OWASP_ZAP_API_scripts

Open source Apache-2.0 Python

GitHub

Stars

Forks

Issues

Watchers

7 years

Last Commit

API Tools Vulnerability Scanning

About OWASP_ZAP_API_scripts

OWASP ZAP API Scripts is a collection of Python scripts and configuration files designed to automate security testing for APIs using the OWASP ZAP (Zed Attack Proxy) tool, with a specific focus on testing the Hackazon application. The package includes a main automation script, OWASPhackazonAPI.py, which orchestrates the testing workflow, along with supporting authentication scripts, security policies, and context configuration files. These scripts integrate with ZAP's scripting engine by being placed in specific directories such as the scripts, authentication, and contexts folders within the ZAP user directory. Key components include a token generation script for handling authentication, an authentication script for API sessions, a custom security policy for scan configurations, and a context definition file to scope the testing environment. This tool is useful for security professionals and penetration testers who want to streamline API vulnerability scanning, automate authenticated scans, and apply consiste

Platforms

Web Self-hosted

Languages

Python

Links

Source Code

Published by

tahmed11

Visit View Profile

README.md

View on GitHub

OWASP ZAP API scripts

This scripts are from the blog post:

OWASP_hackazon_API.py is the python script which automates the testing.

Ensure the scripts are in the right location.

Example:

Hackazon_Token.py -> ~/.ZAP_D/scripts/scripts/httpsender/Hackazon_Token.py

Hackazon.policy -> ~/.ZAP_D/Hackazon.policy

hackazon_api_authentication.py -> ~/.ZAP_D/scripts/scripts/authentication/hackazon_api_authentication.py

Hackazon_API_Context.context -> ~/.ZAP_D/contexts/Hackazon_API_Context.context