├── .github ├── dependabot.yml └── workflows │ ├── ci.yml │ └── release.yml ├── .gitignore ├── CHANGELOG.md ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── RELEASING.md ├── poetry.lock ├── pyproject.toml ├── src ├── examples │ ├── README.md │ ├── basic-spider-scan.py │ └── zap_example_api_script.py └── zapv2 │ ├── __init__.py │ ├── accessControl.py │ ├── acsrf.py │ ├── ajaxSpider.py │ ├── alert.py │ ├── alertFilter.py │ ├── ascan.py │ ├── authentication.py │ ├── authorization.py │ ├── automation.py │ ├── autoupdate.py │ ├── brk.py │ ├── context.py │ ├── core.py │ ├── custompayloads.py │ ├── exim.py │ ├── forcedUser.py │ ├── graphql.py │ ├── httpSessions.py │ ├── localProxies.py │ ├── network.py │ ├── oast.py │ ├── openapi.py │ ├── params.py │ ├── pnh.py │ ├── pscan.py │ ├── replacer.py │ ├── reports.py │ ├── retest.py │ ├── reveal.py │ ├── revisit.py │ ├── ruleConfig.py │ ├── script.py │ ├── search.py │ ├── selenium.py │ ├── sessionManagement.py │ ├── soap.py │ ├── spider.py │ ├── stats.py │ ├── users.py │ ├── wappalyzer.py │ └── websocket.py └── tests ├── __init__.py └── unit ├── __init__.py ├── conftest.py └── test_client.py /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: pip 4 | directory: "/" 5 | schedule: 6 | interval: weekly 7 | open-pull-requests-limit: 10 8 | - package-ecosystem: "github-actions" 9 | directory: "/" 10 | schedule: 11 | interval: "monthly" 12 | groups: 13 | gha: 14 | applies-to: version-updates 15 | patterns: 16 | - "*" 17 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: Python CI 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | pull_request: 8 | workflow_dispatch: 9 | 10 | jobs: 11 | build: 12 | runs-on: ubuntu-latest 13 | strategy: 14 | fail-fast: false 15 | matrix: 16 | python-version: [3.9, "3.10", "3.11", "3.12"] 17 | 18 | steps: 19 | - uses: actions/checkout@v4 20 | - uses: actions/setup-python@v5 21 | with: 22 | python-version: ${{ matrix.python-version }} 23 | - run: | 24 | python -m pip install --upgrade pip 25 | pipx install poetry==1.8.0 26 | - run: poetry install 27 | - run: poetry run pylama 28 | - run: poetry run py.test 29 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: Release PyPI 2 | 3 | on: 4 | push: 5 | tags: 6 | - '*' 7 | 8 | jobs: 9 | pypi-publish: 10 | name: Upload release to PyPI 11 | runs-on: ubuntu-latest 12 | environment: 13 | name: release 14 | url: https://pypi.org/p/zaproxy 15 | permissions: 16 | id-token: write 17 | steps: 18 | - uses: actions/checkout@v4 19 | - uses: actions/setup-python@v5 20 | with: 21 | python-version: '3.12' 22 | - run: | 23 | python -m pip install --upgrade pip 24 | pipx install poetry==1.8.0 25 | poetry build 26 | - name: Publish package distributions to PyPI 27 | uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 28 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | env/ 12 | build/ 13 | develop-eggs/ 14 | dist/ 15 | downloads/ 16 | eggs/ 17 | .eggs/ 18 | lib/ 19 | lib64/ 20 | parts/ 21 | sdist/ 22 | var/ 23 | *.egg-info/ 24 | .installed.cfg 25 | *.egg 26 | 27 | # PyInstaller 28 | # Usually these files are written by a python script from a template 29 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 30 | *.manifest 31 | *.spec 32 | 33 | # Installer logs 34 | pip-log.txt 35 | pip-delete-this-directory.txt 36 | 37 | # Unit test / coverage reports 38 | htmlcov/ 39 | .tox/ 40 | .coverage 41 | .coverage.* 42 | .cache 43 | nosetests.xml 44 | coverage.xml 45 | *,cover 46 | .hypothesis/ 47 | 48 | # Translations 49 | *.mo 50 | *.pot 51 | 52 | # Django stuff: 53 | *.log 54 | 55 | # PyBuilder 56 | target/ 57 | 58 | #Ipython Notebook 59 | .ipynb_checkpoints 60 | 61 | # Eclipse 62 | # ------- 63 | .pydevproject 64 | .project 65 | 66 | # VS Code 67 | .vscode/ 68 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | All notable changes to this project will be documented in this file. 3 | 4 | The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). 5 | 6 | ## [Unreleased] 7 | 8 | ## [0.4.0] - 2025-01-20 9 | ### Changed 10 | - Update APIs for 2.16. 11 | 12 | ## [0.3.2] - 2024-06-04 13 | ### Fixed 14 | - Return the whole response from `stats.stats`. 15 | 16 | ## [0.3.1] - 2024-05-20 17 | ### Fixed 18 | - Return the whole response from `automation.plan_progress`. 19 | 20 | ## [0.3.0] - 2024-05-09 21 | ### Added 22 | - Add the API of the following add-on: 23 | - Custom Payloads version 0.13.0. 24 | 25 | ### Changed 26 | - Update core APIs for 2.15. 27 | 28 | ### Fixed 29 | - Return the whole response from `users.get_user_by_id`. 30 | 31 | ## [0.2.0] - 2023-11-03 32 | ### Changed 33 | - Update core APIs for 2.14. 34 | - Update the APIs of the following add-on: 35 | - Selenium version 15.15.0. 36 | - Allow to call the ZAP API with custom HTTP method and body (e.g. file upload). 37 | 38 | ### Deprecated 39 | - The parameter `apikey` in the functions is no longer functional and will be removed in a future version. 40 | The API key should be set when creating the API client (i.e. `ZAPv2(apikey='MyApiKey')`), which was added in the version 0.0.9, seven years ago. 41 | - The class `localProxies` will be removed in a future version, having been superseded by `network`. 42 | 43 | ### Removed 44 | - The classes `exportreport`, `importLogFiles`, and `importurls` were removed as the corresponding add-ons no longer exist. 45 | 46 | ## [0.1.1] - 2023-08-09 47 | ### Fixed 48 | - Correct module version. 49 | - Use download link from PyPI. 50 | 51 | ## [0.1.0] - 2023-08-09 52 | ### Changed 53 | - Rename package from `python-owasp-zap-v2.4` to `zaproxy`. 54 | 55 | ## [0.0.22] - 2023-07-13 56 | ### Changed 57 | - Update core APIs for 2.13. 58 | - Update the APIs of the following add-ons: 59 | - AJAX Spider version 23.15.0; 60 | - Alert Filters version 17; 61 | - GraphQL Support version 0.18.0; 62 | - Network version 0.10.0; 63 | - Selenium version 15.13.0; 64 | - Spider version 0.5.0. 65 | 66 | ## [0.0.21] - 2022-10-28 67 | ### Added 68 | - Add the API of the following add-on: 69 | - Import/Export version 0.3.0. 70 | 71 | ### Changed 72 | - Update core APIs for 2.12. 73 | - Update the APIs of the following add-ons: 74 | - Network version 0.3.0; 75 | - Replacer version 11; 76 | - Selenium version 15.11.0; 77 | - Spider version 0.1.0. 78 | 79 | ## [0.0.20] - 2022-02-09 80 | ### Changed 81 | - Update core APIs for 2.11.1 82 | - Update all add-on APIs 83 | 84 | ## [0.0.19] - 2021-10-08 85 | ### Added 86 | - Add the APIs of the following add-ons: 87 | - Automation Framework version 0.7.0; 88 | - Report Generation add-on, version 0.8.0; 89 | - Retest version 0.2.0. 90 | 91 | ### Changed 92 | - Python 2.7 is no longer supported. 93 | - Update core APIs for 2.11. 94 | - Update the APIs of the following add-ons: 95 | - Ajax Spider version 23.6.0; 96 | - Alert Filters version 13; 97 | - GraphQL Support version 0.6.0; 98 | - OpenAPI Support version 23; 99 | - Replacer version 9. 100 | 101 | ## [0.0.18] - 2020-12-18 102 | ### Changed 103 | - Core APIs updated for ZAP version 2.10.0. 104 | - Update APIs from add-ons: 105 | - AJAX Spider; 106 | - GraphQL. 107 | 108 | ## [0.0.17] - 2020-10-14 109 | ### Added 110 | - Add API for GraphQL add-on, version 0.2.0. 111 | 112 | ### Changed 113 | - Fix typos in error messages. 114 | 115 | ## [0.0.16] - 2020-01-22 116 | ### Added 117 | - Core APIs. 118 | - APIs from add-ons: 119 | - Access Control Testing; 120 | - Export Report; 121 | - Revisit; 122 | - Wappalyzer - Technology Detection. 123 | 124 | ### Changed 125 | - Core APIs updated for ZAP version 2.9.0. 126 | - Update APIs from add-ons: 127 | - Alert Filters; 128 | - OpenAPI Support; 129 | - Replacer. 130 | 131 | ## [0.0.15] - 2019-06-14 132 | ### Added 133 | - Add API for Context Alert Filters add-on, version 8. 134 | - Add API for WebSockets add-on, version 19. 135 | - Add API for SOAP Scanner add-on, version 3. 136 | 137 | ### Changed 138 | - Minimum Python 3 version is now 3.4. 139 | - Update Selenium API, per release of version 15.0.0. 140 | - Update core APIs for ZAP 2.8.0. 141 | - Allow to validate the status code returned by the ZAP API, to fail 142 | sooner if the API request was not successful. This can be enabled when 143 | instantiating the `ZAPv2` class with the argument `validate_status_code` 144 | set to `True`. 145 | - Update Replacer API, per release of version 7. 146 | - Add description to Importurls API endpoint. 147 | 148 | ## [0.0.14] - 2017-12-04 149 | ### Changed 150 | - Correct package descriptions for ZAP 2.7.0. 151 | 152 | ## [0.0.13] - 2017-11-29 153 | ### Changed 154 | - Update core APIs for ZAP 2.7.0. 155 | - Update APIs of the add-ons Ajax Spider, Reveal, and Selenium to update 156 | its docs. 157 | 158 | ## [0.0.12] - 2017-06-27 159 | ### Changed 160 | - Add `openaapi` to `ZAPv2` class. 161 | 162 | ## [0.0.11] - 2017-06-23 163 | ### Added 164 | - Add API for Import files containing URLs add-on. 165 | - Add API for Replacer add-on, version 1. 166 | 167 | ### Changed 168 | - Update API of OpenAPI Support add-on, version 6. 169 | 170 | ## [0.0.10] - 2017-05-12 171 | ### Added 172 | - Add `__version__`. 173 | - Add API of OpenAPI Support add-on. 174 | 175 | ### Changed 176 | - Update for Python 3. 177 | 178 | ## [0.0.9] - 2017-03-27 179 | ### Changed 180 | - Update core APIs for ZAP 2.6.0. 181 | - Allow to supply the API key when instantiating the class `ZAPv2`, to 182 | ensure it's automatically sent in all API requests. 183 | 184 | ## [0.0.8] - 2016-06-03 185 | ### Changed 186 | - Moved from the main `zaproxy` repository. 187 | 188 | [Unreleased]: https://github.com/zaproxy/zap-api-python/compare/0.4.0...HEAD 189 | [0.4.0]: https://github.com/zaproxy/zap-api-python/compare/0.3.2...0.4.0 190 | [0.3.2]: https://github.com/zaproxy/zap-api-python/compare/0.3.1...0.3.2 191 | [0.3.1]: https://github.com/zaproxy/zap-api-python/compare/0.3.0...0.3.1 192 | [0.3.0]: https://github.com/zaproxy/zap-api-python/compare/0.2.0...0.3.0 193 | [0.2.0]: https://github.com/zaproxy/zap-api-python/compare/0.1.1...0.2.0 194 | [0.1.1]: https://github.com/zaproxy/zap-api-python/compare/0.1.0...0.1.1 195 | [0.1.0]: https://github.com/zaproxy/zap-api-python/compare/0.0.22...0.1.0 196 | [0.0.22]: https://github.com/zaproxy/zap-api-python/compare/0.0.21...0.0.22 197 | [0.0.21]: https://github.com/zaproxy/zap-api-python/compare/0.0.20...0.0.21 198 | [0.0.20]: https://github.com/zaproxy/zap-api-python/compare/0.0.19...0.0.20 199 | [0.0.19]: https://github.com/zaproxy/zap-api-python/compare/0.0.18...0.0.19 200 | [0.0.18]: https://github.com/zaproxy/zap-api-python/compare/0.0.17...0.0.18 201 | [0.0.17]: https://github.com/zaproxy/zap-api-python/compare/0.0.16...0.0.17 202 | [0.0.16]: https://github.com/zaproxy/zap-api-python/compare/0.0.15...0.0.16 203 | [0.0.15]: https://github.com/zaproxy/zap-api-python/compare/0.0.14...0.0.15 204 | [0.0.14]: https://github.com/zaproxy/zap-api-python/compare/0.0.13...0.0.14 205 | [0.0.13]: https://github.com/zaproxy/zap-api-python/compare/0.0.12...0.0.13 206 | [0.0.12]: https://github.com/zaproxy/zap-api-python/compare/0.0.11...0.0.12 207 | [0.0.11]: https://github.com/zaproxy/zap-api-python/compare/0.0.10...0.0.11 208 | [0.0.10]: https://github.com/zaproxy/zap-api-python/compare/0.0.9...0.0.10 209 | [0.0.9]: https://github.com/zaproxy/zap-api-python/compare/0.0.8...0.0.9 210 | [0.0.8]: https://github.com/zaproxy/zap-api-python/compare/98ce6066deba2c65eb992489311e146fff9b3430...0.0.8 211 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to zap-api-python 2 | 3 | ## Updating the Generated Files 4 | 5 | Most of the API code is generated from the ZAP java source code. 6 | 7 | To regenerate the API code you will need the repos [zaproxy](https://github.com/zaproxy/zaproxy) and [zap-extensions](https://github.com/zaproxy/zap-extensions) checked out at the same level as this one. 8 | 9 | You should typically generate the core API calls from the latest release tag e.g.: 10 | 11 | ``` 12 | cd zaproxy 13 | git fetch upstream -t 14 | git checkout tags/v2.13.0 15 | ./gradlew generatePythonApiEndpoints 16 | cd .. 17 | ``` 18 | 19 | The add-on APIs can be generated from the zap-extensions `main` branch: 20 | 21 | ``` 22 | cd zap-extensions 23 | git pull upstream main 24 | ./gradle generatePythonZapApiClientFiles --continue 25 | cd .. 26 | ``` 27 | 28 | The above commands will update the files in `src/zapv2`. 29 | 30 | If any new files are created then they should be manually added to `src/zapv2/__init__.py` as per the existing files. 31 | 32 | ## Changelog 33 | 34 | Note that you should also update the `CHANGELOG.md` file to state whatever has been changed. -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ZAP Python API 2 | 3 | [![Version](https://img.shields.io/pypi/v/zaproxy.svg)](https://pypi.python.org/pypi/zaproxy) 4 | [![License](https://img.shields.io/badge/license-Apache%202-4EB1BA.svg)](https://www.apache.org/licenses/LICENSE-2.0.html) 5 | 6 | The Python implementation to access the [ZAP API](https://www.zaproxy.org/docs/api/). For more information 7 | about ZAP consult the (main) [ZAP project](https://github.com/zaproxy/zaproxy/). 8 | 9 | ## How to Obtain 10 | 11 | The latest released version can be downloaded from the [https://pypi.python.org/pypi/zaproxy](https://pypi.python.org/pypi/zaproxy) using: 12 | 13 | pip install zaproxy 14 | 15 | ## Getting Help 16 | 17 | For help using the ZAP API, refer to: 18 | * [Examples](https://github.com/zaproxy/zap-api-python/tree/main/src/examples) - collection of examples using the library; 19 | * [API Documentation](https://www.zaproxy.org/docs/api/) 20 | * [ZAP User Group](https://groups.google.com/group/zaproxy-users) - for asking questions; 21 | 22 | ## Issues 23 | 24 | To report issues related to ZAP API, bugs and enhancements requests, use the [issue tracker of the main ZAP project](https://github.com/zaproxy/zaproxy/issues). 25 | -------------------------------------------------------------------------------- /RELEASING.md: -------------------------------------------------------------------------------- 1 | ### Release to PyPi 2 | 3 | Example commands use the version `0.0.X`, it should be replaced accordingly to the version being released. 4 | 5 | Ensure the version is right in `pyproject.toml`. 6 | 7 | Tag (and push) the new version: 8 | 9 | git tag -s 0.0.X -m "Version 0.0.X." 10 | git push upstream 0.0.X 11 | 12 | The workflow [Release PyPI](https://github.com/zaproxy/zap-api-python/blob/main/.github/workflows/release.yml) 13 | will be triggered by the tag push and release to PyPI. 14 | -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- 1 | [build-system] 2 | requires = ["poetry-core"] 3 | build-backend = "poetry.core.masonry.api" 4 | 5 | [tool.poetry] 6 | name = "zaproxy" 7 | # Ensure __version__ in src/zapv2/__init__.py matches. 8 | version = "0.5.0" 9 | description = "ZAP API Client" 10 | readme = "README.md" 11 | authors = ["ZAP Development Team "] 12 | license = "Apache-2.0" 13 | 14 | homepage = "https://www.zaproxy.org/" 15 | repository = "https://github.com/zaproxy/zap-api-python.git" 16 | documentation = "https://www.zaproxy.org/docs/api/" 17 | 18 | classifiers = [ 19 | "License :: OSI Approved :: Apache Software License", 20 | "Development Status :: 5 - Production/Stable", 21 | "Topic :: Security", 22 | "Topic :: Software Development :: Libraries :: Python Modules", 23 | "Intended Audience :: Developers", 24 | "Intended Audience :: Information Technology", 25 | "Programming Language :: Python :: 3", 26 | "Programming Language :: Python :: 3.9", 27 | "Programming Language :: Python :: 3.10", 28 | "Programming Language :: Python :: 3.11", 29 | "Programming Language :: Python :: 3.12", 30 | ] 31 | 32 | packages = [ 33 | { include = "zapv2", from = "src" }, 34 | ] 35 | 36 | [tool.poetry.dependencies] 37 | python = "^3.9" 38 | requests = "^2.31.0" 39 | six = "^1.16.0" 40 | 41 | [tool.poetry.group.dev.dependencies] 42 | pylama = {extras = ["toml"], version = "^8.4.1"} 43 | pytest = "^8.2.0" 44 | mock = "^5.1.0" 45 | PyHamcrest = "^2.1.0" 46 | requests-mock = "^1.12.1" 47 | setuptools = ">=75.3,<81.0" 48 | 49 | [tool.pylama] 50 | linters = "pyflakes" 51 | 52 | [tool.pytest.ini_options] 53 | testpaths = [ 54 | "tests", 55 | ] 56 | -------------------------------------------------------------------------------- /src/examples/README.md: -------------------------------------------------------------------------------- 1 | # Examples 2 | 3 | This directory contains example Python scripts using the ZAP Python API. 4 | 5 | ## Other Scripts 6 | 7 | Other Python scripts, not contained in this repository, that use the ZAP Python API: 8 | 9 | - [zap-baseline.py](https://github.com/zaproxy/zaproxy/blob/main/docker/zap-baseline.py), for more information about the script refer to the [ZAP Baseline Scan](https://www.zaproxy.org/docs/docker/baseline-scan/) web page. 10 | -------------------------------------------------------------------------------- /src/examples/basic-spider-scan.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # A basic ZAP Python API example which spiders and scans a target URL 3 | 4 | import time 5 | from pprint import pprint 6 | from zapv2 import ZAPv2 7 | 8 | target = 'http://127.0.0.1' 9 | apikey = 'changeme' # Change to match the API key set in ZAP, or use None if the API key is disabled 10 | # 11 | # By default ZAP API client will connect to port 8080 12 | zap = ZAPv2(apikey=apikey) 13 | # Use the line below if ZAP is not listening on port 8080, for example, if listening on port 8090 14 | # zap = ZAPv2(apikey=apikey, proxies={'http': 'http://127.0.0.1:8090', 'https': 'http://127.0.0.1:8090'}) 15 | 16 | # Proxy a request to the target so that ZAP has something to deal with 17 | print('Accessing target {}'.format(target)) 18 | zap.urlopen(target) 19 | # Give the sites tree a chance to get updated 20 | time.sleep(2) 21 | 22 | print('Spidering target {}'.format(target)) 23 | scanid = zap.spider.scan(target) 24 | # Give the Spider a chance to start 25 | time.sleep(2) 26 | while (int(zap.spider.status(scanid)) < 100): 27 | # Loop until the spider has finished 28 | print('Spider progress %: {}'.format(zap.spider.status(scanid))) 29 | time.sleep(2) 30 | 31 | print ('Spider completed') 32 | 33 | while (int(zap.pscan.records_to_scan) > 0): 34 | print ('Records to passive scan : {}'.format(zap.pscan.records_to_scan)) 35 | time.sleep(2) 36 | 37 | print ('Passive Scan completed') 38 | 39 | print ('Active Scanning target {}'.format(target)) 40 | scanid = zap.ascan.scan(target) 41 | while (int(zap.ascan.status(scanid)) < 100): 42 | # Loop until the scanner has finished 43 | print ('Scan progress %: {}'.format(zap.ascan.status(scanid))) 44 | time.sleep(5) 45 | 46 | print ('Active Scan completed') 47 | 48 | # Report the results 49 | 50 | print ('Hosts: {}'.format(', '.join(zap.core.hosts))) 51 | print ('Alerts: ') 52 | pprint (zap.core.alerts()) 53 | -------------------------------------------------------------------------------- /src/zapv2/__init__.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2012 ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | Client implementation for using the ZAP pentesting proxy remotely. 