->zap->request($this->zap->base . 'context/action/removeContext/', array('contextName' => $contextname, 'apikey' => $apikey)); 120 | return reset($res); 121 | } 122 | 123 | /** 124 | * Exports the context with the given name to a file. If a relative file path is specified it will be resolved against the "contexts" directory in ZAP "home" dir. 125 | */ 126 | public function exportContext($contextname, $contextfile, $apikey='') { 127 | $res = $this->zap->request($this->zap->base . 'context/action/exportContext/', array('contextName' => $contextname, 'contextFile' => $contextfile, 'apikey' => $apikey)); 128 | return reset($res); 129 | } 130 | 131 | /** 132 | * Imports a context from a file. If a relative file path is specified it will be resolved against the "contexts" directory in ZAP "home" dir. 133 | */ 134 | public function importContext($contextfile, $apikey='') { 135 | $res = $this->zap->request($this->zap->base . 'context/action/importContext/', array('contextFile' => $contextfile, 'apikey' => $apikey)); 136 | return reset($res); 137 | } 138 | 139 | /** 140 | * Includes technologies with the given names, separated by a comma, to a context 141 | */ 142 | public function includeContextTechnologies($contextname, $technologynames, $apikey='') { 143 | $res = $this->zap->request($this->zap->base . 'context/action/includeContextTechnologies/', array('contextName' => $contextname, 'technologyNames' => $technologynames, 'apikey' => $apikey)); 144 | return reset($res); 145 | } 146 | 147 | /** 148 | * Includes all built in technologies in to a context 149 | */ 150 | public function includeAllContextTechnologies($contextname, $apikey='') { 151 | $res = $this->zap->request($this->zap->base . 'context/action/includeAllContextTechnologies/', array('contextName' => $contextname, 'apikey' => $apikey)); 152 | return reset($res); 153 | } 154 | 155 | /** 156 | * Excludes technologies with the given names, separated by a comma, from a context 157 | */ 158 | public function excludeContextTechnologies($contextname, $technologynames, $apikey='') { 159 | $res = $this->zap->request($this->zap->base . 'context/action/excludeContextTechnologies/', array('contextName' => $contextname, 'technologyNames' => $technologynames, 'apikey' => $apikey)); 160 | return reset($res); 161 | } 162 | 163 | /** 164 | * Excludes all built in technologies from a context 165 | */ 166 | public function excludeAllContextTechnologies($contextname, $apikey='') { 167 | $res = $this->zap->request($this->zap->base . 'context/action/excludeAllContextTechnologies/', array('contextName' => $contextname, 'apikey' => $apikey)); 168 | return reset($res); 169 | } 170 | 171 | /** 172 | * Sets a context to in scope (contexts are in scope by default) 173 | */ 174 | public function setContextInScope($contextname, $booleaninscope, $apikey='') { 175 | $res = $this->zap->request($this->zap->base . 'context/action/setContextInScope/', array('contextName' => $contextname, 'booleanInScope' => $booleaninscope, 'apikey' => $apikey)); 176 | return reset($res); 177 | } 178 | 179 | } 180 | -------------------------------------------------------------------------------- /src/Zap/Core.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | /** 36 | * Gets the alert with the given ID, the corresponding HTTP message can be obtained with the 'messageId' field and 'message' API method 37 | */ 38 | public function alert($id) { 39 | $res = $this->zap->request($this->zap->base . 'core/view/alert/', array('id' => $id)); 40 | return reset($res); 41 | } 42 | 43 | /** 44 | * Gets the alerts raised by ZAP, optionally filtering by URL and paginating with 'start' position and 'count' of alerts 45 | */ 46 | public function alerts($baseurl=NULL, $start=NULL, $count=NULL) { 47 | $params = array(); 48 | if ($baseurl !== NULL) { 49 | $params['baseurl'] = $baseurl; 50 | } 51 | if ($start !== NULL) { 52 | $params['start'] = $start; 53 | } 54 | if ($count !== NULL) { 55 | $params['count'] = $count; 56 | } 57 | $res = $this->zap->request($this->zap->base . 'core/view/alerts/', $params); 58 | return reset($res); 59 | } 60 | 61 | /** 62 | * Gets the number of alerts, optionally filtering by URL 63 | */ 64 | public function numberOfAlerts($baseurl=NULL) { 65 | $params = array(); 66 | if ($baseurl !== NULL) { 67 | $params['baseurl'] = $baseurl; 68 | } 69 | $res = $this->zap->request($this->zap->base . 'core/view/numberOfAlerts/', $params); 70 | return reset($res); 71 | } 72 | 73 | /** 74 | * Gets the name of the hosts accessed through/by ZAP 75 | */ 76 | public function hosts() { 77 | $res = $this->zap->request($this->zap->base . 'core/view/hosts/'); 78 | return reset($res); 79 | } 80 | 81 | /** 82 | * Gets the sites accessed through/by ZAP (scheme and domain) 83 | */ 84 | public function sites() { 85 | $res = $this->zap->request($this->zap->base . 'core/view/sites/'); 86 | return reset($res); 87 | } 88 | 89 | /** 90 | * Gets the URLs accessed through/by ZAP 91 | */ 92 | public function urls() { 93 | $res = $this->zap->request($this->zap->base . 'core/view/urls/'); 94 | return reset($res); 95 | } 96 | 97 | /** 98 | * Gets the HTTP message with the given ID. Returns the ID, request/response headers and bodies, cookies and note. 99 | */ 100 | public function message($id) { 101 | $res = $this->zap->request($this->zap->base . 'core/view/message/', array('id' => $id)); 102 | return reset($res); 103 | } 104 | 105 | /** 106 | * Gets the HTTP messages sent by ZAP, request and response, optionally filtered by URL and paginated with 'start' position and 'count' of messages 107 | */ 108 | public function messages($baseurl=NULL, $start=NULL, $count=NULL) { 109 | $params = array(); 110 | if ($baseurl !== NULL) { 111 | $params['baseurl'] = $baseurl; 112 | } 113 | if ($start !== NULL) { 114 | $params['start'] = $start; 115 | } 116 | if ($count !== NULL) { 117 | $params['count'] = $count; 118 | } 119 | $res = $this->zap->request($this->zap->base . 'core/view/messages/', $params); 120 | return reset($res); 121 | } 122 | 123 | /** 124 | * Gets the number of messages, optionally filtering by URL 125 | */ 126 | public function numberOfMessages($baseurl=NULL) { 127 | $params = array(); 128 | if ($baseurl !== NULL) { 129 | $params['baseurl'] = $baseurl; 130 | } 131 | $res = $this->zap->request($this->zap->base . 'core/view/numberOfMessages/', $params); 132 | return reset($res); 133 | } 134 | 135 | /** 136 | * Gets ZAP version 137 | */ 138 | public function version() { 139 | $res = $this->zap->request($this->zap->base . 'core/view/version/'); 140 | return reset($res); 141 | } 142 | 143 | /** 144 | * Gets the regular expressions, applied to URLs, to exclude from the Proxy 145 | */ 146 | public function excludedFromProxy() { 147 | $res = $this->zap->request($this->zap->base . 'core/view/excludedFromProxy/'); 148 | return reset($res); 149 | } 150 | 151 | public function homeDirectory() { 152 | $res = $this->zap->request($this->zap->base . 'core/view/homeDirectory/'); 153 | return reset($res); 154 | } 155 | 156 | public function stats($keyprefix=NULL) { 157 | $params = array(); 158 | if ($keyprefix !== NULL) { 159 | $params['keyPrefix'] = $keyprefix; 160 | } 161 | $res = $this->zap->request($this->zap->base . 'core/view/stats/', $params); 162 | return reset($res); 163 | } 164 | 165 | public function optionDefaultUserAgent() { 166 | $res = $this->zap->request($this->zap->base . 'core/view/optionDefaultUserAgent/'); 167 | return reset($res); 168 | } 169 | 170 | public function optionHttpState() { 171 | $res = $this->zap->request($this->zap->base . 'core/view/optionHttpState/'); 172 | return reset($res); 173 | } 174 | 175 | public function optionProxyChainName() { 176 | $res = $this->zap->request($this->zap->base . 'core/view/optionProxyChainName/'); 177 | return reset($res); 178 | } 179 | 180 | public function optionProxyChainPassword() { 181 | $res = $this->zap->request($this->zap->base . 'core/view/optionProxyChainPassword/'); 182 | return reset($res); 183 | } 184 | 185 | public function optionProxyChainPort() { 186 | $res = $this->zap->request($this->zap->base . 'core/view/optionProxyChainPort/'); 187 | return reset($res); 188 | } 189 | 190 | public function optionProxyChainRealm() { 191 | $res = $this->zap->request($this->zap->base . 'core/view/optionProxyChainRealm/'); 192 | return reset($res); 193 | } 194 | 195 | public function optionProxyChainSkipName() { 196 | $res = $this->zap->request($this->zap->base . 'core/view/optionProxyChainSkipName/'); 197 | return reset($res); 198 | } 199 | 200 | public function optionProxyChainUserName() { 201 | $res = $this->zap->request($this->zap->base . 'core/view/optionProxyChainUserName/'); 202 | return reset($res); 203 | } 204 | 205 | public function optionProxyExcludedDomains() { 206 | $res = $this->zap->request($this->zap->base . 