zap-api-scan - Trickest Platform Documentation

Name:zap-api-scan

Category:Scanners

Publisher:trickest-mhmdiaa

Created:5/25/2022

Container:quay.io/trickest/zap-api-scan:v2.11.1

Output Type:

License:Unknown

Source:View Source

Parameters

ajax

boolean

-juse the Ajax spider in addition to the traditional one

user

string

-Uusername to use for authenticated scans - must be defined in the given context file

alpha

boolean

-ainclude the alpha active and passive scan rules as well

debug

boolean

-dshow debug messages in stdout

delay

string

-Ddelay in seconds to wait for passive scanning

level

string

-lminimum level to show: PASS, IGNORE, INFO, WARN or FAIL, use with -s (short-output) to hide example URLs

format

string

required

-fAPI format: openapi, soap, or graphql

schema

string

--schemaGraphQL schema URL, e.g. https://www.example.com/schema.graphqls

max-time

string

-Tmax time in minutes to wait for ZAP to start and the passive scan to run

override

string

-Othe hostname to override in the (remote) OpenAPI spec

safe-mode

boolean

-SSafe mode this will skip the active scan and perform a baseline scan

config_file

file

-cconfig file to use to INFO, IGNORE or FAIL warnings

zap-options

string

-zZAP command line options

context-file

file

-ncontext file which will be loaded prior to scanning the target

short-output

boolean

-sshort output format - dont show PASSes or example URLs

target-definition

file

required

-ttarget API definition file, OpenAPI or SOAP

target-endpoint-url

string

required

-ttarget API definition URL (e.g. https://www.example.com/openapi.json, https://www.example.com/graphql)

Library

Parameters