20 | """ 21 | 22 | __docformat__ = 'restructuredtext' 23 | __version__ = '0.5.0' 24 | 25 | import requests 26 | from requests.packages.urllib3.exceptions import InsecureRequestWarning 27 | 28 | from .accessControl import accessControl 29 | from .acsrf import acsrf 30 | from .alert import alert 31 | from .alertFilter import alertFilter 32 | from .ascan import ascan 33 | from .ajaxSpider import ajaxSpider 34 | from .authentication import authentication 35 | from .authorization import authorization 36 | from .automation import automation 37 | from .autoupdate import autoupdate 38 | from .brk import brk 39 | from .context import context 40 | from .core import core 41 | from .custompayloads import custompayloads 42 | from .exim import exim 43 | from .forcedUser import forcedUser 44 | from .graphql import graphql 45 | from .httpSessions import httpSessions 46 | from .localProxies import localProxies 47 | from .network import network 48 | from .oast import oast 49 | from .openapi import openapi 50 | from .params import params 51 | from .pnh import pnh 52 | from .pscan import pscan 53 | from .replacer import replacer 54 | from .reports import reports 55 | from .retest import retest 56 | from .reveal import reveal 57 | from .revisit import revisit 58 | from .ruleConfig import ruleConfig 59 | from .script import script 60 | from .search import search 61 | from .selenium import selenium 62 | from .sessionManagement import sessionManagement 63 | from .soap import soap 64 | from .spider import spider 65 | from .stats import stats 66 | from .users import users 67 | from .wappalyzer import wappalyzer 68 | from .websocket import websocket 69 | 70 | 71 | class ZAPv2(object): 72 | """ 73 | Client API implementation for integrating with ZAP v2. 74 | """ 75 | base = 'http://zap/JSON/' 76 | base_other = 'http://zap/OTHER/' 77 | 78 | def __init__(self, proxies=None, apikey=None, validate_status_code=False): 79 | """ 80 | Creates an instance of the ZAP api client. 81 | 82 | :Parameters: 83 | - `proxies`: dictionary of ZAP proxies to use. 84 | 85 | Note that all of the other classes in this directory are generated 86 | new ones will need to be manually added to this file 87 | """ 88 | self.__proxies = proxies or { 89 | 'http': 'http://127.0.0.1:8080', 90 | 'https': 'http://127.0.0.1:8080' 91 | } 92 | self.__apikey = apikey 93 | self.__validate_status_code=validate_status_code 94 | 95 | self.accessControl = accessControl(self) 96 | self.acsrf = acsrf(self) 97 | self.alert = alert(self) 98 | self.alertFilter = alertFilter(self) 99 | self.ajaxSpider = ajaxSpider(self) 100 | self.ascan = ascan(self) 101 | self.authentication = authentication(self) 102 | self.authorization = authorization(self) 103 | self.automation = automation(self) 104 | self.autoupdate = autoupdate(self) 105 | self.brk = brk(self) 106 | self.context = context(self) 107 | self.core = core(self) 108 | self.custompayloads = custompayloads(self) 109 | self.exim = exim(self) 110 | self.forcedUser = forcedUser(self) 111 | self.graphql = graphql(self) 112 | self.httpsessions = httpSessions(self) 113 | self.localProxies = localProxies(self) 114 | self.network = network(self) 115 | self.oast = oast(self) 116 | self.openapi = openapi(self) 117 | self.params = params(self) 118 | self.pnh = pnh(self) 119 | self.pscan = pscan(self) 120 | self.replacer = replacer(self) 121 | self.reports = reports(self) 122 | self.retest = retest(self) 123 | self.reveal = reveal(self) 124 | self.revisit = revisit(self) 125 | self.ruleConfig = ruleConfig(self) 126 | self.script = script(self) 127 | self.search = search(self) 128 | self.selenium = selenium(self) 129 | self.sessionManagement = sessionManagement(self) 130 | self.soap = soap(self) 131 | self.spider = spider(self) 132 | self.stats = stats(self) 133 | self.users = users(self) 134 | self.wappalyzer = wappalyzer(self) 135 | self.websocket = websocket(self) 136 | 137 | # not very nice, but prevents warnings when accessing the ZAP API via https 138 | requests.packages.urllib3.disable_warnings(InsecureRequestWarning) 139 | 140 | # Currently create a new session for each request to prevent request failing 141 | # e.g. when polling the spider status 142 | #self.session = requests.Session() 143 | #if apikey is not None: 144 | # self.session.headers['X-ZAP-API-Key'] = apikey 145 | 146 | def urlopen(self, url, *args, **kwargs): 147 | """ 148 | Opens a url forcing the proxies to be used. 149 | 150 | :Parameters: 151 | - `args`: all non-keyword arguments. 152 | - `kwargs`: all other keyword arguments. 153 | """ 154 | # Must never leak the API key via proxied requests 155 | return requests.get(url, proxies=self.__proxies, verify=False, *args, **kwargs).text 156 | 157 | def _request_api(self, url, query=None, method="GET", body=None): 158 | """ 159 | Shortcut for an API request. Will always add the apikey (if defined) 160 | 161 | :Parameters: 162 | - `url`: the url. 163 | - `query`: Dictionary, list of tuples or bytes to send in the query string of the request. 164 | - `method`: String, the method of the request. 165 | - `body`: Dictionary, list of tuples, bytes, or file-like object to send in the body of the request. 166 | """ 167 | if not url.startswith('http://zap/'): 168 | # Only allow requests to the API so that we never leak the apikey 169 | raise ValueError('A non ZAP API url was specified ' + url) 170 | 171 | # In theory we should be able to reuse the session, 172 | # but there have been problems with that 173 | self.session = requests.Session() 174 | if self.__apikey is not None: 175 | self.session.headers['X-ZAP-API-Key'] = self.__apikey 176 | 177 | response = self.session.request(method, url, params=query, data=body, proxies=self.__proxies, verify=False) 178 | 179 | if (self.__validate_status_code and response.status_code >= 300 and response.status_code < 500): 180 | raise Exception("Non-successful status code returned from ZAP, which indicates a bad request: " 181 | + str(response.status_code) 182 | + "response: " + response.text ) 183 | elif (self.__validate_status_code and response.status_code >= 500): 184 | raise Exception("Non-successful status code returned from ZAP, which indicates a ZAP internal error: " 185 | + str(response.status_code) 186 | + "response: " + response.text ) 187 | return response 188 | 189 | def _request(self, url, get=None, method="GET", body=None): 190 | """ 191 | Shortcut for an API request. 192 | 193 | :Parameters: 194 | - `url`: the url. 195 | - `get`: the dictionary to turn into GET variables. 196 | - `method`: the method to request. 197 | - `body`: the data to send in the body. 198 | """ 199 | data = self._request_api(url, get, method, body) 200 | return data.json() 201 | 202 | def _request_other(self, url, get=None, method="GET", body=None): 203 | """ 204 | Shortcut for an API OTHER request. 205 | 206 | :Parameters: 207 | - `url`: the url. 208 | - `get`: the dictionary to turn into GET variables. 209 | - `method`: the method to request. 210 | - `body`: the data to send in the body. 211 | """ 212 | data = self._request_api(url, get, method, body) 213 | return data.text 214 | -------------------------------------------------------------------------------- /src/zapv2/accessControl.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class accessControl(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | def get_scan_progress(self, contextid): 31 | """ 32 | Gets the Access Control scan progress (percentage integer) for the given context ID. 33 | This component is optional and therefore the API will only work if it is installed 34 | """ 35 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'accessControl/view/getScanProgress/', {'contextId': contextid}))) 36 | 37 | def get_scan_status(self, contextid): 38 | """ 39 | Gets the Access Control scan status (description string) for the given context ID. 40 | This component is optional and therefore the API will only work if it is installed 41 | """ 42 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'accessControl/view/getScanStatus/', {'contextId': contextid}))) 43 | 44 | def scan(self, contextid, userid, scanasunauthuser=None, raisealert=None, alertrisklevel=None, apikey=''): 45 | """ 46 | Starts an Access Control scan with the given context ID and user ID. (Optional parameters: user ID for Unauthenticated user, boolean identifying whether or not Alerts are raised, and the Risk level for the Alerts.) [This assumes the Access Control rules were previously established via ZAP gui and the necessary Context exported/imported.] 47 | This component is optional and therefore the API will only work if it is installed 48 | """ 49 | params = {'contextId': contextid, 'userId': userid} 50 | if scanasunauthuser is not None: 51 | params['scanAsUnAuthUser'] = scanasunauthuser 52 | if raisealert is not None: 53 | params['raiseAlert'] = raisealert 54 | if alertrisklevel is not None: 55 | params['alertRiskLevel'] = alertrisklevel 56 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'accessControl/action/scan/', params))) 57 | 58 | def write_htm_lreport(self, contextid, filename, apikey=''): 59 | """ 60 | Generates an Access Control report for the given context ID and saves it based on the provided filename (path). 61 | This component is optional and therefore the API will only work if it is installed 62 | """ 63 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'accessControl/action/writeHTMLreport/', {'contextId': contextid, 'fileName': filename}))) 64 | -------------------------------------------------------------------------------- /src/zapv2/acsrf.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class acsrf(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def option_tokens_names(self): 32 | """ 33 | Lists the names of all anti-CSRF tokens 34 | """ 35 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'acsrf/view/optionTokensNames/'))) 36 | 37 | @property 38 | def option_partial_matching_enabled(self): 39 | """ 40 | Define if ZAP should detect CSRF tokens by searching for partial matches 41 | """ 42 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'acsrf/view/optionPartialMatchingEnabled/'))) 43 | 44 | def add_option_token(self, string, apikey=''): 45 | """ 46 | Adds an anti-CSRF token with the given name, enabled by default 47 | """ 48 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'acsrf/action/addOptionToken/', {'String': string}))) 49 | 50 | def remove_option_token(self, string, apikey=''): 51 | """ 52 | Removes the anti-CSRF token with the given name 53 | """ 54 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'acsrf/action/removeOptionToken/', {'String': string}))) 55 | 56 | def set_option_partial_matching_enabled(self, boolean, apikey=''): 57 | """ 58 | Define if ZAP should detect CSRF tokens by searching for partial matches. 59 | """ 60 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'acsrf/action/setOptionPartialMatchingEnabled/', {'Boolean': boolean}))) 61 | 62 | def gen_form(self, hrefid, actionurl=None, apikey=''): 63 | """ 64 | Generate a form for testing lack of anti-CSRF tokens - typically invoked via ZAP 65 | """ 66 | params = {'hrefId': hrefid} 67 | if actionurl is not None: 68 | params['actionUrl'] = actionurl 69 | return (self.zap._request_other(self.zap.base_other + 'acsrf/other/genForm/', params)) 70 | -------------------------------------------------------------------------------- /src/zapv2/alert.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class alert(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | def alert(self, id): 31 | """ 32 | Gets the alert with the given ID, the corresponding HTTP message can be obtained with the 'messageId' field and 'message' API method 33 | """ 34 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/view/alert/', {'id': id}))) 35 | 36 | def alerts(self, baseurl=None, start=None, count=None, riskid=None, contextname=None): 37 | """ 38 | Gets the alerts raised by ZAP, optionally filtering by URL or riskId, and paginating with 'start' position and 'count' of alerts 39 | """ 40 | params = {} 41 | if baseurl is not None: 42 | params['baseurl'] = baseurl 43 | if start is not None: 44 | params['start'] = start 45 | if count is not None: 46 | params['count'] = count 47 | if riskid is not None: 48 | params['riskId'] = riskid 49 | if contextname is not None: 50 | params['contextName'] = contextname 51 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/view/alerts/', params))) 52 | 53 | def alerts_summary(self, baseurl=None): 54 | """ 55 | Gets number of alerts grouped by each risk level, optionally filtering by URL 56 | """ 57 | params = {} 58 | if baseurl is not None: 59 | params['baseurl'] = baseurl 60 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/view/alertsSummary/', params))) 61 | 62 | def number_of_alerts(self, baseurl=None, riskid=None): 63 | """ 64 | Gets the number of alerts, optionally filtering by URL or riskId 65 | """ 66 | params = {} 67 | if baseurl is not None: 68 | params['baseurl'] = baseurl 69 | if riskid is not None: 70 | params['riskId'] = riskid 71 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/view/numberOfAlerts/', params))) 72 | 73 | def alerts_by_risk(self, url=None, recurse=None): 74 | """ 75 | Gets a summary of the alerts, optionally filtered by a 'url'. If 'recurse' is true then all alerts that apply to urls that start with the specified 'url' will be returned, otherwise only those on exactly the same 'url' (ignoring url parameters) 76 | """ 77 | params = {} 78 | if url is not None: 79 | params['url'] = url 80 | if recurse is not None: 81 | params['recurse'] = recurse 82 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/view/alertsByRisk/', params))) 83 | 84 | def alert_counts_by_risk(self, url=None, recurse=None): 85 | """ 86 | Gets a count of the alerts, optionally filtered as per alertsPerRisk 87 | """ 88 | params = {} 89 | if url is not None: 90 | params['url'] = url 91 | if recurse is not None: 92 | params['recurse'] = recurse 93 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/view/alertCountsByRisk/', params))) 94 | 95 | def delete_all_alerts(self, apikey=''): 96 | """ 97 | Deletes all alerts of the current session. 98 | """ 99 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/action/deleteAllAlerts/', {}))) 100 | 101 | def delete_alerts(self, contextname=None, baseurl=None, riskid=None, apikey=''): 102 | """ 103 | Deletes all the alerts optionally filtered by URL which fall within the Context with the provided name, risk, or base URL. 104 | """ 105 | params = {} 106 | if contextname is not None: 107 | params['contextName'] = contextname 108 | if baseurl is not None: 109 | params['baseurl'] = baseurl 110 | if riskid is not None: 111 | params['riskId'] = riskid 112 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/action/deleteAlerts/', params))) 113 | 114 | def delete_alert(self, id, apikey=''): 115 | """ 116 | Deletes the alert with the given ID. 117 | """ 118 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/action/deleteAlert/', {'id': id}))) 119 | 120 | def update_alerts_confidence(self, ids, confidenceid, apikey=''): 121 | """ 122 | Update the confidence of the alerts. 123 | """ 124 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/action/updateAlertsConfidence/', {'ids': ids, 'confidenceId': confidenceid}))) 125 | 126 | def update_alerts_risk(self, ids, riskid, apikey=''): 127 | """ 128 | Update the risk of the alerts. 129 | """ 130 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/action/updateAlertsRisk/', {'ids': ids, 'riskId': riskid}))) 131 | 132 | def update_alert(self, id, name, riskid, confidenceid, description, param=None, attack=None, otherinfo=None, solution=None, references=None, evidence=None, cweid=None, wascid=None, apikey=''): 133 | """ 134 | Update the alert with the given ID, with the provided details. 135 | """ 136 | params = {'id': id, 'name': name, 'riskId': riskid, 'confidenceId': confidenceid, 'description': description} 137 | if param is not None: 138 | params['param'] = param 139 | if attack is not None: 140 | params['attack'] = attack 141 | if otherinfo is not None: 142 | params['otherInfo'] = otherinfo 143 | if solution is not None: 144 | params['solution'] = solution 145 | if references is not None: 146 | params['references'] = references 147 | if evidence is not None: 148 | params['evidence'] = evidence 149 | if cweid is not None: 150 | params['cweId'] = cweid 151 | if wascid is not None: 152 | params['wascId'] = wascid 153 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/action/updateAlert/', params))) 154 | 155 | def add_alert(self, messageid, name, riskid, confidenceid, description, param=None, attack=None, otherinfo=None, solution=None, references=None, evidence=None, cweid=None, wascid=None, apikey=''): 156 | """ 157 | Add an alert associated with the given message ID, with the provided details. (The ID of the created alert is returned.) 158 | """ 159 | params = {'messageId': messageid, 'name': name, 'riskId': riskid, 'confidenceId': confidenceid, 'description': description} 160 | if param is not None: 161 | params['param'] = param 162 | if attack is not None: 163 | params['attack'] = attack 164 | if otherinfo is not None: 165 | params['otherInfo'] = otherinfo 166 | if solution is not None: 167 | params['solution'] = solution 168 | if references is not None: 169 | params['references'] = references 170 | if evidence is not None: 171 | params['evidence'] = evidence 172 | if cweid is not None: 173 | params['cweId'] = cweid 174 | if wascid is not None: 175 | params['wascId'] = wascid 176 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/action/addAlert/', params))) 177 | -------------------------------------------------------------------------------- /src/zapv2/alertFilter.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class alertFilter(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | def alert_filter_list(self, contextid): 31 | """ 32 | Lists the alert filters of the context with the given ID. 33 | This component is optional and therefore the API will only work if it is installed 34 | """ 35 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alertFilter/view/alertFilterList/', {'contextId': contextid}))) 36 | 37 | @property 38 | def global_alert_filter_list(self): 39 | """ 40 | Lists the global alert filters. 41 | This component is optional and therefore the API will only work if it is installed 42 | """ 43 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alertFilter/view/globalAlertFilterList/'))) 44 | 45 | def add_alert_filter(self, contextid, ruleid, newlevel, url=None, urlisregex=None, parameter=None, enabled=None, parameterisregex=None, attack=None, attackisregex=None, evidence=None, evidenceisregex=None, methods=None, apikey=''): 46 | """ 47 | Adds a new alert filter for the context with the given ID. 48 | This component is optional and therefore the API will only work if it is installed 49 | """ 50 | params = {'contextId': contextid, 'ruleId': ruleid, 'newLevel': newlevel} 51 | if url is not None: 52 | params['url'] = url 53 | if urlisregex is not None: 54 | params['urlIsRegex'] = urlisregex 55 | if parameter is not None: 56 | params['parameter'] = parameter 57 | if enabled is not None: 58 | params['enabled'] = enabled 59 | if parameterisregex is not None: 60 | params['parameterIsRegex'] = parameterisregex 61 | if attack is not None: 62 | params['attack'] = attack 63 | if attackisregex is not None: 64 | params['attackIsRegex'] = attackisregex 65 | if evidence is not None: 66 | params['evidence'] = evidence 67 | if evidenceisregex is not None: 68 | params['evidenceIsRegex'] = evidenceisregex 69 | if methods is not None: 70 | params['methods'] = methods 71 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alertFilter/action/addAlertFilter/', params))) 72 | 73 | def remove_alert_filter(self, contextid, ruleid, newlevel, url=None, urlisregex=None, parameter=None, enabled=None, parameterisregex=None, attack=None, attackisregex=None, evidence=None, evidenceisregex=None, methods=None, apikey=''): 74 | """ 75 | Removes an alert filter from the context with the given ID. 76 | This component is optional and therefore the API will only work if it is installed 77 | """ 78 | params = {'contextId': contextid, 'ruleId': ruleid, 'newLevel': newlevel} 79 | if url is not None: 80 | params['url'] = url 81 | if urlisregex is not None: 82 | params['urlIsRegex'] = urlisregex 83 | if parameter is not None: 84 | params['parameter'] = parameter 85 | if enabled is not None: 86 | params['enabled'] = enabled 87 | if parameterisregex is not None: 88 | params['parameterIsRegex'] = parameterisregex 89 | if attack is not None: 90 | params['attack'] = attack 91 | if attackisregex is not None: 92 | params['attackIsRegex'] = attackisregex 93 | if evidence is not None: 94 | params['evidence'] = evidence 95 | if evidenceisregex is not None: 96 | params['evidenceIsRegex'] = evidenceisregex 97 | if methods is not None: 98 | params['methods'] = methods 99 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alertFilter/action/removeAlertFilter/', params))) 100 | 101 | def add_global_alert_filter(self, ruleid, newlevel, url=None, urlisregex=None, parameter=None, enabled=None, parameterisregex=None, attack=None, attackisregex=None, evidence=None, evidenceisregex=None, methods=None, apikey=''): 102 | """ 103 | Adds a new global alert filter. 