'core/view/optionProxyExcludedDomains/'); 207 | return reset($res); 208 | } 209 | 210 | public function optionProxyExcludedDomainsEnabled() { 211 | $res = $this->zap->request($this->zap->base . 'core/view/optionProxyExcludedDomainsEnabled/'); 212 | return reset($res); 213 | } 214 | 215 | public function optionTimeoutInSecs() { 216 | $res = $this->zap->request($this->zap->base . 'core/view/optionTimeoutInSecs/'); 217 | return reset($res); 218 | } 219 | 220 | public function optionHttpStateEnabled() { 221 | $res = $this->zap->request($this->zap->base . 'core/view/optionHttpStateEnabled/'); 222 | return reset($res); 223 | } 224 | 225 | public function optionProxyChainPrompt() { 226 | $res = $this->zap->request($this->zap->base . 'core/view/optionProxyChainPrompt/'); 227 | return reset($res); 228 | } 229 | 230 | public function optionSingleCookieRequestHeader() { 231 | $res = $this->zap->request($this->zap->base . 'core/view/optionSingleCookieRequestHeader/'); 232 | return reset($res); 233 | } 234 | 235 | public function optionUseProxyChain() { 236 | $res = $this->zap->request($this->zap->base . 'core/view/optionUseProxyChain/'); 237 | return reset($res); 238 | } 239 | 240 | public function optionUseProxyChainAuth() { 241 | $res = $this->zap->request($this->zap->base . 'core/view/optionUseProxyChainAuth/'); 242 | return reset($res); 243 | } 244 | 245 | /** 246 | * Shuts down ZAP 247 | */ 248 | public function shutdown($apikey='') { 249 | $res = $this->zap->request($this->zap->base . 'core/action/shutdown/', array('apikey' => $apikey)); 250 | return reset($res); 251 | } 252 | 253 | /** 254 | * Creates a new session, optionally overwriting existing files. If a relative path is specified it will be resolved against the "session" directory in ZAP "home" dir. 255 | */ 256 | public function newSession($name=NULL, $overwrite=NULL, $apikey='') { 257 | $params = array('apikey' => $apikey); 258 | if ($name !== NULL) { 259 | $params['name'] = $name; 260 | } 261 | if ($overwrite !== NULL) { 262 | $params['overwrite'] = $overwrite; 263 | } 264 | $res = $this->zap->request($this->zap->base . 'core/action/newSession/', $params); 265 | return reset($res); 266 | } 267 | 268 | /** 269 | * Loads the session with the given name. If a relative path is specified it will be resolved against the "session" directory in ZAP "home" dir. 270 | */ 271 | public function loadSession($name, $apikey='') { 272 | $res = $this->zap->request($this->zap->base . 'core/action/loadSession/', array('name' => $name, 'apikey' => $apikey)); 273 | return reset($res); 274 | } 275 | 276 | /** 277 | * Saves the session with the name supplied, optionally overwriting existing files. If a relative path is specified it will be resolved against the "session" directory in ZAP "home" dir. 278 | */ 279 | public function saveSession($name, $overwrite=NULL, $apikey='') { 280 | $params = array('name' => $name, 'apikey' => $apikey); 281 | if ($overwrite !== NULL) { 282 | $params['overwrite'] = $overwrite; 283 | } 284 | $res = $this->zap->request($this->zap->base . 'core/action/saveSession/', $params); 285 | return reset($res); 286 | } 287 | 288 | public function snapshotSession($apikey='') { 289 | $res = $this->zap->request($this->zap->base . 'core/action/snapshotSession/', array('apikey' => $apikey)); 290 | return reset($res); 291 | } 292 | 293 | public function clearExcludedFromProxy($apikey='') { 294 | $res = $this->zap->request($this->zap->base . 'core/action/clearExcludedFromProxy/', array('apikey' => $apikey)); 295 | return reset($res); 296 | } 297 | 298 | public function excludeFromProxy($regex, $apikey='') { 299 | $res = $this->zap->request($this->zap->base . 'core/action/excludeFromProxy/', array('regex' => $regex, 'apikey' => $apikey)); 300 | return reset($res); 301 | } 302 | 303 | public function setHomeDirectory($dir, $apikey='') { 304 | $res = $this->zap->request($this->zap->base . 'core/action/setHomeDirectory/', array('dir' => $dir, 'apikey' => $apikey)); 305 | return reset($res); 306 | } 307 | 308 | public function generateRootCA($apikey='') { 309 | $res = $this->zap->request($this->zap->base . 'core/action/generateRootCA/', array('apikey' => $apikey)); 310 | return reset($res); 311 | } 312 | 313 | /** 314 | * Sends the HTTP request, optionally following redirections. Returns the request sent and response received and followed redirections, if any. 315 | */ 316 | public function sendRequest($request, $followredirects=NULL, $apikey='') { 317 | $params = array('request' => $request, 'apikey' => $apikey); 318 | if ($followredirects !== NULL) { 319 | $params['followRedirects'] = $followredirects; 320 | } 321 | $res = $this->zap->request($this->zap->base . 'core/action/sendRequest/', $params); 322 | return reset($res); 323 | } 324 | 325 | public function deleteAllAlerts($apikey='') { 326 | $res = $this->zap->request($this->zap->base . 'core/action/deleteAllAlerts/', array('apikey' => $apikey)); 327 | return reset($res); 328 | } 329 | 330 | public function runGarbageCollection($apikey='') { 331 | $res = $this->zap->request($this->zap->base . 'core/action/runGarbageCollection/', array('apikey' => $apikey)); 332 | return reset($res); 333 | } 334 | 335 | public function clearStats($keyprefix, $apikey='') { 336 | $res = $this->zap->request($this->zap->base . 'core/action/clearStats/', array('keyPrefix' => $keyprefix, 'apikey' => $apikey)); 337 | return reset($res); 338 | } 339 | 340 | public function setOptionDefaultUserAgent($string, $apikey='') { 341 | $res = $this->zap->request($this->zap->base . 'core/action/setOptionDefaultUserAgent/', array('String' => $string, 'apikey' => $apikey)); 342 | return reset($res); 343 | } 344 | 345 | public function setOptionProxyChainName($string, $apikey='') { 346 | $res = $this->zap->request($this->zap->base . 'core/action/setOptionProxyChainName/', array('String' => $string, 'apikey' => $apikey)); 347 | return reset($res); 348 | } 349 | 350 | public function setOptionProxyChainPassword($string, $apikey='') { 351 | $res = $this->zap->request($this->zap->base . 'core/action/setOptionProxyChainPassword/', array('String' => $string, 'apikey' => $apikey)); 352 | return reset($res); 353 | } 354 | 355 | public function setOptionProxyChainRealm($string, $apikey='') { 356 | $res = $this->zap->request($this->zap->base . 'core/action/setOptionProxyChainRealm/', array('String' => $string, 'apikey' => $apikey)); 357 | return reset($res); 358 | } 359 | 360 | public function setOptionProxyChainSkipName($string, $apikey='') { 361 | $res = $this->zap->request($this->zap->base . 'core/action/setOptionProxyChainSkipName/', array('String' => $string, 'apikey' => $apikey)); 362 | return reset($res); 363 | } 364 | 365 | public function setOptionProxyChainUserName($string, $apikey='') { 366 | $res = $this->zap->request($this->zap->base . 'core/action/setOptionProxyChainUserName/', array('String' => $string, 'apikey' => $apikey)); 367 | return reset($res); 368 | } 369 | 370 | public function setOptionHttpStateEnabled($boolean, $apikey='') { 371 | $res = $this->zap->request($this->zap->base . 'core/action/setOptionHttpStateEnabled/', array('Boolean' => $boolean, 'apikey' => $apikey)); 372 | return reset($res); 373 | } 374 | 375 | public function setOptionProxyChainPort($integer, $apikey='') { 376 | $res = $this->zap->request($this->zap->base . 'core/action/setOptionProxyChainPort/', array('Integer' => $integer, 'apikey' => $apikey)); 377 | return reset($res); 378 | } 379 | 380 | public function setOptionProxyChainPrompt($boolean, $apikey='') { 381 | $res = $this->zap->request($this->zap->base . 'core/action/setOptionProxyChainPrompt/', array('Boolean' => $boolean, 'apikey' => $apikey)); 382 | return reset($res); 383 | } 384 | 385 | public function setOptionSingleCookieRequestHeader($boolean, $apikey='') { 386 | $res = $this->zap->request($this->zap->base . 'core/action/setOptionSingleCookieRequestHeader/', array('Boolean' => $boolean, 'apikey' => $apikey)); 387 | return reset($res); 388 | } 389 | 390 | public function setOptionTimeoutInSecs($integer, $apikey='') { 391 | $res = $this->zap->request($this->zap->base . 'core/action/setOptionTimeoutInSecs/', array('Integer' => $integer, 'apikey' => $apikey)); 392 | return reset($res); 393 | } 394 | 395 | public function setOptionUseProxyChain($boolean, $apikey='') { 396 | $res = $this->zap->request($this->zap->base . 'core/action/setOptionUseProxyChain/', array('Boolean' => $boolean, 'apikey' => $apikey)); 397 | return reset($res); 398 | } 399 | 400 | public function setOptionUseProxyChainAuth($boolean, $apikey='') { 401 | $res = $this->zap->request($this->zap->base . 