如何将zap会话文件传递给dockerized zap扫描仪? [英] How to pass zap session files to dockerized zap scanner?

问题描述

在执行扫描之前，如何正确地将会话文件(.session .session.data .session.properties .session.script和上下文)传递给以下命令?

How to properly pass session files (.session .session.data .session.properties .session.script and context) to the following command before the scan is executed?

docker run -rm -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-stable zap-baseline.py \
-t https://www.example.com -r testreport.html

推荐答案

使用 core/action/loadSession/ API端点.像这样:

Use the core/action/loadSession/ API endpoint. Something like this:

from zapv2 import ZAPv2 as zap
import time

apikey = 'apikey12345' #Change this to match your setup
z = zap(apikey=apikey, proxies={'http': 'http://127.0.0.1:9999', 'https': 'http://127.0.0.1:9999'})
time.sleep(5)

print 'start..'
z.core.load_session('/root/Download/zaptmp/test.session') #Obviously this needs to be your session path

sites = z.core.sites

# Check that the session loaded... I'm printing, you could check count not zero, whatever
print 'Listing sites in loaded session:'
for site in sites:
    print site

这篇关于如何将zap会话文件传递给dockerized zap扫描仪?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！