104 | This component is optional and therefore the API will only work if it is installed 105 | """ 106 | params = {'ruleId': ruleid, 'newLevel': newlevel} 107 | if url is not None: 108 | params['url'] = url 109 | if urlisregex is not None: 110 | params['urlIsRegex'] = urlisregex 111 | if parameter is not None: 112 | params['parameter'] = parameter 113 | if enabled is not None: 114 | params['enabled'] = enabled 115 | if parameterisregex is not None: 116 | params['parameterIsRegex'] = parameterisregex 117 | if attack is not None: 118 | params['attack'] = attack 119 | if attackisregex is not None: 120 | params['attackIsRegex'] = attackisregex 121 | if evidence is not None: 122 | params['evidence'] = evidence 123 | if evidenceisregex is not None: 124 | params['evidenceIsRegex'] = evidenceisregex 125 | if methods is not None: 126 | params['methods'] = methods 127 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alertFilter/action/addGlobalAlertFilter/', params))) 128 | 129 | def remove_global_alert_filter(self, ruleid, newlevel, url=None, urlisregex=None, parameter=None, enabled=None, parameterisregex=None, attack=None, attackisregex=None, evidence=None, evidenceisregex=None, methods=None, apikey=''): 130 | """ 131 | Removes a global alert filter. 132 | This component is optional and therefore the API will only work if it is installed 133 | """ 134 | params = {'ruleId': ruleid, 'newLevel': newlevel} 135 | if url is not None: 136 | params['url'] = url 137 | if urlisregex is not None: 138 | params['urlIsRegex'] = urlisregex 139 | if parameter is not None: 140 | params['parameter'] = parameter 141 | if enabled is not None: 142 | params['enabled'] = enabled 143 | if parameterisregex is not None: 144 | params['parameterIsRegex'] = parameterisregex 145 | if attack is not None: 146 | params['attack'] = attack 147 | if attackisregex is not None: 148 | params['attackIsRegex'] = attackisregex 149 | if evidence is not None: 150 | params['evidence'] = evidence 151 | if evidenceisregex is not None: 152 | params['evidenceIsRegex'] = evidenceisregex 153 | if methods is not None: 154 | params['methods'] = methods 155 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alertFilter/action/removeGlobalAlertFilter/', params))) 156 | 157 | def apply_all(self, apikey=''): 158 | """ 159 | Applies all currently enabled Global and Context alert filters. 160 | This component is optional and therefore the API will only work if it is installed 161 | """ 162 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alertFilter/action/applyAll/', {}))) 163 | 164 | def apply_context(self, apikey=''): 165 | """ 166 | Applies all currently enabled Context alert filters. 167 | This component is optional and therefore the API will only work if it is installed 168 | """ 169 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alertFilter/action/applyContext/', {}))) 170 | 171 | def apply_global(self, apikey=''): 172 | """ 173 | Applies all currently enabled Global alert filters. 174 | This component is optional and therefore the API will only work if it is installed 175 | """ 176 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alertFilter/action/applyGlobal/', {}))) 177 | 178 | def test_all(self, apikey=''): 179 | """ 180 | Tests all currently enabled Global and Context alert filters. 181 | This component is optional and therefore the API will only work if it is installed 182 | """ 183 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alertFilter/action/testAll/', {}))) 184 | 185 | def test_context(self, apikey=''): 186 | """ 187 | Tests all currently enabled Context alert filters. 188 | This component is optional and therefore the API will only work if it is installed 189 | """ 190 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alertFilter/action/testContext/', {}))) 191 | 192 | def test_global(self, apikey=''): 193 | """ 194 | Tests all currently enabled Global alert filters. 195 | This component is optional and therefore the API will only work if it is installed 196 | """ 197 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'alertFilter/action/testGlobal/', {}))) 198 | -------------------------------------------------------------------------------- /src/zapv2/authentication.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class authentication(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def get_supported_authentication_methods(self): 32 | """ 33 | Gets the name of the authentication methods. 34 | """ 35 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'authentication/view/getSupportedAuthenticationMethods/'))) 36 | 37 | def get_authentication_method_config_params(self, authmethodname): 38 | """ 39 | Gets the configuration parameters for the authentication method with the given name. 40 | """ 41 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'authentication/view/getAuthenticationMethodConfigParams/', {'authMethodName': authmethodname}))) 42 | 43 | def get_authentication_method(self, contextid): 44 | """ 45 | Gets the name of the authentication method for the context with the given ID. 46 | """ 47 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'authentication/view/getAuthenticationMethod/', {'contextId': contextid}))) 48 | 49 | def get_logged_in_indicator(self, contextid): 50 | """ 51 | Gets the logged in indicator for the context with the given ID. 52 | """ 53 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'authentication/view/getLoggedInIndicator/', {'contextId': contextid}))) 54 | 55 | def get_logged_out_indicator(self, contextid): 56 | """ 57 | Gets the logged out indicator for the context with the given ID. 58 | """ 59 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'authentication/view/getLoggedOutIndicator/', {'contextId': contextid}))) 60 | 61 | def set_authentication_method(self, contextid, authmethodname, authmethodconfigparams=None, apikey=''): 62 | """ 63 | Sets the authentication method for the context with the given ID. 64 | """ 65 | params = {'contextId': contextid, 'authMethodName': authmethodname} 66 | if authmethodconfigparams is not None: 67 | params['authMethodConfigParams'] = authmethodconfigparams 68 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'authentication/action/setAuthenticationMethod/', params))) 69 | 70 | def set_logged_in_indicator(self, contextid, loggedinindicatorregex, apikey=''): 71 | """ 72 | Sets the logged in indicator for the context with the given ID. 73 | """ 74 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'authentication/action/setLoggedInIndicator/', {'contextId': contextid, 'loggedInIndicatorRegex': loggedinindicatorregex}))) 75 | 76 | def set_logged_out_indicator(self, contextid, loggedoutindicatorregex, apikey=''): 77 | """ 78 | Sets the logged out indicator for the context with the given ID. 79 | """ 80 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'authentication/action/setLoggedOutIndicator/', {'contextId': contextid, 'loggedOutIndicatorRegex': loggedoutindicatorregex}))) 81 | -------------------------------------------------------------------------------- /src/zapv2/authorization.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class authorization(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | def get_authorization_detection_method(self, contextid): 31 | """ 32 | Obtains all the configuration of the authorization detection method that is currently set for a context. 33 | """ 34 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'authorization/view/getAuthorizationDetectionMethod/', {'contextId': contextid}))) 35 | 36 | def set_basic_authorization_detection_method(self, contextid, headerregex=None, bodyregex=None, statuscode=None, logicaloperator=None, apikey=''): 37 | """ 38 | Sets the authorization detection method for a context as one that identifies un-authorized messages based on: the message's status code or a regex pattern in the response's header or body. Also, whether all conditions must match or just some can be specified via the logicalOperator parameter, which accepts two values: "AND" (default), "OR". 39 | """ 40 | params = {'contextId': contextid} 41 | if headerregex is not None: 42 | params['headerRegex'] = headerregex 43 | if bodyregex is not None: 44 | params['bodyRegex'] = bodyregex 45 | if statuscode is not None: 46 | params['statusCode'] = statuscode 47 | if logicaloperator is not None: 48 | params['logicalOperator'] = logicaloperator 49 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'authorization/action/setBasicAuthorizationDetectionMethod/', params))) 50 | -------------------------------------------------------------------------------- /src/zapv2/automation.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class automation(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | def plan_progress(self, planid): 31 | """ 32 | This component is optional and therefore the API will only work if it is installed 33 | """ 34 | return (self.zap._request(self.zap.base + 'automation/view/planProgress/', {'planId': planid})) 35 | 36 | def run_plan(self, filepath, apikey=''): 37 | """ 38 | This component is optional and therefore the API will only work if it is installed 39 | """ 40 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'automation/action/runPlan/', {'filePath': filepath}))) 41 | 42 | def end_delay_job(self, apikey=''): 43 | """ 44 | This component is optional and therefore the API will only work if it is installed 45 | """ 46 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'automation/action/endDelayJob/', {}))) 47 | -------------------------------------------------------------------------------- /src/zapv2/autoupdate.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class autoupdate(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def latest_version_number(self): 32 | """ 33 | Returns the latest version number 34 | """ 35 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/latestVersionNumber/'))) 36 | 37 | @property 38 | def is_latest_version(self): 39 | """ 40 | Returns 'true' if ZAP is on the latest version 41 | """ 42 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/isLatestVersion/'))) 43 | 44 | @property 45 | def installed_addons(self): 46 | """ 47 | Return a list of all of the installed add-ons 48 | """ 49 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/installedAddons/'))) 50 | 51 | @property 52 | def local_addons(self): 53 | """ 54 | Returns a list with all local add-ons, installed or not. 55 | """ 56 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/localAddons/'))) 57 | 58 | @property 59 | def new_addons(self): 60 | """ 61 | Return a list of any add-ons that have been added to the Marketplace since the last check for updates 62 | """ 63 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/newAddons/'))) 64 | 65 | @property 66 | def updated_addons(self): 67 | """ 68 | Return a list of any add-ons that have been changed in the Marketplace since the last check for updates 69 | """ 70 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/updatedAddons/'))) 71 | 72 | @property 73 | def marketplace_addons(self): 74 | """ 75 | Return a list of all of the add-ons on the ZAP Marketplace (this information is read once and then cached) 76 | """ 77 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/marketplaceAddons/'))) 78 | 79 | @property 80 | def option_addon_directories(self): 81 | """ 82 | 83 | """ 84 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/optionAddonDirectories/'))) 85 | 86 | @property 87 | def option_day_last_checked(self): 88 | """ 89 | 90 | """ 91 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/optionDayLastChecked/'))) 92 | 93 | @property 94 | def option_day_last_install_warned(self): 95 | """ 96 | 97 | """ 98 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/optionDayLastInstallWarned/'))) 99 | 100 | @property 101 | def option_day_last_update_warned(self): 102 | """ 103 | 104 | """ 105 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/optionDayLastUpdateWarned/'))) 106 | 107 | @property 108 | def option_download_directory(self): 109 | """ 110 | 111 | """ 112 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/optionDownloadDirectory/'))) 113 | 114 | @property 115 | def option_check_addon_updates(self): 116 | """ 117 | 118 | """ 119 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/optionCheckAddonUpdates/'))) 120 | 121 | @property 122 | def option_check_on_start(self): 123 | """ 124 | 125 | """ 126 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/optionCheckOnStart/'))) 127 | 128 | @property 129 | def option_download_new_release(self): 130 | """ 131 | 132 | """ 133 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/optionDownloadNewRelease/'))) 134 | 135 | @property 136 | def option_install_addon_updates(self): 137 | """ 138 | 139 | """ 140 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/optionInstallAddonUpdates/'))) 141 | 142 | @property 143 | def option_install_scanner_rules(self): 144 | """ 145 | 146 | """ 147 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/optionInstallScannerRules/'))) 148 | 149 | @property 150 | def option_report_alpha_addons(self): 151 | """ 152 | 153 | """ 154 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/optionReportAlphaAddons/'))) 155 | 156 | @property 157 | def option_report_beta_addons(self): 158 | """ 159 | 160 | """ 161 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/optionReportBetaAddons/'))) 162 | 163 | @property 164 | def option_report_release_addons(self): 165 | """ 166 | 167 | """ 168 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/optionReportReleaseAddons/'))) 169 | 170 | def download_latest_release(self, apikey=''): 171 | """ 172 | Downloads the latest release, if any 173 | """ 174 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/action/downloadLatestRelease/', {}))) 175 | 176 | def install_addon(self, id, apikey=''): 177 | """ 178 | Installs or updates the specified add-on, returning when complete (i.e. not asynchronously) 179 | """ 180 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/action/installAddon/', {'id': id}))) 181 | 182 | def install_local_addon(self, file, apikey=''): 183 | """ 184 | 185 | """ 186 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/action/installLocalAddon/', {'file': file}))) 187 | 188 | def uninstall_addon(self, id, apikey=''): 189 | """ 190 | Uninstalls the specified add-on 191 | """ 192 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/action/uninstallAddon/', {'id': id}))) 193 | 194 | def set_option_check_addon_updates(self, boolean, apikey=''): 195 | """ 196 | 197 | """ 198 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/action/setOptionCheckAddonUpdates/', {'Boolean': boolean}))) 199 | 200 | def set_option_check_on_start(self, boolean, apikey=''): 201 | """ 202 | 203 | """ 204 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/action/setOptionCheckOnStart/', {'Boolean': boolean}))) 205 | 206 | def set_option_download_new_release(self, boolean, apikey=''): 207 | """ 208 | 209 | """ 210 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/action/setOptionDownloadNewRelease/', {'Boolean': boolean}))) 211 | 212 | def set_option_install_addon_updates(self, boolean, apikey=''): 213 | """ 214 | 215 | """ 216 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/action/setOptionInstallAddonUpdates/', {'Boolean': boolean}))) 217 | 218 | def set_option_install_scanner_rules(self, boolean, apikey=''): 219 | """ 220 | 221 | """ 222 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/action/setOptionInstallScannerRules/', {'Boolean': boolean}))) 223 | 224 | def set_option_report_alpha_addons(self, boolean, apikey=''): 225 | """ 226 | 227 | """ 228 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/action/setOptionReportAlphaAddons/', {'Boolean': boolean}))) 229 | 230 | def set_option_report_beta_addons(self, boolean, apikey=''): 231 | """ 232 | 233 | """ 234 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/action/setOptionReportBetaAddons/', {'Boolean': boolean}))) 235 | 236 | def set_option_report_release_addons(self, boolean, apikey=''): 237 | """ 238 | 239 | """ 240 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/action/setOptionReportReleaseAddons/', {'Boolean': boolean}))) 241 | -------------------------------------------------------------------------------- /src/zapv2/brk.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class brk(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def is_break_all(self): 32 | """ 33 | Returns True if ZAP will break on both requests and responses 34 | """ 35 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'break/view/isBreakAll/'))) 36 | 37 | @property 38 | def is_break_request(self): 39 | """ 40 | Returns True if ZAP will break on requests 41 | """ 42 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'break/view/isBreakRequest/'))) 43 | 44 | @property 45 | def is_break_response(self): 46 | """ 47 | Returns True if ZAP will break on responses 48 | """ 49 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'break/view/isBreakResponse/'))) 50 | 51 | @property 52 | def http_message(self): 53 | """ 54 | Returns the HTTP message currently intercepted (if any) 55 | """ 56 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'break/view/httpMessage/'))) 57 | 58 | def brk(self, type, state, scope=None, apikey=''): 59 | """ 60 | Controls the global break functionality. The type may be one of: http-all, http-request or http-response. The state may be true (for turning break on for the specified type) or false (for turning break off). Scope is not currently used. 61 | """ 62 | params = {'type': type, 'state': state} 63 | if scope is not None: 64 | params['scope'] = scope 65 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'break/action/break/', params))) 66 | 67 | def set_http_message(self, httpheader, httpbody=None, apikey=''): 68 | """ 69 | Overwrites the currently intercepted message with the data provided 70 | """ 71 | params = {'httpHeader': httpheader} 72 | if httpbody is not None: 73 | params['httpBody'] = httpbody 74 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'break/action/setHttpMessage/', params))) 75 | 76 | def cont(self, apikey=''): 77 | """ 78 | Submits the currently intercepted message and unsets the global request/response breakpoints 79 | """ 80 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'break/action/continue/', {}))) 81 | 82 | def step(self, apikey=''): 83 | """ 84 | Submits the currently intercepted message, the next request or response will automatically be intercepted 85 | """ 86 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'break/action/step/', {}))) 87 | 88 | def drop(self, apikey=''): 89 | """ 90 | Drops the currently intercepted message 91 | """ 92 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'break/action/drop/', {}))) 93 | 94 | def add_http_breakpoint(self, string, location, match, inverse, ignorecase, apikey=''): 95 | """ 96 | Adds a custom HTTP breakpoint. The string is the string to match. Location may be one of: url, request_header, request_body, response_header or response_body. Match may be: contains or regex. Inverse (match) may be true or false. Lastly, ignorecase (when matching the string) may be true or false. 