'core/action/setOptionUseProxyChainAuth/', array('Boolean' => $boolean, 'apikey' => $apikey)); 402 | return reset($res); 403 | } 404 | 405 | public function proxypac($apikey='') { 406 | return $this->zap->requestother($this->zap->base_other . 'core/other/proxy.pac/', array('apikey' => $apikey)); 407 | } 408 | 409 | public function rootcert($apikey='') { 410 | return $this->zap->requestother($this->zap->base_other . 'core/other/rootcert/', array('apikey' => $apikey)); 411 | } 412 | 413 | public function setproxy($proxy, $apikey='') { 414 | return $this->zap->requestother($this->zap->base_other . 'core/other/setproxy/', array('proxy' => $proxy, 'apikey' => $apikey)); 415 | } 416 | 417 | /** 418 | * Generates a report in XML format 419 | */ 420 | public function xmlreport($apikey='') { 421 | return $this->zap->requestother($this->zap->base_other . 'core/other/xmlreport/', array('apikey' => $apikey)); 422 | } 423 | 424 | /** 425 | * Generates a report in HTML format 426 | */ 427 | public function htmlreport($apikey='') { 428 | return $this->zap->requestother($this->zap->base_other . 'core/other/htmlreport/', array('apikey' => $apikey)); 429 | } 430 | 431 | /** 432 | * Gets the message with the given ID in HAR format 433 | */ 434 | public function messageHar($id, $apikey='') { 435 | return $this->zap->requestother($this->zap->base_other . 'core/other/messageHar/', array('id' => $id, 'apikey' => $apikey)); 436 | } 437 | 438 | /** 439 | * Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages 440 | */ 441 | public function messagesHar($baseurl=NULL, $start=NULL, $count=NULL, $apikey='') { 442 | $params = array('apikey' => $apikey); 443 | if ($baseurl !== NULL) { 444 | $params['baseurl'] = $baseurl; 445 | } 446 | if ($start !== NULL) { 447 | $params['start'] = $start; 448 | } 449 | if ($count !== NULL) { 450 | $params['count'] = $count; 451 | } 452 | return $this->zap->requestother($this->zap->base_other . 'core/other/messagesHar/', $params); 453 | } 454 | 455 | /** 456 | * Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. 457 | */ 458 | public function sendHarRequest($request, $followredirects=NULL, $apikey='') { 459 | $params = array('request' => $request, 'apikey' => $apikey); 460 | if ($followredirects !== NULL) { 461 | $params['followRedirects'] = $followredirects; 462 | } 463 | return $this->zap->requestother($this->zap->base_other . 'core/other/sendHarRequest/', $params); 464 | } 465 | 466 | } 467 | -------------------------------------------------------------------------------- /src/Zap/ForcedUser.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | /** 36 | * Returns 'true' if 'forced user' mode is enabled, 'false' otherwise 37 | */ 38 | public function isForcedUserModeEnabled() { 39 | $res = $this->zap->request($this->zap->base . 'forcedUser/view/isForcedUserModeEnabled/'); 40 | return reset($res); 41 | } 42 | 43 | /** 44 | * Gets the user (ID) set as 'forced user' for the given context (ID) 45 | */ 46 | public function getForcedUser($contextid) { 47 | $res = $this->zap->request($this->zap->base . 'forcedUser/view/getForcedUser/', array('contextId' => $contextid)); 48 | return reset($res); 49 | } 50 | 51 | /** 52 | * Sets the user (ID) that should be used in 'forced user' mode for the given context (ID) 53 | */ 54 | public function setForcedUser($contextid, $userid, $apikey='') { 55 | $res = $this->zap->request($this->zap->base . 'forcedUser/action/setForcedUser/', array('contextId' => $contextid, 'userId' => $userid, 'apikey' => $apikey)); 56 | return reset($res); 57 | } 58 | 59 | /** 60 | * Sets if 'forced user' mode should be enabled or not 61 | */ 62 | public function setForcedUserModeEnabled($boolean, $apikey='') { 63 | $res = $this->zap->request($this->zap->base . 'forcedUser/action/setForcedUserModeEnabled/', array('boolean' => $boolean, 'apikey' => $apikey)); 64 | return reset($res); 65 | } 66 | 67 | } 68 | -------------------------------------------------------------------------------- /src/Zap/HttpSessions.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | /** 36 | * Gets the sessions of the given site. Optionally returning just the session with the given name. 37 | */ 38 | public function sessions($site, $session=NULL) { 39 | $params = array('site' => $site); 40 | if ($session !== NULL) { 41 | $params['session'] = $session; 42 | } 43 | $res = $this->zap->request($this->zap->base . 'httpSessions/view/sessions/', $params); 44 | return reset($res); 45 | } 46 | 47 | /** 48 | * Gets the name of the active session for the given site. 49 | */ 50 | public function activeSession($site) { 51 | $res = $this->zap->request($this->zap->base . 'httpSessions/view/activeSession/', array('site' => $site)); 52 | return reset($res); 53 | } 54 | 55 | /** 56 | * Gets the names of the session tokens for the given site. 57 | */ 58 | public function sessionTokens($site) { 59 | $res = $this->zap->request($this->zap->base . 'httpSessions/view/sessionTokens/', array('site' => $site)); 60 | return reset($res); 61 | } 62 | 63 | /** 64 | * Creates an empty session for the given site. Optionally with the given name. 65 | */ 66 | public function createEmptySession($site, $session=NULL, $apikey='') { 67 | $params = array('site' => $site, 'apikey' => $apikey); 68 | if ($session !== NULL) { 69 | $params['session'] = $session; 70 | } 71 | $res = $this->zap->request($this->zap->base . 'httpSessions/action/createEmptySession/', $params); 72 | return reset($res); 73 | } 74 | 75 | /** 76 | * Removes the session from the given site. 77 | */ 78 | public function removeSession($site, $session, $apikey='') { 79 | $res = $this->zap->request($this->zap->base . 'httpSessions/action/removeSession/', array('site' => $site, 'session' => $session, 'apikey' => $apikey)); 80 | return reset($res); 81 | } 82 | 83 | /** 84 | * Sets the given session as active for the given site. 85 | */ 86 | public function setActiveSession($site, $session, $apikey='') { 87 | $res = $this->zap->request($this->zap->base . 'httpSessions/action/setActiveSession/', array('site' => $site, 'session' => $session, 'apikey' => $apikey)); 88 | return reset($res); 89 | } 90 | 91 | /** 92 | * Unsets the active session of the given site. 93 | */ 94 | public function unsetActiveSession($site, $apikey='') { 95 | $res = $this->zap->request($this->zap->base . 'httpSessions/action/unsetActiveSession/', array('site' => $site, 'apikey' => $apikey)); 96 | return reset($res); 97 | } 98 | 99 | /** 100 | * Adds the session token to the given site. 101 | */ 102 | public function addSessionToken($site, $sessiontoken, $apikey='') { 103 | $res = $this->zap->request($this->zap->base . 'httpSessions/action/addSessionToken/', array('site' => $site, 'sessionToken' => $sessiontoken, 'apikey' => $apikey)); 104 | return reset($res); 105 | } 106 | 107 | /** 108 | * Removes the session token from the given site. 109 | */ 110 | public function removeSessionToken($site, $sessiontoken, $apikey='') { 111 | $res = $this->zap->request($this->zap->base . 'httpSessions/action/removeSessionToken/', array('site' => $site, 'sessionToken' => $sessiontoken, 'apikey' => $apikey)); 112 | return reset($res); 113 | } 114 | 115 | /** 116 | * Sets the value of the session token of the given session for the given site. 117 | */ 118 | public function setSessionTokenValue($site, $session, $sessiontoken, $tokenvalue, $apikey='') { 119 | $res = $this->zap->request($this->zap->base . 'httpSessions/action/setSessionTokenValue/', array('site' => $site, 'session' => $session, 'sessionToken' => $sessiontoken, 'tokenValue' => $tokenvalue, 'apikey' => $apikey)); 120 | return reset($res); 121 | } 122 | 123 | /** 124 | * Renames the session of the given site. 125 | */ 126 | public function renameSession($site, $oldsessionname, $newsessionname, $apikey='') { 127 | $res = $this->zap->request($this->zap->base . 'httpSessions/action/renameSession/', array('site' => $site, 'oldSessionName' => $oldsessionname, 'newSessionName' => $newsessionname, 'apikey' => $apikey)); 128 | return reset($res); 129 | } 130 | 131 | } 132 | -------------------------------------------------------------------------------- /src/Zap/ImportLogFiles.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | /** 36 | * This component is optional and therefore the API will only work if it is installed 37 | */ 38 | public function ImportZAPLogFromFile($filepath) { 39 | return $this->zap->request($this->zap->base . 'importLogFiles/view/ImportZAPLogFromFile/', array('FilePath' => $filepath))->{'ImportZAPLogFromFile'}; 40 | } 41 | 42 | /** 43 | * This component is optional and therefore the API will only work if it is installed 44 | */ 45 | public function ImportModSecurityLogFromFile($filepath) { 46 | return $this->zap->request($this->zap->base . 