Skip to content

OWASP ZAP Integration

Jump to bottom
xer0dayz edited this page Jan 15, 2022 · 3 revisions

Requirements

OWASP ZAP integration requires the following python module to function.

pip3 install python-owasp-zap-v2.4

Setup

In order to setup OWASP ZAP integration, you will need to have ZAP running on the same host as Sn1per and the http/https proxy listening on port 8081/tcp.

In addition, you will need to enable the ZAP API service and disable the API key.

The last step is to update your /root/.sniper.conf file and enable the following setting:

ZAP_SCAN="1"

Scanning

After, you can run the ‘webscan’ mode (ie. sniper -t 127.0.0.1 -m webscan -w 127.0.0.1). After the scan completes, all HTML reports will be saved to /usr/share/sniper/loot/workspace/WORKSPACE_ALIAS_HERE/web/zap-report-$TARGET-$DATE.html.

Copyright (c) Sn1perSecurity - https://sn1persecurity.com

Clone this wiki locally