97 | """ 98 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'break/action/addHttpBreakpoint/', {'string': string, 'location': location, 'match': match, 'inverse': inverse, 'ignorecase': ignorecase}))) 99 | 100 | def remove_http_breakpoint(self, string, location, match, inverse, ignorecase, apikey=''): 101 | """ 102 | Removes the specified breakpoint 103 | """ 104 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'break/action/removeHttpBreakpoint/', {'string': string, 'location': location, 'match': match, 'inverse': inverse, 'ignorecase': ignorecase}))) 105 | -------------------------------------------------------------------------------- /src/zapv2/context.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class context(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def context_list(self): 32 | """ 33 | List context names of current session 34 | """ 35 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/view/contextList/'))) 36 | 37 | def exclude_regexs(self, contextname): 38 | """ 39 | List excluded regexs for context 40 | """ 41 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/view/excludeRegexs/', {'contextName': contextname}))) 42 | 43 | def include_regexs(self, contextname): 44 | """ 45 | List included regexs for context 46 | """ 47 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/view/includeRegexs/', {'contextName': contextname}))) 48 | 49 | def context(self, contextname): 50 | """ 51 | List the information about the named context 52 | """ 53 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/view/context/', {'contextName': contextname}))) 54 | 55 | @property 56 | def technology_list(self): 57 | """ 58 | Lists the names of all built in technologies 59 | """ 60 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/view/technologyList/'))) 61 | 62 | def included_technology_list(self, contextname): 63 | """ 64 | Lists the names of all technologies included in a context 65 | """ 66 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/view/includedTechnologyList/', {'contextName': contextname}))) 67 | 68 | def excluded_technology_list(self, contextname): 69 | """ 70 | Lists the names of all technologies excluded from a context 71 | """ 72 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/view/excludedTechnologyList/', {'contextName': contextname}))) 73 | 74 | def urls(self, contextname): 75 | """ 76 | Lists the URLs accessed through/by ZAP, that belong to the context with the given name. 77 | """ 78 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/view/urls/', {'contextName': contextname}))) 79 | 80 | def exclude_from_context(self, contextname, regex, apikey=''): 81 | """ 82 | Add exclude regex to context 83 | """ 84 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/action/excludeFromContext/', {'contextName': contextname, 'regex': regex}))) 85 | 86 | def include_in_context(self, contextname, regex, apikey=''): 87 | """ 88 | Add include regex to context 89 | """ 90 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/action/includeInContext/', {'contextName': contextname, 'regex': regex}))) 91 | 92 | def set_context_regexs(self, contextname, incregexs, excregexs, apikey=''): 93 | """ 94 | Set the regexs to include and exclude for a context, both supplied as JSON string arrays 95 | """ 96 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/action/setContextRegexs/', {'contextName': contextname, 'incRegexs': incregexs, 'excRegexs': excregexs}))) 97 | 98 | def set_context_checking_strategy(self, contextname, checkingstrategy, pollurl=None, polldata=None, pollheaders=None, pollfrequency=None, pollfrequencyunits=None, apikey=''): 99 | """ 100 | Set the checking strategy for a context - this defines how ZAP checks that a request is authenticated 101 | """ 102 | params = {'contextName': contextname, 'checkingStrategy': checkingstrategy} 103 | if pollurl is not None: 104 | params['pollUrl'] = pollurl 105 | if polldata is not None: 106 | params['pollData'] = polldata 107 | if pollheaders is not None: 108 | params['pollHeaders'] = pollheaders 109 | if pollfrequency is not None: 110 | params['pollFrequency'] = pollfrequency 111 | if pollfrequencyunits is not None: 112 | params['pollFrequencyUnits'] = pollfrequencyunits 113 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/action/setContextCheckingStrategy/', params))) 114 | 115 | def new_context(self, contextname, apikey=''): 116 | """ 117 | Creates a new context with the given name in the current session 118 | """ 119 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/action/newContext/', {'contextName': contextname}))) 120 | 121 | def remove_context(self, contextname, apikey=''): 122 | """ 123 | Removes a context in the current session 124 | """ 125 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/action/removeContext/', {'contextName': contextname}))) 126 | 127 | def export_context(self, contextname, contextfile, apikey=''): 128 | """ 129 | Exports the context with the given name to a file. If a relative file path is specified it will be resolved against the "contexts" directory in ZAP "home" dir. 130 | """ 131 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/action/exportContext/', {'contextName': contextname, 'contextFile': contextfile}))) 132 | 133 | def import_context(self, contextfile, apikey=''): 134 | """ 135 | Imports a context from a file. If a relative file path is specified it will be resolved against the "contexts" directory in ZAP "home" dir. 136 | """ 137 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/action/importContext/', {'contextFile': contextfile}))) 138 | 139 | def include_context_technologies(self, contextname, technologynames, apikey=''): 140 | """ 141 | Includes technologies with the given names, separated by a comma, to a context 142 | """ 143 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/action/includeContextTechnologies/', {'contextName': contextname, 'technologyNames': technologynames}))) 144 | 145 | def include_all_context_technologies(self, contextname, apikey=''): 146 | """ 147 | Includes all built in technologies in to a context 148 | """ 149 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/action/includeAllContextTechnologies/', {'contextName': contextname}))) 150 | 151 | def exclude_context_technologies(self, contextname, technologynames, apikey=''): 152 | """ 153 | Excludes technologies with the given names, separated by a comma, from a context 154 | """ 155 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/action/excludeContextTechnologies/', {'contextName': contextname, 'technologyNames': technologynames}))) 156 | 157 | def exclude_all_context_technologies(self, contextname, apikey=''): 158 | """ 159 | Excludes all built in technologies from a context 160 | """ 161 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/action/excludeAllContextTechnologies/', {'contextName': contextname}))) 162 | 163 | def set_context_in_scope(self, contextname, booleaninscope, apikey=''): 164 | """ 165 | Sets a context to in scope (contexts are in scope by default) 166 | """ 167 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/action/setContextInScope/', {'contextName': contextname, 'booleanInScope': booleaninscope}))) 168 | -------------------------------------------------------------------------------- /src/zapv2/custompayloads.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class custompayloads(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def custom_payloads_categories(self): 32 | """ 33 | Lists all available categories. 34 | This component is optional and therefore the API will only work if it is installed 35 | """ 36 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'custompayloads/view/customPayloadsCategories/'))) 37 | 38 | def custom_payloads(self, category=None): 39 | """ 40 | Lists all the payloads currently loaded (category, payload, enabled state). Optionally filtered by category. 41 | This component is optional and therefore the API will only work if it is installed 42 | """ 43 | params = {} 44 | if category is not None: 45 | params['category'] = category 46 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'custompayloads/view/customPayloads/', params))) 47 | 48 | def disable_custom_payloads(self, category=None, apikey=''): 49 | """ 50 | Disables payloads for a given category. 51 | This component is optional and therefore the API will only work if it is installed 52 | """ 53 | params = {} 54 | if category is not None: 55 | params['category'] = category 56 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'custompayloads/action/disableCustomPayloads/', params))) 57 | 58 | def enable_custom_payloads(self, category=None, apikey=''): 59 | """ 60 | Enables payloads for a given category. 61 | This component is optional and therefore the API will only work if it is installed 62 | """ 63 | params = {} 64 | if category is not None: 65 | params['category'] = category 66 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'custompayloads/action/enableCustomPayloads/', params))) 67 | 68 | def remove_custom_payload(self, category, payload=None, apikey=''): 69 | """ 70 | Removes a payload. 71 | This component is optional and therefore the API will only work if it is installed 72 | """ 73 | params = {'category': category} 74 | if payload is not None: 75 | params['payload'] = payload 76 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'custompayloads/action/removeCustomPayload/', params))) 77 | 78 | def add_custom_payload(self, category, payload=None, apikey=''): 79 | """ 80 | Adds a new payload. 81 | This component is optional and therefore the API will only work if it is installed 82 | """ 83 | params = {'category': category} 84 | if payload is not None: 85 | params['payload'] = payload 86 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'custompayloads/action/addCustomPayload/', params))) 87 | 88 | def enable_custom_payload(self, category, payload=None, apikey=''): 89 | """ 90 | Enables a given payload. 91 | This component is optional and therefore the API will only work if it is installed 92 | """ 93 | params = {'category': category} 94 | if payload is not None: 95 | params['payload'] = payload 96 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'custompayloads/action/enableCustomPayload/', params))) 97 | 98 | def disable_custom_payload(self, category, payload=None, apikey=''): 99 | """ 100 | Disables a given payload. 101 | This component is optional and therefore the API will only work if it is installed 102 | """ 103 | params = {'category': category} 104 | if payload is not None: 105 | params['payload'] = payload 106 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'custompayloads/action/disableCustomPayload/', params))) 107 | -------------------------------------------------------------------------------- /src/zapv2/exim.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class exim(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | def import_har(self, filepath, apikey=''): 31 | """ 32 | Imports a HAR file. 33 | This component is optional and therefore the API will only work if it is installed 34 | """ 35 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'exim/action/importHar/', {'filePath': filepath}))) 36 | 37 | def import_urls(self, filepath, apikey=''): 38 | """ 39 | Imports URLs (one per line) from the file with the given file system path. 40 | This component is optional and therefore the API will only work if it is installed 41 | """ 42 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'exim/action/importUrls/', {'filePath': filepath}))) 43 | 44 | def import_zap_logs(self, filepath, apikey=''): 45 | """ 46 | Imports previously exported ZAP messages from the file with the given file system path. 47 | This component is optional and therefore the API will only work if it is installed 48 | """ 49 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'exim/action/importZapLogs/', {'filePath': filepath}))) 50 | 51 | def import_modsec_2_logs(self, filepath, apikey=''): 52 | """ 53 | Imports ModSecurity2 logs from the file with the given file system path. 54 | This component is optional and therefore the API will only work if it is installed 55 | """ 56 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'exim/action/importModsec2Logs/', {'filePath': filepath}))) 57 | 58 | def export_sites_tree(self, filepath, apikey=''): 59 | """ 60 | Exports the Sites Tree in the Sites Tree YAML format. 61 | This component is optional and therefore the API will only work if it is installed 62 | """ 63 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'exim/action/exportSitesTree/', {'filePath': filepath}))) 64 | 65 | def prune_sites_tree(self, filepath, apikey=''): 66 | """ 67 | Prunes the Sites Tree based on a file in the Sites Tree YAML format. 68 | This component is optional and therefore the API will only work if it is installed 69 | """ 70 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'exim/action/pruneSitesTree/', {'filePath': filepath}))) 71 | 72 | def export_har(self, baseurl=None, start=None, count=None, apikey=''): 73 | """ 74 | Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages 75 | This component is optional and therefore the API will only work if it is installed 76 | """ 77 | params = {} 78 | if baseurl is not None: 79 | params['baseurl'] = baseurl 80 | if start is not None: 81 | params['start'] = start 82 | if count is not None: 83 | params['count'] = count 84 | return (self.zap._request_other(self.zap.base_other + 'exim/other/exportHar/', params)) 85 | 86 | def export_har_by_id(self, ids, apikey=''): 87 | """ 88 | Gets the HTTP messages with the given IDs, in HAR format. 89 | This component is optional and therefore the API will only work if it is installed 90 | """ 91 | return (self.zap._request_other(self.zap.base_other + 'exim/other/exportHarById/', {'ids': ids})) 92 | 93 | def send_har_request(self, request, followredirects=None, apikey=''): 94 | """ 95 | Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirections), custom manual requests are not allowed in 'Safe' mode nor in 'Protected' mode if out of scope. 96 | This component is optional and therefore the API will only work if it is installed 97 | """ 98 | params = {'request': request} 99 | if followredirects is not None: 100 | params['followRedirects'] = followredirects 101 | return (self.zap._request_other(self.zap.base_other + 'exim/other/sendHarRequest/', params)) 102 | -------------------------------------------------------------------------------- /src/zapv2/forcedUser.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class forcedUser(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def is_forced_user_mode_enabled(self): 32 | """ 33 | Returns 'true' if 'forced user' mode is enabled, 'false' otherwise 34 | """ 35 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'forcedUser/view/isForcedUserModeEnabled/'))) 36 | 37 | def get_forced_user(self, contextid): 38 | """ 39 | Gets the user (ID) set as 'forced user' for the given context (ID) 40 | """ 41 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'forcedUser/view/getForcedUser/', {'contextId': contextid}))) 42 | 43 | def set_forced_user(self, contextid, userid, apikey=''): 44 | """ 45 | Sets the user (ID) that should be used in 'forced user' mode for the given context (ID) 46 | """ 47 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'forcedUser/action/setForcedUser/', {'contextId': contextid, 'userId': userid}))) 48 | 49 | def set_forced_user_mode_enabled(self, boolean, apikey=''): 50 | """ 51 | Sets if 'forced user' mode should be enabled or not 52 | """ 53 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'forcedUser/action/setForcedUserModeEnabled/', {'boolean': boolean}))) 54 | -------------------------------------------------------------------------------- /src/zapv2/graphql.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2022 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class graphql(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def option_args_type(self): 32 | """ 33 | Returns how arguments are currently specified. 34 | This component is optional and therefore the API will only work if it is installed 35 | """ 36 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'graphql/view/optionArgsType/'))) 37 | 38 | @property 39 | def option_lenient_max_query_depth_enabled(self): 40 | """ 41 | Returns whether or not lenient maximum query generation depth is enabled. 42 | This component is optional and therefore the API will only work if it is installed 43 | """ 44 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'graphql/view/optionLenientMaxQueryDepthEnabled/'))) 45 | 46 | @property 47 | def option_max_additional_query_depth(self): 48 | """ 49 | Returns the current maximum additional query generation depth. 50 | This component is optional and therefore the API will only work if it is installed 51 | """ 52 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'graphql/view/optionMaxAdditionalQueryDepth/'))) 53 | 54 | @property 55 | def option_max_args_depth(self): 56 | """ 57 | Returns the current maximum arguments generation depth. 58 | This component is optional and therefore the API will only work if it is installed 59 | """ 60 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'graphql/view/optionMaxArgsDepth/'))) 61 | 62 | @property 63 | def option_max_query_depth(self): 64 | """ 65 | Returns the current maximum query generation depth. 66 | This component is optional and therefore the API will only work if it is installed 67 | """ 68 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'graphql/view/optionMaxQueryDepth/'))) 69 | 70 | @property 71 | def option_optional_args_enabled(self): 72 | """ 73 | Returns whether or not optional arguments are currently specified. 74 | This component is optional and therefore the API will only work if it is installed 75 | """ 76 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'graphql/view/optionOptionalArgsEnabled/'))) 77 | 78 | @property 79 | def option_query_gen_enabled(self): 80 | """ 81 | Returns whether the query generator is enabled. 82 | This component is optional and therefore the API will only work if it is installed 83 | """ 84 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'graphql/view/optionQueryGenEnabled/'))) 85 | 86 | @property 87 | def option_query_split_type(self): 88 | """ 89 | Returns the current level for which a single query is generated. 90 | This component is optional and therefore the API will only work if it is installed 91 | """ 92 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'graphql/view/optionQuerySplitType/'))) 93 | 94 | @property 95 | def option_request_method(self): 96 | """ 97 | Returns the current request method. 98 | This component is optional and therefore the API will only work if it is installed 99 | """ 100 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'graphql/view/optionRequestMethod/'))) 101 | 102 | def import_file(self, endurl, file, apikey=''): 103 | """ 104 | Imports a GraphQL Schema from a File. 105 | This component is optional and therefore the API will only work if it is installed 106 | """ 107 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'graphql/action/importFile/', {'endurl': endurl, 'file': file}))) 108 | 109 | def import_url(self, endurl, url=None, apikey=''): 110 | """ 111 | Imports a GraphQL Schema from a URL. 112 | This component is optional and therefore the API will only work if it is installed 113 | """ 114 | params = {'endurl': endurl} 115 | if url is not None: 116 | params['url'] = url 117 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'graphql/action/importUrl/', params))) 118 | 119 | def set_option_args_type(self, string, apikey=''): 120 | """ 121 | Sets how arguments are specified. 