'importLogFiles/view/ImportModSecurityLogFromFile/', array('FilePath' => $filepath))->{'ImportModSecurityLogFromFile'}; 47 | } 48 | 49 | /** 50 | * This component is optional and therefore the API will only work if it is installed 51 | */ 52 | public function ImportZAPHttpRequestResponsePair($httprequest, $httpresponse) { 53 | return $this->zap->request($this->zap->base . 'importLogFiles/view/ImportZAPHttpRequestResponsePair/', array('HTTPRequest' => $httprequest, 'HTTPResponse' => $httpresponse))->{'ImportZAPHttpRequestResponsePair'}; 54 | } 55 | 56 | /** 57 | * This component is optional and therefore the API will only work if it is installed 58 | */ 59 | public function PostModSecurityAuditEvent($auditeventstring='', $apikey='') { 60 | return $this->zap->request($this->zap->base . 'importLogFiles/action/PostModSecurityAuditEvent/', array('AuditEventString' => $auditeventstring, 'apikey' => $apikey)); 61 | } 62 | 63 | /** 64 | * This component is optional and therefore the API will only work if it is installed 65 | */ 66 | public function OtherPostModSecurityAuditEvent($auditeventstring, $apikey='') { 67 | return $this->zap->requestother($this->zap->baseother . 'importLogFiles/other/OtherPostModSecurityAuditEvent/', array('AuditEventString' => $auditeventstring, 'apikey' => $apikey)); 68 | } 69 | 70 | } 71 | -------------------------------------------------------------------------------- /src/Zap/Params.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | /** 36 | * Shows the parameters for the specified site, or for all sites if the site is not specified 37 | */ 38 | public function params($site=NULL) { 39 | $params = array(); 40 | if ($site !== NULL) { 41 | $params['site'] = $site; 42 | } 43 | $res = $this->zap->request($this->zap->base . 'params/view/params/', $params); 44 | return reset($res); 45 | } 46 | 47 | } 48 | -------------------------------------------------------------------------------- /src/Zap/Pnh.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | /** 36 | * This component is optional and therefore the API will only work if it is installed 37 | */ 38 | public function monitor($id, $message, $apikey='') { 39 | return $this->zap->request($this->zap->base . 'pnh/action/monitor/', array('id' => $id, 'message' => $message, 'apikey' => $apikey)); 40 | } 41 | 42 | /** 43 | * This component is optional and therefore the API will only work if it is installed 44 | */ 45 | public function oracle($id, $apikey='') { 46 | return $this->zap->request($this->zap->base . 'pnh/action/oracle/', array('id' => $id, 'apikey' => $apikey)); 47 | } 48 | 49 | /** 50 | * This component is optional and therefore the API will only work if it is installed 51 | */ 52 | public function startMonitoring($url, $apikey='') { 53 | return $this->zap->request($this->zap->base . 'pnh/action/startMonitoring/', array('url' => $url, 'apikey' => $apikey)); 54 | } 55 | 56 | /** 57 | * This component is optional and therefore the API will only work if it is installed 58 | */ 59 | public function stopMonitoring($id, $apikey='') { 60 | return $this->zap->request($this->zap->base . 'pnh/action/stopMonitoring/', array('id' => $id, 'apikey' => $apikey)); 61 | } 62 | 63 | /** 64 | * This component is optional and therefore the API will only work if it is installed 65 | */ 66 | public function pnh($apikey='') { 67 | return $this->zap->requestother($this->zap->baseother . 'pnh/other/pnh/', array('apikey' => $apikey)); 68 | } 69 | 70 | /** 71 | * This component is optional and therefore the API will only work if it is installed 72 | */ 73 | public function manifest($apikey='') { 74 | return $this->zap->requestother($this->zap->baseother . 'pnh/other/manifest/', array('apikey' => $apikey)); 75 | } 76 | 77 | /** 78 | * This component is optional and therefore the API will only work if it is installed 79 | */ 80 | public function service($apikey='') { 81 | return $this->zap->requestother($this->zap->baseother . 'pnh/other/service/', array('apikey' => $apikey)); 82 | } 83 | 84 | /** 85 | * This component is optional and therefore the API will only work if it is installed 86 | */ 87 | public function fx_pnhxpi($apikey='') { 88 | return $this->zap->requestother($this->zap->baseother . 'pnh/other/fx_pnh.xpi/', array('apikey' => $apikey)); 89 | } 90 | 91 | } 92 | -------------------------------------------------------------------------------- /src/Zap/Pscan.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | /** 36 | * The number of records the passive scanner still has to scan 37 | */ 38 | public function recordsToScan() { 39 | $res = $this->zap->request($this->zap->base . 'pscan/view/recordsToScan/'); 40 | return reset($res); 41 | } 42 | 43 | /** 44 | * Lists all passive scanners with its ID, name, enabled state and alert threshold. 45 | */ 46 | public function scanners() { 47 | $res = $this->zap->request($this->zap->base . 'pscan/view/scanners/'); 48 | return reset($res); 49 | } 50 | 51 | /** 52 | * Sets whether or not the passive scanning is enabled 53 | */ 54 | public function setEnabled($enabled, $apikey='') { 55 | $res = $this->zap->request($this->zap->base . 'pscan/action/setEnabled/', array('enabled' => $enabled, 'apikey' => $apikey)); 56 | return reset($res); 57 | } 58 | 59 | /** 60 | * Enables all passive scanners 61 | */ 62 | public function enableAllScanners($apikey='') { 63 | $res = $this->zap->request($this->zap->base . 'pscan/action/enableAllScanners/', array('apikey' => $apikey)); 64 | return reset($res); 65 | } 66 | 67 | /** 68 | * Disables all passive scanners 69 | */ 70 | public function disableAllScanners($apikey='') { 71 | $res = $this->zap->request($this->zap->base . 'pscan/action/disableAllScanners/', array('apikey' => $apikey)); 72 | return reset($res); 73 | } 74 | 75 | /** 76 | * Enables all passive scanners with the given IDs (comma separated list of IDs) 77 | */ 78 | public function enableScanners($ids, $apikey='') { 79 | $res = $this->zap->request($this->zap->base . 'pscan/action/enableScanners/', array('ids' => $ids, 'apikey' => $apikey)); 80 | return reset($res); 81 | } 82 | 83 | /** 84 | * Disables all passive scanners with the given IDs (comma separated list of IDs) 85 | */ 86 | public function disableScanners($ids, $apikey='') { 87 | $res = $this->zap->request($this->zap->base . 'pscan/action/disableScanners/', array('ids' => $ids, 'apikey' => $apikey)); 88 | return reset($res); 89 | } 90 | 91 | /** 92 | * Sets the alert threshold of the passive scanner with the given ID, accepted values for alert threshold: OFF, DEFAULT, LOW, MEDIUM and HIGH 93 | */ 94 | public function setScannerAlertThreshold($id, $alertthreshold, $apikey='') { 95 | $res = $this->zap->request($this->zap->base . 'pscan/action/setScannerAlertThreshold/', array('id' => $id, 'alertThreshold' => $alertthreshold, 'apikey' => $apikey)); 96 | return reset($res); 97 | } 98 | 99 | } 100 | -------------------------------------------------------------------------------- /src/Zap/Reveal.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | /** 36 | * This component is optional and therefore the API will only work if it is installed 37 | */ 38 | public function reveal() { 39 | return $this->zap->request($this->zap->base . 'reveal/view/reveal/')->{'reveal'}; 40 | } 41 | 42 | /** 43 | * This component is optional and therefore the API will only work if it is installed 44 | */ 45 | public function setReveal($reveal, $apikey='') { 46 | return $this->zap->request($this->zap->base . 'reveal/action/setReveal/', array('reveal' => $reveal, 'apikey' => $apikey)); 47 | } 48 | 49 | } 50 | -------------------------------------------------------------------------------- /src/Zap/Script.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | /** 36 | * Lists the script engines available 37 | */ 38 | public function listEngines() { 39 | $res = $this->zap->request($this->zap->base . 'script/view/listEngines/'); 40 | return reset($res); 41 | } 42 | 43 | /** 44 | * Lists the scripts available, with its engine, name, description, type and error state. 45 | */ 46 | public function listScripts() { 47 | $res = $this->zap->request($this->zap->base . 'script/view/listScripts/'); 48 | return reset($res); 49 | } 50 | 51 | /** 52 | * Enables the script with the given name 53 | */ 54 | public function enable($scriptname, $apikey='') { 55 | $res = $this->zap->request($this->zap->base . 'script/action/enable/', array('scriptName' => $scriptname, 'apikey' => $apikey)); 56 | return reset($res); 57 | } 58 | 59 | /** 60 | * Disables the script with the given name 61 | */ 62 | public function disable($scriptname, $apikey='') { 63 | $res = $this->zap->request($this->zap->base . 'script/action/disable/', array('scriptName' => $scriptname, 'apikey' => $apikey)); 64 | return reset($res); 65 | } 66 | 67 | /** 68 | * Loads a script into ZAP from the given local file, with the given name, type and engine, optionally with a description 69 | */ 70 | public function load($scriptname, $scripttype, $scriptengine, $filename, $scriptdescription=NULL, $apikey='') { 71 | $params = array('scriptName' => $scriptname, 'scriptType' => $scripttype, 'scriptEngine' => $scriptengine, 'fileName' => $filename, 'apikey' => $apikey); 72 | if ($scriptdescription !== NULL) { 73 | $params['scriptDescription'] = $scriptdescription; 74 | } 75 | $res = $this->zap->request($this->zap->base . 'script/action/load/', $params); 76 | return reset($res); 77 | } 78 | 79 | /** 80 | * Removes the script with the given name 81 | */ 82 | public function remove($scriptname, $apikey='') { 83 | $res = $this->zap->request($this->zap->base . 'script/action/remove/', array('scriptName' => $scriptname, 'apikey' => $apikey)); 84 | return reset($res); 85 | } 86 | 87 | /** 88 | * Runs the stand alone script with the give name 89 | */ 90 | public function runStandAloneScript($scriptname, $apikey='') { 91 | $res = $this->zap->request($this->zap->base . 'script/action/runStandAloneScript/', array('scriptName' => $scriptname, 'apikey' => $apikey)); 92 | return reset($res); 93 | } 94 | 95 | } 96 | -------------------------------------------------------------------------------- /src/Zap/Search.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | public function urlsByUrlRegex($regex, $baseurl=NULL, $start=NULL, $count=NULL) { 36 | $params = array('regex' => $regex); 37 | if ($baseurl !== NULL) { 38 | $params['baseurl'] = $baseurl; 39 | } 40 | if ($start !== NULL) { 41 | $params['start'] = $start; 42 | } 43 | if ($count !== NULL) { 44 | $params['count'] = $count; 45 | } 46 | $res = $this->zap->request($this->zap->base . 'search/view/urlsByUrlRegex/', $params); 47 | return reset($res); 48 | } 49 | 50 | public function urlsByRequestRegex($regex, $baseurl=NULL, $start=NULL, $count=NULL) { 51 | $params = array('regex' => $regex); 52 | if ($baseurl !== NULL) { 53 | $params['baseurl'] = $baseurl; 54 | } 55 | if ($start !== NULL) { 56 | $params['start'] = $start; 57 | } 58 | if ($count !== NULL) { 59 | $params['count'] = $count; 60 | } 61 | $res = $this->zap->request($this->zap->base . 'search/view/urlsByRequestRegex/', $params); 62 | return reset($res); 63 | } 64 | 65 | public function urlsByResponseRegex($regex, $baseurl=NULL, $start=NULL, $count=NULL) { 66 | $params = array('regex' => $regex); 67 | if ($baseurl !== NULL) { 68 | $params['baseurl'] = $baseurl; 69 | } 70 | if ($start !== NULL) { 71 | $params['start'] = $start; 72 | } 73 | if ($count !== NULL) { 74 | $params['count'] = $count; 75 | } 76 | $res = $this->zap->request($this->zap->base . 'search/view/urlsByResponseRegex/', $params); 77 | return reset($res); 78 | } 79 | 80 | public function urlsByHeaderRegex($regex, $baseurl=NULL, $start=NULL, $count=NULL) { 81 | $params = array('regex' => $regex); 82 | if ($baseurl !== NULL) { 83 | $params['baseurl'] = $baseurl; 84 | } 85 | if ($start !== NULL) { 86 | $params['start'] = $start; 87 | } 88 | if ($count !== NULL) { 89 | $params['count'] = $count; 90 | } 91 | $res = $this->zap->request($this->zap->base . 'search/view/urlsByHeaderRegex/', $params); 92 | return reset($res); 93 | } 94 | 95 | public function messagesByUrlRegex($regex, $baseurl=NULL, $start=NULL, $count=NULL) { 96 | $params = array('regex' => $regex); 97 | if ($baseurl !== NULL) { 98 | $params['baseurl'] = $baseurl; 99 | } 100 | if ($start !== NULL) { 101 | $params['start'] = $start; 102 | } 103 | if ($count !== NULL) { 104 | $params['count'] = $count; 105 | } 106 | $res = $this->zap->request($this->zap->base . 'search/view/messagesByUrlRegex/', $params); 107 | return reset($res); 108 | } 109 | 110 | public function messagesByRequestRegex($regex, $baseurl=NULL, $start=NULL, $count=NULL) { 111 | $params = array('regex' => $regex); 112 | if ($baseurl !== NULL) { 113 | $params['baseurl'] = $baseurl; 114 | } 115 | if ($start !== NULL) { 116 | $params['start'] = $start; 117 | } 118 | if ($count !== NULL) { 119 | $params['count'] = $count; 120 | } 121 | $res = $this->zap->request($this->zap->base . 'search/view/messagesByRequestRegex/', $params); 122 | return reset($res); 123 | } 124 | 125 | public function messagesByResponseRegex($regex, $baseurl=NULL, $start=NULL, $count=NULL) { 126 | $params = array('regex' => $regex); 127 | if ($baseurl !== NULL) { 128 | $params['baseurl'] = $baseurl; 129 | } 130 | if ($start !== NULL) { 131 | $params['start'] = $start; 132 | } 133 | if ($count !== NULL) { 134 | $params['count'] = $count; 135 | } 136 | $res = $this->zap->request($this->zap->base . 'search/view/messagesByResponseRegex/', $params); 137 | return reset($res); 138 | } 139 | 140 | public function messagesByHeaderRegex($regex, $baseurl=NULL, $start=NULL, $count=NULL) { 141 | $params = array('regex' => $regex); 142 | if ($baseurl !== NULL) { 143 | $params['baseurl'] = $baseurl; 144 | } 145 | if ($start !== NULL) { 146 | $params['start'] = $start; 147 | } 148 | if ($count !== NULL) { 149 | $params['count'] = $count; 150 | } 151 | $res = $this->zap->request($this->zap->base . 'search/view/messagesByHeaderRegex/', $params); 152 | return reset($res); 153 | } 154 | 155 | public function harByUrlRegex($regex, $baseurl=NULL, $start=NULL, $count=NULL, $apikey='') { 156 | $params = array('regex' => $regex, 'apikey' => $apikey); 157 | if ($baseurl !== NULL) { 158 | $params['baseurl'] = $baseurl; 159 | } 160 | if ($start !== NULL) { 161 | $params['start'] = $start; 162 | } 163 | if ($count !== NULL) { 164 | $params['count'] = $count; 165 | } 166 | return $this->zap->requestother($this->zap->base_other . 'search/other/harByUrlRegex/', $params); 167 | } 168 | 169 | public function harByRequestRegex($regex, $baseurl=NULL, $start=NULL, $count=NULL, $apikey='') { 170 | $params = array('regex' => $regex, 'apikey' => $apikey); 171 | if ($baseurl !== NULL) { 172 | $params['baseurl'] = $baseurl; 173 | } 174 | if ($start !== NULL) { 175 | $params['start'] = $start; 176 | } 177 | if ($count !== NULL) { 178 | $params['count'] = $count; 179 | } 180 | return $this->zap->requestother($this->zap->base_other . 'search/other/harByRequestRegex/', $params); 181 | } 182 | 183 | public function harByResponseRegex($regex, $baseurl=NULL, $start=NULL, $count=NULL, $apikey='') { 184 | $params = array('regex' => $regex, 'apikey' => $apikey); 185 | if ($baseurl !== NULL) { 186 | $params['baseurl'] = $baseurl; 187 | } 188 | if ($start !== NULL) { 189 | $params['start'] = $start; 190 | } 191 | if ($count !== NULL) { 192 | $params['count'] = $count; 193 | } 194 | return $this->zap->requestother($this->zap->base_other . 'search/other/harByResponseRegex/', $params); 195 | } 196 | 197 | public function harByHeaderRegex($regex, $baseurl=NULL, $start=NULL, $count=NULL, $apikey='') { 198 | $params = array('regex' => $regex, 'apikey' => $apikey); 199 | if ($baseurl !== NULL) { 200 | $params['baseurl'] = $baseurl; 201 | } 202 | if ($start !== NULL) { 203 | $params['start'] = $start; 204 | } 205 | if ($count !== NULL) { 206 | $params['count'] = $count; 207 | } 208 | return $this->zap->requestother($this->zap->base_other . 'search/other/harByHeaderRegex/', $params); 209 | } 210 | 211 | } 212 | -------------------------------------------------------------------------------- /src/Zap/Selenium.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | /** 36 | * This component is optional and therefore the API will only work if it is installed 37 | */ 38 | public function optionChromeDriverPath() { 39 | return $this->zap->request($this->zap->base . 'selenium/view/optionChromeDriverPath/')->{'ChromeDriverPath'}; 40 | } 41 | 42 | /** 43 | * This component is optional and therefore the API will only work if it is installed 44 | */ 45 | public function optionIeDriverPath() { 46 | return $this->zap->request($this->zap->base . 'selenium/view/optionIeDriverPath/')->{'IeDriverPath'}; 47 | } 48 | 49 | /** 50 | * This component is optional and therefore the API will only work if it is installed 51 | */ 52 | public function optionPhantomJsBinaryPath() { 53 | return $this->zap->request($this->zap->base . 'selenium/view/optionPhantomJsBinaryPath/')->{'PhantomJsBinaryPath'}; 54 | } 55 | 56 | /** 57 | * This component is optional and therefore the API will only work if it is installed 58 | */ 59 | public function setOptionChromeDriverPath($string, $apikey='') { 60 | return $this->zap->request($this->zap->base . 