122 | This component is optional and therefore the API will only work if it is installed 123 | """ 124 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'graphql/action/setOptionArgsType/', {'String': string}))) 125 | 126 | def set_option_query_split_type(self, string, apikey=''): 127 | """ 128 | Sets the level for which a single query is generated. 129 | This component is optional and therefore the API will only work if it is installed 130 | """ 131 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'graphql/action/setOptionQuerySplitType/', {'String': string}))) 132 | 133 | def set_option_request_method(self, string, apikey=''): 134 | """ 135 | Sets the request method. 136 | This component is optional and therefore the API will only work if it is installed 137 | """ 138 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'graphql/action/setOptionRequestMethod/', {'String': string}))) 139 | 140 | def set_option_lenient_max_query_depth_enabled(self, boolean, apikey=''): 141 | """ 142 | Sets whether or not Maximum Query Depth is enforced leniently. 143 | This component is optional and therefore the API will only work if it is installed 144 | """ 145 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'graphql/action/setOptionLenientMaxQueryDepthEnabled/', {'Boolean': boolean}))) 146 | 147 | def set_option_max_additional_query_depth(self, integer, apikey=''): 148 | """ 149 | Sets the maximum additional query generation depth (used if enforced leniently). 150 | This component is optional and therefore the API will only work if it is installed 151 | """ 152 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'graphql/action/setOptionMaxAdditionalQueryDepth/', {'Integer': integer}))) 153 | 154 | def set_option_max_args_depth(self, integer, apikey=''): 155 | """ 156 | Sets the maximum arguments generation depth. 157 | This component is optional and therefore the API will only work if it is installed 158 | """ 159 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'graphql/action/setOptionMaxArgsDepth/', {'Integer': integer}))) 160 | 161 | def set_option_max_query_depth(self, integer, apikey=''): 162 | """ 163 | Sets the maximum query generation depth. 164 | This component is optional and therefore the API will only work if it is installed 165 | """ 166 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'graphql/action/setOptionMaxQueryDepth/', {'Integer': integer}))) 167 | 168 | def set_option_optional_args_enabled(self, boolean, apikey=''): 169 | """ 170 | Sets whether or not Optional Arguments should be specified. 171 | This component is optional and therefore the API will only work if it is installed 172 | """ 173 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'graphql/action/setOptionOptionalArgsEnabled/', {'Boolean': boolean}))) 174 | 175 | def set_option_query_gen_enabled(self, boolean, apikey=''): 176 | """ 177 | Sets whether the query generator is enabled. 178 | This component is optional and therefore the API will only work if it is installed 179 | """ 180 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'graphql/action/setOptionQueryGenEnabled/', {'Boolean': boolean}))) 181 | -------------------------------------------------------------------------------- /src/zapv2/httpSessions.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class httpSessions(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def sites(self): 32 | """ 33 | Gets all of the sites that have sessions. 34 | """ 35 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'httpSessions/view/sites/'))) 36 | 37 | def sessions(self, site, session=None): 38 | """ 39 | Gets the sessions for the given site. Optionally returning just the session with the given name. 40 | """ 41 | params = {'site': site} 42 | if session is not None: 43 | params['session'] = session 44 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'httpSessions/view/sessions/', params))) 45 | 46 | def active_session(self, site): 47 | """ 48 | Gets the name of the active session for the given site. 49 | """ 50 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'httpSessions/view/activeSession/', {'site': site}))) 51 | 52 | def session_tokens(self, site): 53 | """ 54 | Gets the names of the session tokens for the given site. 55 | """ 56 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'httpSessions/view/sessionTokens/', {'site': site}))) 57 | 58 | @property 59 | def default_session_tokens(self): 60 | """ 61 | Gets the default session tokens. 62 | """ 63 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'httpSessions/view/defaultSessionTokens/'))) 64 | 65 | def create_empty_session(self, site, session=None, apikey=''): 66 | """ 67 | Creates an empty session for the given site. Optionally with the given name. 68 | """ 69 | params = {'site': site} 70 | if session is not None: 71 | params['session'] = session 72 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'httpSessions/action/createEmptySession/', params))) 73 | 74 | def remove_session(self, site, session, apikey=''): 75 | """ 76 | Removes the session from the given site. 77 | """ 78 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'httpSessions/action/removeSession/', {'site': site, 'session': session}))) 79 | 80 | def set_active_session(self, site, session, apikey=''): 81 | """ 82 | Sets the given session as active for the given site. 83 | """ 84 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'httpSessions/action/setActiveSession/', {'site': site, 'session': session}))) 85 | 86 | def unset_active_session(self, site, apikey=''): 87 | """ 88 | Unsets the active session of the given site. 89 | """ 90 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'httpSessions/action/unsetActiveSession/', {'site': site}))) 91 | 92 | def add_session_token(self, site, sessiontoken, apikey=''): 93 | """ 94 | Adds the session token to the given site. 95 | """ 96 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'httpSessions/action/addSessionToken/', {'site': site, 'sessionToken': sessiontoken}))) 97 | 98 | def remove_session_token(self, site, sessiontoken, apikey=''): 99 | """ 100 | Removes the session token from the given site. 101 | """ 102 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'httpSessions/action/removeSessionToken/', {'site': site, 'sessionToken': sessiontoken}))) 103 | 104 | def set_session_token_value(self, site, session, sessiontoken, tokenvalue, apikey=''): 105 | """ 106 | Sets the value of the session token of the given session for the given site. 107 | """ 108 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'httpSessions/action/setSessionTokenValue/', {'site': site, 'session': session, 'sessionToken': sessiontoken, 'tokenValue': tokenvalue}))) 109 | 110 | def rename_session(self, site, oldsessionname, newsessionname, apikey=''): 111 | """ 112 | Renames the session of the given site. 113 | """ 114 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'httpSessions/action/renameSession/', {'site': site, 'oldSessionName': oldsessionname, 'newSessionName': newsessionname}))) 115 | 116 | def add_default_session_token(self, sessiontoken, tokenenabled=None, apikey=''): 117 | """ 118 | Adds a default session token with the given name and enabled state. 119 | """ 120 | params = {'sessionToken': sessiontoken} 121 | if tokenenabled is not None: 122 | params['tokenEnabled'] = tokenenabled 123 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'httpSessions/action/addDefaultSessionToken/', params))) 124 | 125 | def set_default_session_token_enabled(self, sessiontoken, tokenenabled, apikey=''): 126 | """ 127 | Sets whether or not the default session token with the given name is enabled. 128 | """ 129 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'httpSessions/action/setDefaultSessionTokenEnabled/', {'sessionToken': sessiontoken, 'tokenEnabled': tokenenabled}))) 130 | 131 | def remove_default_session_token(self, sessiontoken, apikey=''): 132 | """ 133 | Removes the default session token with the given name. 134 | """ 135 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'httpSessions/action/removeDefaultSessionToken/', {'sessionToken': sessiontoken}))) 136 | -------------------------------------------------------------------------------- /src/zapv2/localProxies.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2022 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class localProxies(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def additional_proxies(self): 32 | """ 33 | Gets all of the additional proxies that have been configured. 34 | """ 35 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'localProxies/view/additionalProxies/'))) 36 | 37 | def add_additional_proxy(self, address, port, behindnat=None, alwaysdecodezip=None, removeunsupportedencodings=None, apikey=''): 38 | """ 39 | Adds an new proxy using the details supplied. 40 | """ 41 | params = {'address': address, 'port': port} 42 | if behindnat is not None: 43 | params['behindNat'] = behindnat 44 | if alwaysdecodezip is not None: 45 | params['alwaysDecodeZip'] = alwaysdecodezip 46 | if removeunsupportedencodings is not None: 47 | params['removeUnsupportedEncodings'] = removeunsupportedencodings 48 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'localProxies/action/addAdditionalProxy/', params))) 49 | 50 | def remove_additional_proxy(self, address, port, apikey=''): 51 | """ 52 | Removes the additional proxy with the specified address and port. 53 | """ 54 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'localProxies/action/removeAdditionalProxy/', {'address': address, 'port': port}))) 55 | -------------------------------------------------------------------------------- /src/zapv2/oast.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class oast(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def get_active_scan_service(self): 32 | """ 33 | Gets the service used with the active scanner, if any. 34 | This component is optional and therefore the API will only work if it is installed 35 | """ 36 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/view/getActiveScanService/'))) 37 | 38 | @property 39 | def get_services(self): 40 | """ 41 | Gets all of the services. 42 | This component is optional and therefore the API will only work if it is installed 43 | """ 44 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/view/getServices/'))) 45 | 46 | @property 47 | def get_boast_options(self): 48 | """ 49 | Gets the BOAST options. 50 | This component is optional and therefore the API will only work if it is installed 51 | """ 52 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/view/getBoastOptions/'))) 53 | 54 | @property 55 | def get_callback_options(self): 56 | """ 57 | Gets the Callback options. 58 | This component is optional and therefore the API will only work if it is installed 59 | """ 60 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/view/getCallbackOptions/'))) 61 | 62 | @property 63 | def get_interactsh_options(self): 64 | """ 65 | Gets the Interactsh options. 66 | This component is optional and therefore the API will only work if it is installed 67 | """ 68 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/view/getInteractshOptions/'))) 69 | 70 | @property 71 | def get_days_to_keep_records(self): 72 | """ 73 | Gets the number of days the OAST records will be kept for. 74 | This component is optional and therefore the API will only work if it is installed 75 | """ 76 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/view/getDaysToKeepRecords/'))) 77 | 78 | def set_active_scan_service(self, name, apikey=''): 79 | """ 80 | Sets the service used with the active scanner. 81 | This component is optional and therefore the API will only work if it is installed 82 | """ 83 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/action/setActiveScanService/', {'name': name}))) 84 | 85 | def set_boast_options(self, server, pollinsecs, apikey=''): 86 | """ 87 | Sets the BOAST options. 88 | This component is optional and therefore the API will only work if it is installed 89 | """ 90 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/action/setBoastOptions/', {'server': server, 'pollInSecs': pollinsecs}))) 91 | 92 | def set_callback_options(self, localaddress, remoteaddress, port, apikey=''): 93 | """ 94 | Sets the Callback options. 95 | This component is optional and therefore the API will only work if it is installed 96 | """ 97 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/action/setCallbackOptions/', {'localAddress': localaddress, 'remoteAddress': remoteaddress, 'port': port}))) 98 | 99 | def set_interactsh_options(self, server, pollinsecs, authtoken, apikey=''): 100 | """ 101 | Sets the Interactsh options. 102 | This component is optional and therefore the API will only work if it is installed 103 | """ 104 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/action/setInteractshOptions/', {'server': server, 'pollInSecs': pollinsecs, 'authToken': authtoken}))) 105 | 106 | def set_days_to_keep_records(self, days, apikey=''): 107 | """ 108 | Sets the number of days the OAST records will be kept for. 109 | This component is optional and therefore the API will only work if it is installed 110 | """ 111 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/action/setDaysToKeepRecords/', {'days': days}))) 112 | -------------------------------------------------------------------------------- /src/zapv2/openapi.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2022 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class openapi(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | def import_file(self, file, target=None, contextid=None, apikey=''): 31 | """ 32 | Imports an OpenAPI definition from a local file. 33 | This component is optional and therefore the API will only work if it is installed 34 | """ 35 | params = {'file': file} 36 | if target is not None: 37 | params['target'] = target 38 | if contextid is not None: 39 | params['contextId'] = contextid 40 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'openapi/action/importFile/', params))) 41 | 42 | def import_url(self, url, hostoverride=None, contextid=None, apikey=''): 43 | """ 44 | Imports an OpenAPI definition from a URL. 45 | This component is optional and therefore the API will only work if it is installed 46 | """ 47 | params = {'url': url} 48 | if hostoverride is not None: 49 | params['hostOverride'] = hostoverride 50 | if contextid is not None: 51 | params['contextId'] = contextid 52 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'openapi/action/importUrl/', params))) 53 | -------------------------------------------------------------------------------- /src/zapv2/params.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class params(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | def params(self, site=None): 31 | """ 32 | Shows the parameters for the specified site, or for all sites if the site is not specified 33 | """ 34 | params = {} 35 | if site is not None: 36 | params['site'] = site 37 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'params/view/params/', params))) 38 | -------------------------------------------------------------------------------- /src/zapv2/pnh.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class pnh(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | def monitor(self, id, message, apikey=''): 31 | """ 32 | This component is optional and therefore the API will only work if it is installed 33 | """ 34 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pnh/action/monitor/', {'id': id, 'message': message}))) 35 | 36 | def oracle(self, id, apikey=''): 37 | """ 38 | This component is optional and therefore the API will only work if it is installed 39 | """ 40 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pnh/action/oracle/', {'id': id}))) 41 | 42 | def start_monitoring(self, url, apikey=''): 43 | """ 44 | This component is optional and therefore the API will only work if it is installed 45 | """ 46 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pnh/action/startMonitoring/', {'url': url}))) 47 | 48 | def stop_monitoring(self, id, apikey=''): 49 | """ 50 | This component is optional and therefore the API will only work if it is installed 51 | """ 52 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pnh/action/stopMonitoring/', {'id': id}))) 53 | 54 | def pnh(self, apikey=''): 55 | """ 56 | This component is optional and therefore the API will only work if it is installed 57 | """ 58 | return (self.zap._request_other(self.zap.base_other + 'pnh/other/pnh/', {})) 59 | 60 | def manifest(self, apikey=''): 61 | """ 62 | This component is optional and therefore the API will only work if it is installed 63 | """ 64 | return (self.zap._request_other(self.zap.base_other + 'pnh/other/manifest/', {})) 65 | 66 | def service(self, apikey=''): 67 | """ 68 | This component is optional and therefore the API will only work if it is installed 69 | """ 70 | return (self.zap._request_other(self.zap.base_other + 'pnh/other/service/', {})) 71 | 72 | def fx__pnh_xpi(self, apikey=''): 73 | """ 74 | This component is optional and therefore the API will only work if it is installed 75 | """ 76 | return (self.zap._request_other(self.zap.base_other + 'pnh/other/fx_pnh.xpi/', {})) 77 | -------------------------------------------------------------------------------- /src/zapv2/pscan.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class pscan(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def scan_only_in_scope(self): 32 | """ 33 | Tells whether or not the passive scan should be performed only on messages that are in scope. 34 | This component is optional and therefore the API will only work if it is installed 35 | """ 36 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/view/scanOnlyInScope/'))) 37 | 38 | @property 39 | def records_to_scan(self): 40 | """ 41 | The number of records the passive scanner still has to scan. 42 | This component is optional and therefore the API will only work if it is installed 43 | """ 44 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/view/recordsToScan/'))) 45 | 46 | @property 47 | def scanners(self): 48 | """ 49 | Lists all passive scan rules with their ID, name, enabled state, and alert threshold. 50 | This component is optional and therefore the API will only work if it is installed 51 | """ 52 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/view/scanners/'))) 53 | 54 | @property 55 | def current_rule(self): 56 | """ 57 | Shows information about the passive scan rule currently being run (if any). 58 | This component is optional and therefore the API will only work if it is installed 59 | """ 60 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/view/currentRule/'))) 61 | 62 | @property 63 | def current_tasks(self): 64 | """ 65 | Shows information about the passive scan tasks currently being run (if any). 66 | This component is optional and therefore the API will only work if it is installed 67 | """ 68 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/view/currentTasks/'))) 69 | 70 | @property 71 | def max_alerts_per_rule(self): 72 | """ 73 | Gets the maximum number of alerts a passive scan rule should raise. 74 | This component is optional and therefore the API will only work if it is installed 75 | """ 76 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/view/maxAlertsPerRule/'))) 77 | 78 | def set_enabled(self, enabled, apikey=''): 79 | """ 80 | Sets whether or not the passive scanning is enabled (Note: the enabled state is not persisted). 