'selenium/action/setOptionChromeDriverPath/', array('String' => $string, 'apikey' => $apikey)); 61 | } 62 | 63 | /** 64 | * This component is optional and therefore the API will only work if it is installed 65 | */ 66 | public function setOptionIeDriverPath($string, $apikey='') { 67 | return $this->zap->request($this->zap->base . 'selenium/action/setOptionIeDriverPath/', array('String' => $string, 'apikey' => $apikey)); 68 | } 69 | 70 | /** 71 | * This component is optional and therefore the API will only work if it is installed 72 | */ 73 | public function setOptionPhantomJsBinaryPath($string, $apikey='') { 74 | return $this->zap->request($this->zap->base . 'selenium/action/setOptionPhantomJsBinaryPath/', array('String' => $string, 'apikey' => $apikey)); 75 | } 76 | 77 | } 78 | -------------------------------------------------------------------------------- /src/Zap/SessionManagement.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | public function getSupportedSessionManagementMethods() { 36 | $res = $this->zap->request($this->zap->base . 'sessionManagement/view/getSupportedSessionManagementMethods/'); 37 | return reset($res); 38 | } 39 | 40 | public function getSessionManagementMethodConfigParams($methodname) { 41 | $res = $this->zap->request($this->zap->base . 'sessionManagement/view/getSessionManagementMethodConfigParams/', array('methodName' => $methodname)); 42 | return reset($res); 43 | } 44 | 45 | public function getSessionManagementMethod($contextid) { 46 | $res = $this->zap->request($this->zap->base . 'sessionManagement/view/getSessionManagementMethod/', array('contextId' => $contextid)); 47 | return reset($res); 48 | } 49 | 50 | public function setSessionManagementMethod($contextid, $methodname, $methodconfigparams=NULL, $apikey='') { 51 | $params = array('contextId' => $contextid, 'methodName' => $methodname, 'apikey' => $apikey); 52 | if ($methodconfigparams !== NULL) { 53 | $params['methodConfigParams'] = $methodconfigparams; 54 | } 55 | $res = $this->zap->request($this->zap->base . 'sessionManagement/action/setSessionManagementMethod/', $params); 56 | return reset($res); 57 | } 58 | 59 | } 60 | -------------------------------------------------------------------------------- /src/Zap/Spider.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | public function status($scanid=NULL) { 36 | $params = array(); 37 | if ($scanid !== NULL) { 38 | $params['scanId'] = $scanid; 39 | } 40 | $res = $this->zap->request($this->zap->base . 'spider/view/status/', $params); 41 | return reset($res); 42 | } 43 | 44 | public function results($scanid=NULL) { 45 | $params = array(); 46 | if ($scanid !== NULL) { 47 | $params['scanId'] = $scanid; 48 | } 49 | $res = $this->zap->request($this->zap->base . 'spider/view/results/', $params); 50 | return reset($res); 51 | } 52 | 53 | public function fullResults($scanid) { 54 | $res = $this->zap->request($this->zap->base . 'spider/view/fullResults/', array('scanId' => $scanid)); 55 | return reset($res); 56 | } 57 | 58 | public function scans() { 59 | $res = $this->zap->request($this->zap->base . 'spider/view/scans/'); 60 | return reset($res); 61 | } 62 | 63 | public function excludedFromScan() { 64 | $res = $this->zap->request($this->zap->base . 'spider/view/excludedFromScan/'); 65 | return reset($res); 66 | } 67 | 68 | public function optionDomainsAlwaysInScope() { 69 | $res = $this->zap->request($this->zap->base . 'spider/view/optionDomainsAlwaysInScope/'); 70 | return reset($res); 71 | } 72 | 73 | public function optionDomainsAlwaysInScopeEnabled() { 74 | $res = $this->zap->request($this->zap->base . 'spider/view/optionDomainsAlwaysInScopeEnabled/'); 75 | return reset($res); 76 | } 77 | 78 | public function optionHandleParameters() { 79 | $res = $this->zap->request($this->zap->base . 'spider/view/optionHandleParameters/'); 80 | return reset($res); 81 | } 82 | 83 | public function optionMaxDepth() { 84 | $res = $this->zap->request($this->zap->base . 'spider/view/optionMaxDepth/'); 85 | return reset($res); 86 | } 87 | 88 | public function optionMaxScansInUI() { 89 | $res = $this->zap->request($this->zap->base . 'spider/view/optionMaxScansInUI/'); 90 | return reset($res); 91 | } 92 | 93 | public function optionRequestWaitTime() { 94 | $res = $this->zap->request($this->zap->base . 'spider/view/optionRequestWaitTime/'); 95 | return reset($res); 96 | } 97 | 98 | public function optionScope() { 99 | $res = $this->zap->request($this->zap->base . 'spider/view/optionScope/'); 100 | return reset($res); 101 | } 102 | 103 | public function optionScopeText() { 104 | $res = $this->zap->request($this->zap->base . 'spider/view/optionScopeText/'); 105 | return reset($res); 106 | } 107 | 108 | public function optionSkipURLString() { 109 | $res = $this->zap->request($this->zap->base . 'spider/view/optionSkipURLString/'); 110 | return reset($res); 111 | } 112 | 113 | public function optionThreadCount() { 114 | $res = $this->zap->request($this->zap->base . 'spider/view/optionThreadCount/'); 115 | return reset($res); 116 | } 117 | 118 | public function optionUserAgent() { 119 | $res = $this->zap->request($this->zap->base . 'spider/view/optionUserAgent/'); 120 | return reset($res); 121 | } 122 | 123 | public function optionHandleODataParametersVisited() { 124 | $res = $this->zap->request($this->zap->base . 'spider/view/optionHandleODataParametersVisited/'); 125 | return reset($res); 126 | } 127 | 128 | public function optionParseComments() { 129 | $res = $this->zap->request($this->zap->base . 'spider/view/optionParseComments/'); 130 | return reset($res); 131 | } 132 | 133 | public function optionParseGit() { 134 | $res = $this->zap->request($this->zap->base . 'spider/view/optionParseGit/'); 135 | return reset($res); 136 | } 137 | 138 | public function optionParseRobotsTxt() { 139 | $res = $this->zap->request($this->zap->base . 'spider/view/optionParseRobotsTxt/'); 140 | return reset($res); 141 | } 142 | 143 | public function optionParseSVNEntries() { 144 | $res = $this->zap->request($this->zap->base . 'spider/view/optionParseSVNEntries/'); 145 | return reset($res); 146 | } 147 | 148 | public function optionParseSitemapXml() { 149 | $res = $this->zap->request($this->zap->base . 'spider/view/optionParseSitemapXml/'); 150 | return reset($res); 151 | } 152 | 153 | public function optionPostForm() { 154 | $res = $this->zap->request($this->zap->base . 'spider/view/optionPostForm/'); 155 | return reset($res); 156 | } 157 | 158 | public function optionProcessForm() { 159 | $res = $this->zap->request($this->zap->base . 'spider/view/optionProcessForm/'); 160 | return reset($res); 161 | } 162 | 163 | /** 164 | * Sets whether or not the 'Referer' header should be sent while spidering 165 | */ 166 | public function optionSendRefererHeader() { 167 | $res = $this->zap->request($this->zap->base . 'spider/view/optionSendRefererHeader/'); 168 | return reset($res); 169 | } 170 | 171 | public function optionShowAdvancedDialog() { 172 | $res = $this->zap->request($this->zap->base . 'spider/view/optionShowAdvancedDialog/'); 173 | return reset($res); 174 | } 175 | 176 | /** 177 | * Runs the spider against the given URL. Optionally, the 'maxChildren' parameter can be set to limit the number of children scanned, the 'recurse' parameter can be used to prevent the spider from seeding recursively and the parameter 'contextName' can be used to constrain the scan to a Context. 178 | */ 179 | public function scan($url, $maxchildren=NULL, $recurse=NULL, $contextname=NULL, $apikey='') { 180 | $params = array('url' => $url, 'apikey' => $apikey); 181 | if ($maxchildren !== NULL) { 182 | $params['maxChildren'] = $maxchildren; 183 | } 184 | if ($recurse !== NULL) { 185 | $params['recurse'] = $recurse; 186 | } 187 | if ($contextname !== NULL) { 188 | $params['contextName'] = $contextname; 189 | } 190 | $res = $this->zap->request($this->zap->base . 'spider/action/scan/', $params); 191 | return reset($res); 192 | } 193 | 194 | /** 195 | * Runs the spider from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details. 196 | */ 197 | public function scanAsUser($url, $contextid, $userid, $maxchildren=NULL, $recurse=NULL, $apikey='') { 198 | $params = array('url' => $url, 'contextId' => $contextid, 'userId' => $userid, 'apikey' => $apikey); 199 | if ($maxchildren !== NULL) { 200 | $params['maxChildren'] = $maxchildren; 201 | } 202 | if ($recurse !== NULL) { 203 | $params['recurse'] = $recurse; 204 | } 205 | $res = $this->zap->request($this->zap->base . 'spider/action/scanAsUser/', $params); 206 | return reset($res); 207 | } 208 | 209 | public function pause($scanid, $apikey='') { 210 | $res = $this->zap->request($this->zap->base . 'spider/action/pause/', array('scanId' => $scanid, 'apikey' => $apikey)); 211 | return reset($res); 212 | } 213 | 214 | public function resume($scanid, $apikey='') { 215 | $res = $this->zap->request($this->zap->base . 'spider/action/resume/', array('scanId' => $scanid, 'apikey' => $apikey)); 216 | return reset($res); 217 | } 218 | 219 | public function stop($scanid=NULL, $apikey='') { 220 | $params = array('apikey' => $apikey); 221 | if ($scanid !== NULL) { 222 | $params['scanId'] = $scanid; 223 | } 224 | $res = $this->zap->request($this->zap->base . 'spider/action/stop/', $params); 225 | return reset($res); 226 | } 227 | 228 | public function removeScan($scanid, $apikey='') { 229 | $res = $this->zap->request($this->zap->base . 'spider/action/removeScan/', array('scanId' => $scanid, 'apikey' => $apikey)); 230 | return reset($res); 231 | } 232 | 233 | public function pauseAllScans($apikey='') { 234 | $res = $this->zap->request($this->zap->base . 'spider/action/pauseAllScans/', array('apikey' => $apikey)); 235 | return reset($res); 236 | } 237 | 238 | public function resumeAllScans($apikey='') { 239 | $res = $this->zap->request($this->zap->base . 'spider/action/resumeAllScans/', array('apikey' => $apikey)); 240 | return reset($res); 241 | } 242 | 243 | public function stopAllScans($apikey='') { 244 | $res = $this->zap->request($this->zap->base . 'spider/action/stopAllScans/', array('apikey' => $apikey)); 245 | return reset($res); 246 | } 247 | 248 | public function removeAllScans($apikey='') { 249 | $res = $this->zap->request($this->zap->base . 'spider/action/removeAllScans/', array('apikey' => $apikey)); 250 | return reset($res); 251 | } 252 | 253 | public function clearExcludedFromScan($apikey='') { 254 | $res = $this->zap->request($this->zap->base . 'spider/action/clearExcludedFromScan/', array('apikey' => $apikey)); 255 | return reset($res); 256 | } 257 | 258 | public function excludeFromScan($regex, $apikey='') { 259 | $res = $this->zap->request($this->zap->base . 'spider/action/excludeFromScan/', array('regex' => $regex, 'apikey' => $apikey)); 260 | return reset($res); 261 | } 262 | 263 | public function setOptionHandleParameters($string, $apikey='') { 264 | $res = $this->zap->request($this->zap->base . 'spider/action/setOptionHandleParameters/', array('String' => $string, 'apikey' => $apikey)); 265 | return reset($res); 266 | } 267 | 268 | public function setOptionScopeString($string, $apikey='') { 269 | $res = $this->zap->request($this->zap->base . 'spider/action/setOptionScopeString/', array('String' => $string, 'apikey' => $apikey)); 270 | return reset($res); 271 | } 272 | 273 | public function setOptionSkipURLString($string, $apikey='') { 274 | $res = $this->zap->request($this->zap->base . 'spider/action/setOptionSkipURLString/', array('String' => $string, 'apikey' => $apikey)); 275 | return reset($res); 276 | } 277 | 278 | public function setOptionUserAgent($string, $apikey='') { 279 | $res = $this->zap->request($this->zap->base . 'spider/action/setOptionUserAgent/', array('String' => $string, 'apikey' => $apikey)); 280 | return reset($res); 281 | } 282 | 283 | public function setOptionHandleODataParametersVisited($boolean, $apikey='') { 284 | $res = $this->zap->request($this->zap->base . 'spider/action/setOptionHandleODataParametersVisited/', array('Boolean' => $boolean, 'apikey' => $apikey)); 285 | return reset($res); 286 | } 287 | 288 | public function setOptionMaxDepth($integer, $apikey='') { 289 | $res = $this->zap->request($this->zap->base . 'spider/action/setOptionMaxDepth/', array('Integer' => $integer, 'apikey' => $apikey)); 290 | return reset($res); 291 | } 292 | 293 | public function setOptionMaxScansInUI($integer, $apikey='') { 294 | $res = $this->zap->request($this->zap->base . 'spider/action/setOptionMaxScansInUI/', array('Integer' => $integer, 'apikey' => $apikey)); 295 | return reset($res); 296 | } 297 | 298 | public function setOptionParseComments($boolean, $apikey='') { 299 | $res = $this->zap->request($this->zap->base . 'spider/action/setOptionParseComments/', array('Boolean' => $boolean, 'apikey' => $apikey)); 300 | return reset($res); 301 | } 302 | 303 | public function setOptionParseGit($boolean, $apikey='') { 304 | $res = $this->zap->request($this->zap->base . 'spider/action/setOptionParseGit/', array('Boolean' => $boolean, 'apikey' => $apikey)); 305 | return reset($res); 306 | } 307 | 308 | public function setOptionParseRobotsTxt($boolean, $apikey='') { 309 | $res = $this->zap->request($this->zap->base . 'spider/action/setOptionParseRobotsTxt/', array('Boolean' => $boolean, 'apikey' => $apikey)); 310 | return reset($res); 311 | } 312 | 313 | public function setOptionParseSVNEntries($boolean, $apikey='') { 314 | $res = $this->zap->request($this->zap->base . 'spider/action/setOptionParseSVNEntries/', array('Boolean' => $boolean, 'apikey' => $apikey)); 315 | return reset($res); 316 | } 317 | 318 | public function setOptionParseSitemapXml($boolean, $apikey='') { 319 | $res = $this->zap->request($this->zap->base . 'spider/action/setOptionParseSitemapXml/', array('Boolean' => $boolean, 'apikey' => $apikey)); 320 | return reset($res); 321 | } 322 | 323 | public function setOptionPostForm($boolean, $apikey='') { 324 | $res = $this->zap->request($this->zap->base . 'spider/action/setOptionPostForm/', array('Boolean' => $boolean, 'apikey' => $apikey)); 325 | return reset($res); 326 | } 327 | 328 | public function setOptionProcessForm($boolean, $apikey='') { 329 | $res = $this->zap->request($this->zap->base . 'spider/action/setOptionProcessForm/', array('Boolean' => $boolean, 'apikey' => $apikey)); 330 | return reset($res); 331 | } 332 | 333 | public function setOptionRequestWaitTime($integer, $apikey='') { 334 | $res = $this->zap->request($this->zap->base . 'spider/action/setOptionRequestWaitTime/', array('Integer' => $integer, 'apikey' => $apikey)); 335 | return reset($res); 336 | } 337 | 338 | public function setOptionSendRefererHeader($boolean, $apikey='') { 339 | $res = $this->zap->request($this->zap->base . 'spider/action/setOptionSendRefererHeader/', array('Boolean' => $boolean, 'apikey' => $apikey)); 340 | return reset($res); 341 | } 342 | 343 | public function setOptionShowAdvancedDialog($boolean, $apikey='') { 344 | $res = $this->zap->request($this->zap->base . 'spider/action/setOptionShowAdvancedDialog/', array('Boolean' => $boolean, 'apikey' => $apikey)); 345 | return reset($res); 346 | } 347 | 348 | public function setOptionThreadCount($integer, $apikey='') { 349 | $res = $this->zap->request($this->zap->base . 'spider/action/setOptionThreadCount/', array('Integer' => $integer, 'apikey' => $apikey)); 350 | return reset($res); 351 | } 352 | 353 | } 354 | -------------------------------------------------------------------------------- /src/Zap/Users.php: -------------------------------------------------------------------------------- 1 | zap = $zap; 33 | } 34 | 35 | public function usersList($contextid=NULL) { 36 | $params = array(); 37 | if ($contextid !== NULL) { 38 | $params['contextId'] = $contextid; 39 | } 40 | $res = $this->zap->request($this->zap->base . 'users/view/usersList/', $params); 41 | return reset($res); 42 | } 43 | 44 | public function getUserById($contextid=NULL, $userid=NULL) { 45 | $params = array(); 46 | if ($contextid !== NULL) { 47 | $params['contextId'] = $contextid; 48 | } 49 | if ($userid !== NULL) { 50 | $params['userId'] = $userid; 51 | } 52 | $res = $this->zap->request($this->zap->base . 'users/view/getUserById/', $params); 53 | return reset($res); 54 | } 55 | 56 | public function getAuthenticationCredentialsConfigParams($contextid) { 57 | $res = $this->zap->request($this->zap->base . 'users/view/getAuthenticationCredentialsConfigParams/', array('contextId' => $contextid)); 58 | return reset($res); 59 | } 60 | 61 | public function getAuthenticationCredentials($contextid, $userid) { 62 | $res = $this->zap->request($this->zap->base . 'users/view/getAuthenticationCredentials/', array('contextId' => $contextid, 'userId' => $userid)); 63 | return reset($res); 64 | } 65 | 66 | public function newUser($contextid, $name, $apikey='') { 67 | $res = $this->zap->request($this->zap->base . 'users/action/newUser/', array('contextId' => $contextid, 'name' => $name, 'apikey' => $apikey)); 68 | return reset($res); 69 | } 70 | 71 | public function removeUser($contextid, $userid, $apikey='') { 72 | $res = $this->zap->request($this->zap->base . 'users/action/removeUser/', array('contextId' => $contextid, 'userId' => $userid, 'apikey' => $apikey)); 73 | return reset($res); 74 | } 75 | 76 | public function setUserEnabled($contextid, $userid, $enabled, $apikey='') { 77 | $res = $this->zap->request($this->zap->base . 'users/action/setUserEnabled/', array('contextId' => $contextid, 'userId' => $userid, 'enabled' => $enabled, 'apikey' => $apikey)); 78 | return reset($res); 79 | } 80 | 81 | public function setUserName($contextid, $userid, $name, $apikey='') { 82 | $res = $this->zap->request($this->zap->base . 