81 | This component is optional and therefore the API will only work if it is installed 82 | """ 83 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/setEnabled/', {'enabled': enabled}))) 84 | 85 | def set_scan_only_in_scope(self, onlyinscope, apikey=''): 86 | """ 87 | Sets whether or not the passive scan should be performed only on messages that are in scope. 88 | This component is optional and therefore the API will only work if it is installed 89 | """ 90 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/setScanOnlyInScope/', {'onlyInScope': onlyinscope}))) 91 | 92 | def enable_all_scanners(self, apikey=''): 93 | """ 94 | Enables all passive scan rules. 95 | This component is optional and therefore the API will only work if it is installed 96 | """ 97 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/enableAllScanners/', {}))) 98 | 99 | def disable_all_scanners(self, apikey=''): 100 | """ 101 | Disables all passive scan rules. 102 | This component is optional and therefore the API will only work if it is installed 103 | """ 104 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/disableAllScanners/', {}))) 105 | 106 | def enable_scanners(self, ids, apikey=''): 107 | """ 108 | Enables passive scan rules. 109 | This component is optional and therefore the API will only work if it is installed 110 | """ 111 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/enableScanners/', {'ids': ids}))) 112 | 113 | def disable_scanners(self, ids, apikey=''): 114 | """ 115 | Disables passive scan rules. 116 | This component is optional and therefore the API will only work if it is installed 117 | """ 118 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/disableScanners/', {'ids': ids}))) 119 | 120 | def set_scanner_alert_threshold(self, id, alertthreshold, apikey=''): 121 | """ 122 | Sets the alert threshold of a passive scan rule. 123 | This component is optional and therefore the API will only work if it is installed 124 | """ 125 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/setScannerAlertThreshold/', {'id': id, 'alertThreshold': alertthreshold}))) 126 | 127 | def set_max_alerts_per_rule(self, maxalerts, apikey=''): 128 | """ 129 | Sets the maximum number of alerts a passive scan rule can raise. 130 | This component is optional and therefore the API will only work if it is installed 131 | """ 132 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/setMaxAlertsPerRule/', {'maxAlerts': maxalerts}))) 133 | 134 | def disable_all_tags(self, apikey=''): 135 | """ 136 | Disables all passive scan tags. 137 | This component is optional and therefore the API will only work if it is installed 138 | """ 139 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/disableAllTags/', {}))) 140 | 141 | def enable_all_tags(self, apikey=''): 142 | """ 143 | Enables all passive scan tags. 144 | This component is optional and therefore the API will only work if it is installed 145 | """ 146 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/enableAllTags/', {}))) 147 | 148 | def clear_queue(self, apikey=''): 149 | """ 150 | Clears the passive scan queue. 151 | This component is optional and therefore the API will only work if it is installed 152 | """ 153 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/clearQueue/', {}))) 154 | -------------------------------------------------------------------------------- /src/zapv2/replacer.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class replacer(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def rules(self): 32 | """ 33 | Returns full details of all of the rules 34 | This component is optional and therefore the API will only work if it is installed 35 | """ 36 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'replacer/view/rules/'))) 37 | 38 | def add_rule(self, description, enabled, matchtype, matchregex, matchstring, replacement=None, initiators=None, url=None, apikey=''): 39 | """ 40 | Adds a replacer rule. For the parameters: desc is a user friendly description, enabled is true or false, matchType is one of [REQ_HEADER, REQ_HEADER_STR, REQ_BODY_STR, RESP_HEADER, RESP_HEADER_STR, RESP_BODY_STR], matchRegex should be true if the matchString should be treated as a regex otherwise false, matchString is the string that will be matched against, replacement is the replacement string, initiators may be blank (for all initiators) or a comma separated list of integers as defined in Request Initiator Constants 41 | This component is optional and therefore the API will only work if it is installed 42 | """ 43 | params = {'description': description, 'enabled': enabled, 'matchType': matchtype, 'matchRegex': matchregex, 'matchString': matchstring} 44 | if replacement is not None: 45 | params['replacement'] = replacement 46 | if initiators is not None: 47 | params['initiators'] = initiators 48 | if url is not None: 49 | params['url'] = url 50 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'replacer/action/addRule/', params))) 51 | 52 | def remove_rule(self, description, apikey=''): 53 | """ 54 | Removes the rule with the given description 55 | This component is optional and therefore the API will only work if it is installed 56 | """ 57 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'replacer/action/removeRule/', {'description': description}))) 58 | 59 | def set_enabled(self, description, bool, apikey=''): 60 | """ 61 | Enables or disables the rule with the given description based on the bool parameter 62 | This component is optional and therefore the API will only work if it is installed 63 | """ 64 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'replacer/action/setEnabled/', {'description': description, 'bool': bool}))) 65 | -------------------------------------------------------------------------------- /src/zapv2/reports.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class reports(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def templates(self): 32 | """ 33 | View available templates. 34 | This component is optional and therefore the API will only work if it is installed 35 | """ 36 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'reports/view/templates/'))) 37 | 38 | def template_details(self, template): 39 | """ 40 | View details of the specified template. 41 | This component is optional and therefore the API will only work if it is installed 42 | """ 43 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'reports/view/templateDetails/', {'template': template}))) 44 | 45 | def generate(self, title, template, theme=None, description=None, contexts=None, sites=None, sections=None, includedconfidences=None, includedrisks=None, reportfilename=None, reportfilenamepattern=None, reportdir=None, display=None, apikey=''): 46 | """ 47 | Generate a report with the supplied parameters. 48 | This component is optional and therefore the API will only work if it is installed 49 | """ 50 | params = {'title': title, 'template': template} 51 | if theme is not None: 52 | params['theme'] = theme 53 | if description is not None: 54 | params['description'] = description 55 | if contexts is not None: 56 | params['contexts'] = contexts 57 | if sites is not None: 58 | params['sites'] = sites 59 | if sections is not None: 60 | params['sections'] = sections 61 | if includedconfidences is not None: 62 | params['includedConfidences'] = includedconfidences 63 | if includedrisks is not None: 64 | params['includedRisks'] = includedrisks 65 | if reportfilename is not None: 66 | params['reportFileName'] = reportfilename 67 | if reportfilenamepattern is not None: 68 | params['reportFileNamePattern'] = reportfilenamepattern 69 | if reportdir is not None: 70 | params['reportDir'] = reportdir 71 | if display is not None: 72 | params['display'] = display 73 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'reports/action/generate/', params))) 74 | -------------------------------------------------------------------------------- /src/zapv2/retest.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class retest(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | def retest(self, alertids, apikey=''): 31 | """ 32 | This component is optional and therefore the API will only work if it is installed 33 | """ 34 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'retest/action/retest/', {'alertIds': alertids}))) 35 | -------------------------------------------------------------------------------- /src/zapv2/reveal.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class reveal(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def reveal(self): 32 | """ 33 | Tells if shows hidden fields and enables disabled fields 34 | This component is optional and therefore the API will only work if it is installed 35 | """ 36 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'reveal/view/reveal/'))) 37 | 38 | def set_reveal(self, reveal, apikey=''): 39 | """ 40 | Sets if shows hidden fields and enables disabled fields 41 | This component is optional and therefore the API will only work if it is installed 42 | """ 43 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'reveal/action/setReveal/', {'reveal': reveal}))) 44 | -------------------------------------------------------------------------------- /src/zapv2/revisit.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class revisit(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def revisit_list(self): 32 | """ 33 | This component is optional and therefore the API will only work if it is installed 34 | """ 35 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'revisit/view/revisitList/'))) 36 | 37 | def revisit_site_on(self, site, starttime, endtime, apikey=''): 38 | """ 39 | This component is optional and therefore the API will only work if it is installed 40 | """ 41 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'revisit/action/revisitSiteOn/', {'site': site, 'startTime': starttime, 'endTime': endtime}))) 42 | 43 | def revisit_site_off(self, site, apikey=''): 44 | """ 45 | This component is optional and therefore the API will only work if it is installed 46 | """ 47 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'revisit/action/revisitSiteOff/', {'site': site}))) 48 | -------------------------------------------------------------------------------- /src/zapv2/ruleConfig.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class ruleConfig(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | def rule_config_value(self, key): 31 | """ 32 | Show the specified rule configuration 33 | """ 34 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'ruleConfig/view/ruleConfigValue/', {'key': key}))) 35 | 36 | @property 37 | def all_rule_configs(self): 38 | """ 39 | Show all of the rule configurations 40 | """ 41 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'ruleConfig/view/allRuleConfigs/'))) 42 | 43 | def reset_rule_config_value(self, key, apikey=''): 44 | """ 45 | Reset the specified rule configuration, which must already exist 46 | """ 47 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'ruleConfig/action/resetRuleConfigValue/', {'key': key}))) 48 | 49 | def reset_all_rule_config_values(self, apikey=''): 50 | """ 51 | Reset all of the rule configurations 52 | """ 53 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'ruleConfig/action/resetAllRuleConfigValues/', {}))) 54 | 55 | def set_rule_config_value(self, key, value=None, apikey=''): 56 | """ 57 | Set the specified rule configuration, which must already exist 58 | """ 59 | params = {'key': key} 60 | if value is not None: 61 | params['value'] = value 62 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'ruleConfig/action/setRuleConfigValue/', params))) 63 | -------------------------------------------------------------------------------- /src/zapv2/script.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class script(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def list_engines(self): 32 | """ 33 | Lists the script engines available 34 | This component is optional and therefore the API will only work if it is installed 35 | """ 36 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/listEngines/'))) 37 | 38 | @property 39 | def list_types(self): 40 | """ 41 | Lists the script types available. 42 | This component is optional and therefore the API will only work if it is installed 43 | """ 44 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/listTypes/'))) 45 | 46 | @property 47 | def list_scripts(self): 48 | """ 49 | Lists the scripts available, with its engine, name, description, type and error state. 50 | This component is optional and therefore the API will only work if it is installed 51 | """ 52 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/listScripts/'))) 53 | 54 | def global_var(self, varkey): 55 | """ 56 | Gets the value of the global variable with the given key. Returns an API error (DOES_NOT_EXIST) if no value was previously set. 57 | This component is optional and therefore the API will only work if it is installed 58 | """ 59 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/globalVar/', {'varKey': varkey}))) 60 | 61 | def global_custom_var(self, varkey): 62 | """ 63 | Gets the value (string representation) of a global custom variable. Returns an API error (DOES_NOT_EXIST) if no value was previously set. 64 | This component is optional and therefore the API will only work if it is installed 65 | """ 66 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/globalCustomVar/', {'varKey': varkey}))) 67 | 68 | @property 69 | def global_vars(self): 70 | """ 71 | Gets all the global variables (key/value pairs). 72 | This component is optional and therefore the API will only work if it is installed 73 | """ 74 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/globalVars/'))) 75 | 76 | @property 77 | def global_custom_vars(self): 78 | """ 79 | Gets all the global custom variables (key/value pairs, the value is the string representation). 80 | This component is optional and therefore the API will only work if it is installed 81 | """ 82 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/globalCustomVars/'))) 83 | 84 | def script_var(self, scriptname, varkey): 85 | """ 86 | Gets the value of the variable with the given key for the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists or if no value was previously set. 87 | This component is optional and therefore the API will only work if it is installed 88 | """ 89 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/scriptVar/', {'scriptName': scriptname, 'varKey': varkey}))) 90 | 91 | def script_custom_var(self, scriptname, varkey): 92 | """ 93 | Gets the value (string representation) of a custom variable. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists or if no value was previously set. 94 | This component is optional and therefore the API will only work if it is installed 95 | """ 96 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/scriptCustomVar/', {'scriptName': scriptname, 'varKey': varkey}))) 97 | 98 | def script_vars(self, scriptname): 99 | """ 100 | Gets all the variables (key/value pairs) of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists. 101 | This component is optional and therefore the API will only work if it is installed 102 | """ 103 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/scriptVars/', {'scriptName': scriptname}))) 104 | 105 | def script_custom_vars(self, scriptname): 106 | """ 107 | Gets all the custom variables (key/value pairs, the value is the string representation) of a script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists. 108 | This component is optional and therefore the API will only work if it is installed 109 | """ 110 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/scriptCustomVars/', {'scriptName': scriptname}))) 111 | 112 | def enable(self, scriptname, apikey=''): 113 | """ 114 | Enables the script with the given name 115 | This component is optional and therefore the API will only work if it is installed 116 | """ 117 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/enable/', {'scriptName': scriptname}))) 118 | 119 | def disable(self, scriptname, apikey=''): 120 | """ 121 | Disables the script with the given name 122 | This component is optional and therefore the API will only work if it is installed 123 | """ 124 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/disable/', {'scriptName': scriptname}))) 125 | 126 | def load(self, scriptname, scripttype, scriptengine, filename, scriptdescription=None, charset=None, apikey=''): 127 | """ 128 | Loads a script into ZAP from the given local file, with the given name, type and engine, optionally with a description, and a charset name to read the script (the charset name is required if the script is not in UTF-8, for example, in ISO-8859-1). 129 | This component is optional and therefore the API will only work if it is installed 130 | """ 131 | params = {'scriptName': scriptname, 'scriptType': scripttype, 'scriptEngine': scriptengine, 'fileName': filename} 132 | if scriptdescription is not None: 133 | params['scriptDescription'] = scriptdescription 134 | if charset is not None: 135 | params['charset'] = charset 136 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/load/', params))) 137 | 138 | def remove(self, scriptname, apikey=''): 139 | """ 140 | Removes the script with the given name 141 | This component is optional and therefore the API will only work if it is installed 142 | """ 143 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/remove/', {'scriptName': scriptname}))) 144 | 145 | def run_stand_alone_script(self, scriptname, apikey=''): 146 | """ 147 | Runs the stand alone script with the given name 148 | This component is optional and therefore the API will only work if it is installed 149 | """ 150 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/runStandAloneScript/', {'scriptName': scriptname}))) 151 | 152 | def clear_global_var(self, varkey, apikey=''): 153 | """ 154 | Clears the global variable with the given key. 155 | This component is optional and therefore the API will only work if it is installed 156 | """ 157 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/clearGlobalVar/', {'varKey': varkey}))) 158 | 159 | def clear_global_custom_var(self, varkey, apikey=''): 160 | """ 161 | Clears a global custom variable. 162 | This component is optional and therefore the API will only work if it is installed 163 | """ 164 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/clearGlobalCustomVar/', {'varKey': varkey}))) 165 | 166 | def clear_global_vars(self, apikey=''): 167 | """ 168 | Clears the global variables. 169 | This component is optional and therefore the API will only work if it is installed 170 | """ 171 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/clearGlobalVars/', {}))) 172 | 173 | def clear_script_var(self, scriptname, varkey, apikey=''): 174 | """ 175 | Clears the variable with the given key of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists. 176 | This component is optional and therefore the API will only work if it is installed 177 | """ 178 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/clearScriptVar/', {'scriptName': scriptname, 'varKey': varkey}))) 179 | 180 | def clear_script_custom_var(self, scriptname, varkey, apikey=''): 181 | """ 182 | Clears a script custom variable. 183 | This component is optional and therefore the API will only work if it is installed 184 | """ 185 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/clearScriptCustomVar/', {'scriptName': scriptname, 'varKey': varkey}))) 186 | 187 | def clear_script_vars(self, scriptname, apikey=''): 188 | """ 189 | Clears the variables of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists. 190 | This component is optional and therefore the API will only work if it is installed 191 | """ 192 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/clearScriptVars/', {'scriptName': scriptname}))) 193 | 194 | def set_script_var(self, scriptname, varkey, varvalue=None, apikey=''): 195 | """ 196 | Sets the value of the variable with the given key of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists. 197 | This component is optional and therefore the API will only work if it is installed 198 | """ 199 | params = {'scriptName': scriptname, 'varKey': varkey} 200 | if varvalue is not None: 201 | params['varValue'] = varvalue 202 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/setScriptVar/', params))) 203 | 204 | def set_global_var(self, varkey, varvalue=None, apikey=''): 205 | """ 206 | Sets the value of the global variable with the given key. 207 | This component is optional and therefore the API will only work if it is installed 208 | """ 209 | params = {'varKey': varkey} 210 | if varvalue is not None: 211 | params['varValue'] = varvalue 212 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/setGlobalVar/', params))) 213 | -------------------------------------------------------------------------------- /src/zapv2/search.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class search(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | def urls_by_url_regex(self, regex, baseurl=None, start=None, count=None): 31 | """ 32 | Returns the URLs of the HTTP messages that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages. 33 | """ 34 | params = {'regex': regex} 35 | if baseurl is not None: 36 | params['baseurl'] = baseurl 37 | if start is not None: 38 | params['start'] = start 39 | if count is not None: 40 | params['count'] = count 41 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'search/view/urlsByUrlRegex/', params))) 42 | 43 | def urls_by_tag_regex(self, regex, baseurl=None, start=None, count=None): 44 | """ 45 | Returns the URLs of the HTTP messages that match the given regular expression in their history Tags optionally filtered by URL and paginated with 'start' position and 'count' of messages. 46 | """ 47 | params = {'regex': regex} 48 | if baseurl is not None: 49 | params['baseurl'] = baseurl 50 | if start is not None: 51 | params['start'] = start 52 | if count is not None: 53 | params['count'] = count 54 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'search/view/urlsByTagRegex/', params))) 55 | 56 | def urls_by_note_regex(self, regex, baseurl=None, start=None, count=None): 57 | """ 58 | Returns the URLs of the HTTP messages that match the given regular expression in their note optionally filtered by URL and paginated with 'start' position and 'count' of messages. 59 | """ 60 | params = {'regex': regex} 61 | if baseurl is not None: 62 | params['baseurl'] = baseurl 63 | if start is not None: 64 | params['start'] = start 65 | if count is not None: 66 | params['count'] = count 67 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'search/view/urlsByNoteRegex/', params))) 68 | 69 | def urls_by_request_regex(self, regex, baseurl=None, start=None, count=None): 70 | """ 71 | Returns the URLs of the HTTP messages that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages. 72 | """ 73 | params = {'regex': regex} 74 | if baseurl is not None: 75 | params['baseurl'] = baseurl 76 | if start is not None: 77 | params['start'] = start 78 | if count is not None: 79 | params['count'] = count 80 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'search/view/urlsByRequestRegex/', params))) 81 | 82 | def urls_by_response_regex(self, regex, baseurl=None, start=None, count=None): 83 | """ 84 | Returns the URLs of the HTTP messages that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages. 85 | """ 86 | params = {'regex': regex} 87 | if baseurl is not None: 88 | params['baseurl'] = baseurl 89 | if start is not None: 90 | params['start'] = start 91 | if count is not None: 92 | params['count'] = count 93 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'search/view/urlsByResponseRegex/', params))) 94 | 95 | def urls_by_header_regex(self, regex, baseurl=None, start=None, count=None): 96 | """ 97 | Returns the URLs of the HTTP messages that match the given regular expression in the header(s) optionally filtered by URL and paginated with 'start' position and 'count' of messages. 98 | """ 99 | params = {'regex': regex} 100 | if baseurl is not None: 101 | params['baseurl'] = baseurl 102 | if start is not None: 103 | params['start'] = start 104 | if count is not None: 105 | params['count'] = count 106 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'search/view/urlsByHeaderRegex/', params))) 107 | 108 | def messages_by_url_regex(self, regex, baseurl=None, start=None, count=None): 109 | """ 110 | Returns the HTTP messages that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages. 111 | """ 112 | params = {'regex': regex} 113 | if baseurl is not None: 114 | params['baseurl'] = baseurl 115 | if start is not None: 116 | params['start'] = start 117 | if count is not None: 118 | params['count'] = count 119 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'search/view/messagesByUrlRegex/', params))) 120 | 121 | def messages_by_tag_regex(self, regex, baseurl=None, start=None, count=None): 122 | """ 123 | Returns the HTTP messages that match the given regular expression in their history Tags optionally filtered by URL and paginated with 'start' position and 'count' of messages. 124 | """ 125 | params = {'regex': regex} 126 | if baseurl is not None: 127 | params['baseurl'] = baseurl 128 | if start is not None: 129 | params['start'] = start 130 | if count is not None: 131 | params['count'] = count 132 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'search/view/messagesByTagRegex/', params))) 133 | 134 | def messages_by_note_regex(self, regex, baseurl=None, start=None, count=None): 135 | """ 136 | Returns the HTTP messages that match the given regular expression in their note optionally filtered by URL and paginated with 'start' position and 'count' of messages. 137 | """ 138 | params = {'regex': regex} 139 | if baseurl is not None: 140 | params['baseurl'] = baseurl 141 | if start is not None: 142 | params['start'] = start 143 | if count is not None: 144 | params['count'] = count 145 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'search/view/messagesByNoteRegex/', params))) 146 | 147 | def messages_by_request_regex(self, regex, baseurl=None, start=None, count=None): 148 | """ 149 | Returns the HTTP messages that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages. 150 | """ 151 | params = {'regex': regex} 152 | if baseurl is not None: 153 | params['baseurl'] = baseurl 154 | if start is not None: 155 | params['start'] = start 156 | if count is not None: 157 | params['count'] = count 158 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'search/view/messagesByRequestRegex/', params))) 159 | 160 | def messages_by_response_regex(self, regex, baseurl=None, start=None, count=None): 161 | """ 162 | Returns the HTTP messages that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages. 163 | """ 164 | params = {'regex': regex} 165 | if baseurl is not None: 166 | params['baseurl'] = baseurl 167 | if start is not None: 168 | params['start'] = start 169 | if count is not None: 170 | params['count'] = count 171 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'search/view/messagesByResponseRegex/', params))) 172 | 173 | def messages_by_header_regex(self, regex, baseurl=None, start=None, count=None): 174 | """ 175 | Returns the HTTP messages that match the given regular expression in the header(s) optionally filtered by URL and paginated with 'start' position and 'count' of messages. 176 | """ 177 | params = {'regex': regex} 178 | if baseurl is not None: 179 | params['baseurl'] = baseurl 180 | if start is not None: 181 | params['start'] = start 182 | if count is not None: 183 | params['count'] = count 184 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'search/view/messagesByHeaderRegex/', params))) 185 | 186 | def har_by_url_regex(self, regex, baseurl=None, start=None, count=None, apikey=''): 187 | """ 188 | Returns the HTTP messages, in HAR format, that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages. 189 | """ 190 | params = {'regex': regex} 191 | if baseurl is not None: 192 | params['baseurl'] = baseurl 193 | if start is not None: 194 | params['start'] = start 195 | if count is not None: 196 | params['count'] = count 197 | return (self.zap._request_other(self.zap.base_other + 'search/other/harByUrlRegex/', params)) 198 | 199 | def har_by_tag_regex(self, regex, baseurl=None, start=None, count=None, apikey=''): 200 | """ 201 | Returns the HTTP messages, in HAR format, that match the given regular expression in their history Tags optionally filtered by URL and paginated with 'start' position and 'count' of messages. 202 | """ 203 | params = {'regex': regex} 204 | if baseurl is not None: 205 | params['baseurl'] = baseurl 206 | if start is not None: 207 | params['start'] = start 208 | if count is not None: 209 | params['count'] = count 210 | return (self.zap._request_other(self.zap.base_other + 'search/other/harByTagRegex/', params)) 211 | 212 | def har_by_note_regex(self, regex, baseurl=None, start=None, count=None, apikey=''): 213 | """ 214 | Returns the HTTP messages, in HAR format, that match the given regular expression in their note optionally filtered by URL and paginated with 'start' position and 'count' of messages. 215 | """ 216 | params = {'regex': regex} 217 | if baseurl is not None: 218 | params['baseurl'] = baseurl 219 | if start is not None: 220 | params['start'] = start 221 | if count is not None: 222 | params['count'] = count 223 | return (self.zap._request_other(self.zap.base_other + 'search/other/harByNoteRegex/', params)) 224 | 225 | def har_by_request_regex(self, regex, baseurl=None, start=None, count=None, apikey=''): 226 | """ 227 | Returns the HTTP messages, in HAR format, that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages. 228 | """ 229 | params = {'regex': regex} 230 | if baseurl is not None: 231 | params['baseurl'] = baseurl 232 | if start is not None: 233 | params['start'] = start 234 | if count is not None: 235 | params['count'] = count 236 | return (self.zap._request_other(self.zap.base_other + 'search/other/harByRequestRegex/', params)) 237 | 238 | def har_by_response_regex(self, regex, baseurl=None, start=None, count=None, apikey=''): 239 | """ 240 | Returns the HTTP messages, in HAR format, that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages. 241 | """ 242 | params = {'regex': regex} 243 | if baseurl is not None: 244 | params['baseurl'] = baseurl 245 | if start is not None: 246 | params['start'] = start 247 | if count is not None: 248 | params['count'] = count 249 | return (self.zap._request_other(self.zap.base_other + 'search/other/harByResponseRegex/', params)) 250 | 251 | def har_by_header_regex(self, regex, baseurl=None, start=None, count=None, apikey=''): 252 | """ 253 | Returns the HTTP messages, in HAR format, that match the given regular expression in the header(s) optionally filtered by URL and paginated with 'start' position and 'count' of messages. 254 | """ 255 | params = {'regex': regex} 256 | if baseurl is not None: 257 | params['baseurl'] = baseurl 258 | if start is not None: 259 | params['start'] = start 260 | if count is not None: 261 | params['count'] = count 262 | return (self.zap._request_other(self.zap.base_other + 'search/other/harByHeaderRegex/', params)) 263 | -------------------------------------------------------------------------------- /src/zapv2/selenium.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class selenium(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def option_browser_extensions(self): 32 | """ 33 | This component is optional and therefore the API will only work if it is installed 34 | """ 35 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/view/optionBrowserExtensions/'))) 36 | 37 | @property 38 | def option_chrome_binary_path(self): 39 | """ 40 | Returns the current path to Chrome binary 41 | This component is optional and therefore the API will only work if it is installed 42 | """ 43 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/view/optionChromeBinaryPath/'))) 44 | 45 | @property 46 | def option_chrome_driver_path(self): 47 | """ 48 | Returns the current path to ChromeDriver 49 | This component is optional and therefore the API will only work if it is installed 50 | """ 51 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/view/optionChromeDriverPath/'))) 52 | 53 | @property 54 | def option_firefox_binary_path(self): 55 | """ 56 | Returns the current path to Firefox binary 57 | This component is optional and therefore the API will only work if it is installed 58 | """ 59 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/view/optionFirefoxBinaryPath/'))) 60 | 61 | @property 62 | def option_firefox_default_profile(self): 63 | """ 64 | This component is optional and therefore the API will only work if it is installed 65 | """ 66 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/view/optionFirefoxDefaultProfile/'))) 67 | 68 | @property 69 | def option_firefox_driver_path(self): 70 | """ 71 | Returns the current path to Firefox driver (geckodriver) 72 | This component is optional and therefore the API will only work if it is installed 73 | """ 74 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/view/optionFirefoxDriverPath/'))) 75 | 76 | @property 77 | def option_ie_driver_path(self): 78 | """ 79 | This component is optional and therefore the API will only work if it is installed 80 | """ 81 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/view/optionIeDriverPath/'))) 82 | 83 | @property 84 | def option_last_directory(self): 85 | """ 86 | This component is optional and therefore the API will only work if it is installed 87 | """ 88 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/view/optionLastDirectory/'))) 89 | 90 | @property 91 | def option_phantom_js_binary_path(self): 92 | """ 93 | This component is optional and therefore the API will only work if it is installed 94 | """ 95 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/view/optionPhantomJsBinaryPath/'))) 96 | 97 | def get_browser_arguments(self, browser): 98 | """ 99 | Gets the browser arguments. 100 | This component is optional and therefore the API will only work if it is installed 101 | """ 102 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/view/getBrowserArguments/', {'browser': browser}))) 103 | 104 | def set_option_chrome_binary_path(self, string, apikey=''): 105 | """ 106 | Sets the current path to Chrome binary 107 | This component is optional and therefore the API will only work if it is installed 108 | """ 109 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/action/setOptionChromeBinaryPath/', {'String': string}))) 110 | 111 | def set_option_chrome_driver_path(self, string, apikey=''): 112 | """ 113 | Sets the current path to ChromeDriver 114 | This component is optional and therefore the API will only work if it is installed 115 | """ 116 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/action/setOptionChromeDriverPath/', {'String': string}))) 117 | 118 | def set_option_firefox_binary_path(self, string, apikey=''): 119 | """ 120 | Sets the current path to Firefox binary 121 | This component is optional and therefore the API will only work if it is installed 122 | """ 123 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/action/setOptionFirefoxBinaryPath/', {'String': string}))) 124 | 125 | def set_option_firefox_default_profile(self, string, apikey=''): 126 | """ 127 | This component is optional and therefore the API will only work if it is installed 128 | """ 129 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/action/setOptionFirefoxDefaultProfile/', {'String': string}))) 130 | 131 | def set_option_firefox_driver_path(self, string, apikey=''): 132 | """ 133 | Sets the current path to Firefox driver (geckodriver) 134 | This component is optional and therefore the API will only work if it is installed 135 | """ 136 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/action/setOptionFirefoxDriverPath/', {'String': string}))) 137 | 138 | def set_option_ie_driver_path(self, string, apikey=''): 139 | """ 140 | This component is optional and therefore the API will only work if it is installed 141 | """ 142 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/action/setOptionIeDriverPath/', {'String': string}))) 143 | 144 | def set_option_last_directory(self, string, apikey=''): 145 | """ 146 | This component is optional and therefore the API will only work if it is installed 147 | """ 148 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/action/setOptionLastDirectory/', {'String': string}))) 149 | 150 | def set_option_phantom_js_binary_path(self, string, apikey=''): 151 | """ 152 | This component is optional and therefore the API will only work if it is installed 153 | """ 154 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/action/setOptionPhantomJsBinaryPath/', {'String': string}))) 155 | 156 | def add_browser_argument(self, browser, argument, enabled=None, apikey=''): 157 | """ 158 | Adds a browser argument. 159 | This component is optional and therefore the API will only work if it is installed 160 | """ 161 | params = {'browser': browser, 'argument': argument} 162 | if enabled is not None: 163 | params['enabled'] = enabled 164 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/action/addBrowserArgument/', params))) 165 | 166 | def launch_browser(self, browser, apikey=''): 167 | """ 168 | Launches a browser proxying through ZAP, for manual usage. 169 | This component is optional and therefore the API will only work if it is installed 170 | """ 171 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/action/launchBrowser/', {'browser': browser}))) 172 | 173 | def remove_browser_argument(self, browser, argument, apikey=''): 174 | """ 175 | Removes a browser argument. 176 | This component is optional and therefore the API will only work if it is installed 177 | """ 178 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/action/removeBrowserArgument/', {'browser': browser, 'argument': argument}))) 179 | 180 | def set_browser_argument_enabled(self, browser, argument, enabled, apikey=''): 181 | """ 182 | Sets whether or not a browser argument is enabled. 183 | This component is optional and therefore the API will only work if it is installed 184 | """ 185 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/action/setBrowserArgumentEnabled/', {'browser': browser, 'argument': argument, 'enabled': enabled}))) 186 | -------------------------------------------------------------------------------- /src/zapv2/sessionManagement.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class sessionManagement(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def get_supported_session_management_methods(self): 32 | """ 33 | Gets the name of the session management methods. 34 | """ 35 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'sessionManagement/view/getSupportedSessionManagementMethods/'))) 36 | 37 | def get_session_management_method_config_params(self, methodname): 38 | """ 39 | Gets the configuration parameters for the session management method with the given name. 40 | """ 41 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'sessionManagement/view/getSessionManagementMethodConfigParams/', {'methodName': methodname}))) 42 | 43 | def get_session_management_method(self, contextid): 44 | """ 45 | Gets the name of the session management method for the context with the given ID. 46 | """ 47 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'sessionManagement/view/getSessionManagementMethod/', {'contextId': contextid}))) 48 | 49 | def set_session_management_method(self, contextid, methodname, methodconfigparams=None, apikey=''): 50 | """ 51 | Sets the session management method for the context with the given ID. 52 | """ 53 | params = {'contextId': contextid, 'methodName': methodname} 54 | if methodconfigparams is not None: 55 | params['methodConfigParams'] = methodconfigparams 56 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'sessionManagement/action/setSessionManagementMethod/', params))) 57 | -------------------------------------------------------------------------------- /src/zapv2/soap.