'users/action/setUserName/', array('contextId' => $contextid, 'userId' => $userid, 'name' => $name, 'apikey' => $apikey)); 83 | return reset($res); 84 | } 85 | 86 | public function setAuthenticationCredentials($contextid, $userid, $authcredentialsconfigparams=NULL, $apikey='') { 87 | $params = array('contextId' => $contextid, 'userId' => $userid, 'apikey' => $apikey); 88 | if ($authcredentialsconfigparams !== NULL) { 89 | $params['authCredentialsConfigParams'] = $authcredentialsconfigparams; 90 | } 91 | $res = $this->zap->request($this->zap->base . 'users/action/setAuthenticationCredentials/', $params); 92 | return reset($res); 93 | } 94 | 95 | } 96 | -------------------------------------------------------------------------------- /src/Zap/Zapv2.php: -------------------------------------------------------------------------------- 1 | code}]: {$this->message}\n"; 51 | } 52 | } 53 | 54 | /** 55 | * Client API implementation for integrating with ZAP v2. 56 | */ 57 | class Zapv2 { 58 | 59 | // base JSON api url 60 | public $base = 'http://zap/JSON/'; 61 | // base OTHER api url 62 | public $base_other = 'http://zap/OTHER/'; 63 | 64 | /** 65 | * Creates an instance of the ZAP api client. 66 | * 67 | * Note that all of the other classes in this directory are generated 68 | * new ones will need to be manually added to this file 69 | * 70 | * @param string $proxy e.g. 'tcp://127.0.0.1:8080' 71 | */ 72 | public function __construct($proxy = 'tcp://127.0.0.1:8080') { 73 | $this->proxy = $proxy; 74 | 75 | $this->acsrf = new Acsrf($this); 76 | $this->ajaxSpider = new AjaxSpider($this); 77 | $this->ascan = new Ascan($this); 78 | $this->authentication = new Authentication($this); 79 | $this->autoupdate = new Autoupdate($this); 80 | $this->brk = new Brk($this); 81 | $this->context = new Context($this); 82 | $this->core = new Core($this); 83 | $this->forcedUser = new ForcedUser($this); 84 | $this->httpsessions = new HttpSessions($this); 85 | $this->importLogFiles = new ImportLogFiles($this); 86 | $this->params = new Params($this); 87 | $this->pnh = new Pnh($this); 88 | $this->pscan = new Pscan($this); 89 | $this->reveal = new Reveal($this); 90 | $this->script = new Script($this); 91 | $this->search = new Search($this); 92 | $this->selenium = new Selenium($this); 93 | $this->sessionManagement = new SessionManagement($this); 94 | $this->spider = new Spider($this); 95 | $this->users = new Users($this); 96 | } 97 | 98 | /** 99 | * Overwrite a field 100 | * 101 | * mainly used for unit test 102 | * 103 | * @param $name the name of overwritten field 104 | * @param $obj the value of overwritten field 105 | */ 106 | public function setFieldByName($name, $obj) { 107 | $this->{$name} = $obj; 108 | } 109 | 110 | /** 111 | * Checks that we have an OK response, else raises an exception. 112 | * 113 | * checks the result json data after doing action request 114 | * 115 | * @param array $json_data the json data to look at. 116 | * @return array 117 | * @throws ZapError 118 | */ 119 | public function expectOk($json_data) { 120 | if (is_array($json_data) && reset($json_data) === 'OK') { 121 | return $json_data; 122 | } 123 | throw new ZapError("json_data: " . json_encode($json_data)); 124 | } 125 | 126 | /** 127 | * Opens a url 128 | * 129 | * @param $url 130 | * @return string || false 131 | */ 132 | public function sendRequest($url) { 133 | $context = stream_context_create(array('http' => array('proxy' => $this->proxy))); 134 | return file_get_contents($url, false, $context); 135 | } 136 | 137 | /** 138 | * Open a url 139 | * 140 | * @param string $url 141 | * @return string 142 | */ 143 | public function statusCode($url) { 144 | // get the current proxy value 145 | $sc_before = stream_context_get_default(); 146 | if (isset($sc_before['http']['proxy']) && $sc_before['http']['proxy'] != '') { 147 | $proxy_before = $sc_before['http']['proxy']; 148 | } else { 149 | $proxy_before = null; 150 | } 151 | 152 | stream_context_set_default(array('http' => array('proxy' => $this->proxy))); 153 | $headers = get_headers($url); 154 | 155 | // put the proxy value back 156 | stream_context_set_default(array('http' => array('proxy' => $proxy_before))); 157 | 158 | return substr($headers[0], 9, 3); 159 | } 160 | 161 | /** 162 | * Shortcut for a GET request. 163 | * 164 | * @param string $url the url to GET at. 165 | * @param array $get the disctionary to turn into GET variables. 166 | * @return mixed 167 | * @throws ZapError 168 | */ 169 | public function request($url, $get=array()) { 170 | $response = $this->sendRequest($url . '?' . $this->urlencode($get)); 171 | if ($response === false) { 172 | throw new ZapError("Connection error (proxy: {$this->proxy})"); 173 | } 174 | $response = trim($response, '()'); 175 | return json_decode($response, true); 176 | } 177 | 178 | /** 179 | * Shortcut for an API OTHER GET request. 180 | * 181 | * @param string $url the url to GET at. 182 | * @param array $getParams the disctionary to turn into GET variables. 183 | * @return string 184 | */ 185 | public function requestOther($url, $getParams=array()) { 186 | return $this->sendRequest($url . '?' . $this->urlencode($getParams)); 187 | } 188 | 189 | private function urlencode($getParams) { 190 | $param = ""; 191 | foreach ($getParams as $key => $value) { 192 | if ($param != "") { 193 | $param .= "&"; 194 | } 195 | $param .= $key . "=" . urlencode($value); 196 | } 197 | return $param; 198 | } 199 | } 200 | -------------------------------------------------------------------------------- /test/excluded/SampleTest.php: -------------------------------------------------------------------------------- 1 | core->version(); 25 | if (is_null($version)) { 26 | echo "PHP API error\n"; 27 | exit(); 28 | } else { 29 | echo "version: ${version}\n"; 30 | } 31 | 32 | echo "Spidering target ${target}\n"; 33 | 34 | // Response JSON looks like {"scan":"1"} 35 | $scan_id = $zap->spider->scan($target, 0, $api_key); 36 | $count = 0; 37 | while (true) { 38 | if ($count > 10) exit(); 39 | // Response JSON looks like {"status":"50"} 40 | $progress = intval($zap->spider->status($scan_id)); 41 | printf("Spider progress %d\n", $progress); 42 | if ($progress >= 100) break; 43 | sleep(2); 44 | $count++; 45 | } 46 | echo "Spider completed\n"; 47 | // Give the passive scanner a chance to finish 48 | sleep(5); 49 | 50 | echo "Scanning target ${target}\n"; 51 | // Response JSON for error looks like {"code":"url_not_found", "message":"URL is not found"} 52 | $scan_id = $zap->ascan->scan($target, '', '', '', '', '', $api_key); 53 | $count = 0; 54 | while (true) { 55 | if ($count > 10) exit(); 56 | $progress = intval($zap->ascan->status($scan_id)); 57 | printf("Scan progress %d\n", $progress); 58 | if ($progress >= 100) break; 59 | sleep(2); 60 | $count++; 61 | } 62 | echo "Scan completed\n"; 63 | 64 | // Report the results 65 | echo "Hosts: " . implode(",", $zap->core->hosts()) . "\n"; 66 | $alerts = $zap->core->alerts($target, "", ""); 67 | echo "Alerts (" . count($alerts) . "):\n"; 68 | //print_r($alerts); 69 | 70 | } 71 | 72 | } 73 | -------------------------------------------------------------------------------- /test/src/Zap/Zapv2Test.php: -------------------------------------------------------------------------------- 1 | proxy = "tcp://localhost:8090"; 12 | // Set your target web server 13 | $this->target_url = "http://localhost:8000"; 14 | } 15 | 16 | public function tearDown() { 17 | \Mockery::close(); 18 | } 19 | 20 | /** 21 | * @test 22 | */ 23 | public function testVersion() { 24 | $zap = new \Zap\Zapv2($this->proxy); 25 | $version = @$zap->core->version(); 26 | $this->assertSame("2.4", substr($version, 0, 3)); 27 | } 28 | 29 | /** 30 | * @test 31 | */ 32 | public function testStatusCode() { 33 | $zap = new \Zap\Zapv2($this->proxy); 34 | $res = $zap->statusCode($this->target_url); 35 | $this->assertSame("200", $res); 36 | } 37 | 38 | /** 39 | * @test 40 | */ 41 | public function testSpiderScanReturnError() { 42 | // the Spider->scan() method doesn't raise any errors 43 | $this->assertTrue(true); 44 | } 45 | 46 | /** 47 | * @test 48 | */ 49 | public function testSpiderScanReturnSuccess() { 50 | /* Use Mock not to request to a target server */ 51 | $spider = \Mockery::mock('Zap\Spider'); 52 | $spider->shouldReceive('scan')->once()->andReturn("1"); 53 | 54 | $zap = new \Zap\Zapv2($this->proxy); 55 | $zap->setFieldByName('spider', $spider); 56 | $scan_id = $zap->spider->scan($this->target_url); 57 | 58 | $this->assertSame($scan_id, '1'); 59 | } 60 | } 61 | --------------------------------------------------------------------------------