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2022 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class soap(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | def import_file(self, file, apikey=''): 31 | """ 32 | Import a WSDL definition from local file. 33 | This component is optional and therefore the API will only work if it is installed 34 | """ 35 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'soap/action/importFile/', {'file': file}))) 36 | 37 | def import_url(self, url, apikey=''): 38 | """ 39 | Import a WSDL definition from a URL. 40 | This component is optional and therefore the API will only work if it is installed 41 | """ 42 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'soap/action/importUrl/', {'url': url}))) 43 | -------------------------------------------------------------------------------- /src/zapv2/stats.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class stats(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | def stats(self, keyprefix=None): 31 | """ 32 | Statistics 33 | """ 34 | params = {} 35 | if keyprefix is not None: 36 | params['keyPrefix'] = keyprefix 37 | return (self.zap._request(self.zap.base + 'stats/view/stats/', params)) 38 | 39 | def all_sites_stats(self, keyprefix=None): 40 | """ 41 | Gets all of the site based statistics, optionally filtered by a key prefix 42 | """ 43 | params = {} 44 | if keyprefix is not None: 45 | params['keyPrefix'] = keyprefix 46 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'stats/view/allSitesStats/', params))) 47 | 48 | def site_stats(self, site, keyprefix=None): 49 | """ 50 | Gets all of the global statistics, optionally filtered by a key prefix 51 | """ 52 | params = {'site': site} 53 | if keyprefix is not None: 54 | params['keyPrefix'] = keyprefix 55 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'stats/view/siteStats/', params))) 56 | 57 | @property 58 | def option_statsd_host(self): 59 | """ 60 | Gets the Statsd service hostname 61 | """ 62 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'stats/view/optionStatsdHost/'))) 63 | 64 | @property 65 | def option_statsd_port(self): 66 | """ 67 | Gets the Statsd service port 68 | """ 69 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'stats/view/optionStatsdPort/'))) 70 | 71 | @property 72 | def option_statsd_prefix(self): 73 | """ 74 | Gets the prefix to be applied to all stats sent to the configured Statsd service 75 | """ 76 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'stats/view/optionStatsdPrefix/'))) 77 | 78 | @property 79 | def option_in_memory_enabled(self): 80 | """ 81 | Returns 'true' if in memory statistics are enabled, otherwise returns 'false' 82 | """ 83 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'stats/view/optionInMemoryEnabled/'))) 84 | 85 | @property 86 | def option_statsd_enabled(self): 87 | """ 88 | Returns 'true' if a Statsd server has been correctly configured, otherwise returns 'false' 89 | """ 90 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'stats/view/optionStatsdEnabled/'))) 91 | 92 | def clear_stats(self, keyprefix=None, apikey=''): 93 | """ 94 | Clears all of the statistics 95 | """ 96 | params = {} 97 | if keyprefix is not None: 98 | params['keyPrefix'] = keyprefix 99 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'stats/action/clearStats/', params))) 100 | 101 | def set_option_statsd_host(self, string, apikey=''): 102 | """ 103 | Sets the Statsd service hostname, supply an empty string to stop using a Statsd service 104 | """ 105 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'stats/action/setOptionStatsdHost/', {'String': string}))) 106 | 107 | def set_option_statsd_prefix(self, string, apikey=''): 108 | """ 109 | Sets the prefix to be applied to all stats sent to the configured Statsd service 110 | """ 111 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'stats/action/setOptionStatsdPrefix/', {'String': string}))) 112 | 113 | def set_option_in_memory_enabled(self, boolean, apikey=''): 114 | """ 115 | Sets whether in memory statistics are enabled 116 | """ 117 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'stats/action/setOptionInMemoryEnabled/', {'Boolean': boolean}))) 118 | 119 | def set_option_statsd_port(self, integer, apikey=''): 120 | """ 121 | Sets the Statsd service port 122 | """ 123 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'stats/action/setOptionStatsdPort/', {'Integer': integer}))) 124 | -------------------------------------------------------------------------------- /src/zapv2/users.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class users(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | def users_list(self, contextid=None): 31 | """ 32 | Gets a list of users that belong to the context with the given ID, or all users if none provided. 33 | """ 34 | params = {} 35 | if contextid is not None: 36 | params['contextId'] = contextid 37 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'users/view/usersList/', params))) 38 | 39 | def get_user_by_id(self, contextid, userid): 40 | """ 41 | Gets the data of the user with the given ID that belongs to the context with the given ID. 42 | """ 43 | return (self.zap._request(self.zap.base + 'users/view/getUserById/', {'contextId': contextid, 'userId': userid})) 44 | 45 | def get_authentication_credentials_config_params(self, contextid): 46 | """ 47 | Gets the configuration parameters for the credentials of the context with the given ID. 48 | """ 49 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'users/view/getAuthenticationCredentialsConfigParams/', {'contextId': contextid}))) 50 | 51 | def get_authentication_credentials(self, contextid, userid): 52 | """ 53 | Gets the authentication credentials of the user with given ID that belongs to the context with the given ID. 54 | """ 55 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'users/view/getAuthenticationCredentials/', {'contextId': contextid, 'userId': userid}))) 56 | 57 | def get_authentication_state(self, contextid, userid): 58 | """ 59 | Gets the authentication state information for the user identified by the Context and User Ids. 60 | """ 61 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'users/view/getAuthenticationState/', {'contextId': contextid, 'userId': userid}))) 62 | 63 | def get_authentication_session(self, contextid, userid): 64 | """ 65 | Gets the authentication session information for the user identified by the Context and User Ids, e.g. cookies and realm credentials. 66 | """ 67 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'users/view/getAuthenticationSession/', {'contextId': contextid, 'userId': userid}))) 68 | 69 | def new_user(self, contextid, name, apikey=''): 70 | """ 71 | Creates a new user with the given name for the context with the given ID. 72 | """ 73 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'users/action/newUser/', {'contextId': contextid, 'name': name}))) 74 | 75 | def remove_user(self, contextid, userid, apikey=''): 76 | """ 77 | Removes the user with the given ID that belongs to the context with the given ID. 78 | """ 79 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'users/action/removeUser/', {'contextId': contextid, 'userId': userid}))) 80 | 81 | def set_user_enabled(self, contextid, userid, enabled, apikey=''): 82 | """ 83 | Sets whether or not the user, with the given ID that belongs to the context with the given ID, should be enabled. 84 | """ 85 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'users/action/setUserEnabled/', {'contextId': contextid, 'userId': userid, 'enabled': enabled}))) 86 | 87 | def set_user_name(self, contextid, userid, name, apikey=''): 88 | """ 89 | Renames the user with the given ID that belongs to the context with the given ID. 90 | """ 91 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'users/action/setUserName/', {'contextId': contextid, 'userId': userid, 'name': name}))) 92 | 93 | def set_authentication_credentials(self, contextid, userid, authcredentialsconfigparams=None, apikey=''): 94 | """ 95 | Sets the authentication credentials for the user with the given ID that belongs to the context with the given ID. 96 | """ 97 | params = {'contextId': contextid, 'userId': userid} 98 | if authcredentialsconfigparams is not None: 99 | params['authCredentialsConfigParams'] = authcredentialsconfigparams 100 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'users/action/setAuthenticationCredentials/', params))) 101 | 102 | def authenticate_as_user(self, contextid, userid, apikey=''): 103 | """ 104 | Tries to authenticate as the identified user, returning the authentication request and whether it appears to have succeeded. 105 | """ 106 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'users/action/authenticateAsUser/', {'contextId': contextid, 'userId': userid}))) 107 | 108 | def poll_as_user(self, contextid, userid, apikey=''): 109 | """ 110 | Tries to poll as the identified user, returning the authentication request and whether it appears to have succeeded. This will only work if the polling verification strategy has been configured. 111 | """ 112 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'users/action/pollAsUser/', {'contextId': contextid, 'userId': userid}))) 113 | 114 | def set_authentication_state(self, contextid, userid, lastpollresult=None, lastpolltimeinms=None, requestssincelastpoll=None, apikey=''): 115 | """ 116 | Sets fields in the authentication state for the user identified by the Context and User Ids. 117 | """ 118 | params = {'contextId': contextid, 'userId': userid} 119 | if lastpollresult is not None: 120 | params['lastPollResult'] = lastpollresult 121 | if lastpolltimeinms is not None: 122 | params['lastPollTimeInMs'] = lastpolltimeinms 123 | if requestssincelastpoll is not None: 124 | params['requestsSinceLastPoll'] = requestssincelastpoll 125 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'users/action/setAuthenticationState/', params))) 126 | 127 | def set_cookie(self, contextid, userid, domain, name, value, path=None, secure=None, apikey=''): 128 | """ 129 | Sets the specified cookie for the user identified by the Context and User Ids. 130 | """ 131 | params = {'contextId': contextid, 'userId': userid, 'domain': domain, 'name': name, 'value': value} 132 | if path is not None: 133 | params['path'] = path 134 | if secure is not None: 135 | params['secure'] = secure 136 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'users/action/setCookie/', params))) 137 | -------------------------------------------------------------------------------- /src/zapv2/wappalyzer.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class wappalyzer(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def list_sites(self): 32 | """ 33 | Lists all the sites recognized by the Technology Detection add-on. 34 | This component is optional and therefore the API will only work if it is installed 35 | """ 36 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'wappalyzer/view/listSites/'))) 37 | 38 | @property 39 | def list_all(self): 40 | """ 41 | Lists all sites and their associated applications (technologies). 42 | This component is optional and therefore the API will only work if it is installed 43 | """ 44 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'wappalyzer/view/listAll/'))) 45 | 46 | def list_site(self, site): 47 | """ 48 | Lists all the applications (technologies) associated with a specific site. 49 | This component is optional and therefore the API will only work if it is installed 50 | """ 51 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'wappalyzer/view/listSite/', {'site': site}))) 52 | -------------------------------------------------------------------------------- /src/zapv2/websocket.py: -------------------------------------------------------------------------------- 1 | # Zed Attack Proxy (ZAP) and its related class files. 2 | # 3 | # ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | # 5 | # Copyright 2025 the ZAP development team 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | """ 19 | This file was automatically generated. 20 | """ 21 | 22 | import six 23 | 24 | 25 | class websocket(object): 26 | 27 | def __init__(self, zap): 28 | self.zap = zap 29 | 30 | @property 31 | def channels(self): 32 | """ 33 | Returns all of the registered web socket channels 34 | This component is optional and therefore the API will only work if it is installed 35 | """ 36 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'websocket/view/channels/'))) 37 | 38 | def message(self, channelid, messageid): 39 | """ 40 | Returns full details of the message specified by the channelId and messageId 41 | This component is optional and therefore the API will only work if it is installed 42 | """ 43 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'websocket/view/message/', {'channelId': channelid, 'messageId': messageid}))) 44 | 45 | def messages(self, channelid=None, start=None, count=None, payloadpreviewlength=None): 46 | """ 47 | Returns a list of all of the messages that meet the given criteria (all optional), where channelId is a channel identifier, start is the offset to start returning messages from (starting from 0), count is the number of messages to return (default no limit) and payloadPreviewLength is the maximum number bytes to return for the payload contents 48 | This component is optional and therefore the API will only work if it is installed 49 | """ 50 | params = {} 51 | if channelid is not None: 52 | params['channelId'] = channelid 53 | if start is not None: 54 | params['start'] = start 55 | if count is not None: 56 | params['count'] = count 57 | if payloadpreviewlength is not None: 58 | params['payloadPreviewLength'] = payloadpreviewlength 59 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'websocket/view/messages/', params))) 60 | 61 | @property 62 | def break_text_message(self): 63 | """ 64 | Returns a text representation of an intercepted websockets message 65 | This component is optional and therefore the API will only work if it is installed 66 | """ 67 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'websocket/view/breakTextMessage/'))) 68 | 69 | def send_text_message(self, channelid, outgoing, message, apikey=''): 70 | """ 71 | Sends the specified message on the channel specified by channelId, if outgoing is 'True' then the message will be sent to the server and if it is 'False' then it will be sent to the client 72 | This component is optional and therefore the API will only work if it is installed 73 | """ 74 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'websocket/action/sendTextMessage/', {'channelId': channelid, 'outgoing': outgoing, 'message': message}))) 75 | 76 | def set_break_text_message(self, message, outgoing, apikey=''): 77 | """ 78 | Sets the text message for an intercepted websockets message 79 | This component is optional and therefore the API will only work if it is installed 80 | """ 81 | return six.next(six.itervalues(self.zap._request(self.zap.base + 'websocket/action/setBreakTextMessage/', {'message': message, 'outgoing': outgoing}))) 82 | -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zaproxy/zap-api-python/1d7d88ca656403d8c76dfaab86d7754482ea681c/tests/__init__.py -------------------------------------------------------------------------------- /tests/unit/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zaproxy/zap-api-python/1d7d88ca656403d8c76dfaab86d7754482ea681c/tests/unit/__init__.py -------------------------------------------------------------------------------- /tests/unit/conftest.py: -------------------------------------------------------------------------------- 1 | import pytest 2 | 3 | import requests_mock 4 | 5 | from zapv2 import ZAPv2 6 | 7 | 8 | @pytest.fixture 9 | def zap(): 10 | """ 11 | All tests will be able to share the instance of client with the same settings.""" 12 | yield ZAPv2(apikey='testapikey') 13 | 14 | @pytest.fixture 15 | def zap_strict(): 16 | """ 17 | All tests will be able to share the instance of client with the same settings.""" 18 | yield ZAPv2(apikey='testapikey', validate_status_code=True) 19 | 20 | @pytest.fixture(autouse=True) 21 | def client_mock(): 22 | """Fixture create a mock for urllib library.""" 23 | with requests_mock.mock() as mock: 24 | yield mock 25 | -------------------------------------------------------------------------------- /tests/unit/test_client.py: -------------------------------------------------------------------------------- 1 | """ 2 | Tests related to the main Zap Client class 3 | """ 4 | from hamcrest import assert_that 5 | from hamcrest import has_entries 6 | import pytest 7 | 8 | TEST_PROXIES = { 9 | 'http': 'http://127.0.0.1:8080', 10 | 'https': 'http://127.0.0.1:8080', 11 | } 12 | 13 | 14 | def assert_api_key(response, apikey='testapikey'): 15 | """Some requests should contain valid ZAP api key.""" 16 | assert response._request.headers['X-ZAP-API-Key'] == apikey 17 | assert 'apikey=%s' % apikey not in response.query 18 | 19 | 20 | def test_urlopen(zap, client_mock): 21 | """Request method should return a python object from parsed output""" 22 | api_response ='{"testkey": "testvalue"}' 23 | client_mock.get('http://localhost:8080', text=api_response) 24 | 25 | assert zap.urlopen('http://localhost:8080', {'querykey': 'queryvalue'}) == api_response 26 | 27 | response = client_mock.request_history[0] 28 | 29 | assert 'X-ZAP-API-Key' not in response._request.headers 30 | assert 'testapikey' not in response.query 31 | assert_that(response.proxies, has_entries(TEST_PROXIES)) 32 | 33 | 34 | def test_request_api_invalid_status_code(zap_strict, client_mock): 35 | """Request method throw if invalid status code returned""" 36 | client_mock.register_uri('GET', 'http://zap/test', text='{"testkey": "testvalue"}', status_code=400) 37 | 38 | try: 39 | zap_strict._request_api('http://zap/test', {'querykey': 'queryvalue'}) 40 | except Exception: 41 | pass 42 | else: 43 | pytest.fail("Not thrown on invalid status code") 44 | 45 | response = client_mock.request_history[0] 46 | 47 | assert_api_key(response) 48 | assert_that(response.proxies, has_entries(TEST_PROXIES)) 49 | 50 | 51 | def test_request_response(zap, client_mock): 52 | """Request method should return a python object from parsed output""" 53 | client_mock.get('http://zap/test', text='{"testkey": "testvalue"}') 54 | 55 | assert zap._request('http://zap/test', {'querykey': 'queryvalue'}) == {'testkey': 'testvalue'} 56 | 57 | response = client_mock.request_history[0] 58 | 59 | assert_api_key(response) 60 | assert_that(response.proxies, has_entries(TEST_PROXIES)) 61 | 62 | 63 | def test_request_other(zap, client_mock): 64 | """_request_other should simply return a retrieved content.""" 65 | api_response = '{"testkey": "testvalue"}' 66 | client_mock.get('http://zap/test', text=api_response) 67 | 68 | assert zap._request_other('http://zap/test', {'querykey': 'queryvalue'}) == api_response 69 | 70 | response = client_mock.request_history[0] 71 | 72 | assert_api_key(response) 73 | assert_that(response.proxies, has_entries(TEST_PROXIES)) 74 | --------------------------------------------------------------------------------