ZAPROXY API 调用流程
使用ZAPROXY Restful API,进行一次简单的扫描流程,包括URL爬取、漏洞扫描和结果查看的过程。使用静态的web spider和默认的扫描配置。
1. 创建一个上下文
POST /JSON/context/action/newContext/
contextName={contextName}
{"contextId":"1"}
2. 关联上下文到URL
POST /JSON/context/action/includeInContext
contextName={contextName}
regex=^{url}.*$
{"Result":"OK"}
3. 创建一个spider扫描
POST /JSON/spider/action/scan/
url={url}
contextName={contextName}
{"scanId":"1"}
3.1 获得spider扫描的状态
GET /JSON/spider/view/status/
scanId={scanId}
{"status":"50"}
3.2 获得spider扫描的结果
GET /JSON/spider/view/results/
scanId={scanId}
{"results":["http://192.168.50.3:11452/vul/sqli/sqli_header/?C=M;O=A","http://192.168.50.3:11452/vul/sqli/sqli_header/?C=M;O=D"]}
3.3 获得所有spider扫描列表
GET /JSON/spider/view/scans/
{"scans":[{"progress":"100","id":"1","state":"FINISHED"}]}
4. 创建一个scan扫描
POST /JSON/ascan/action/scan/
url={url}
contextId={contextId}
{"scanId":"1"}
4.1 获得scan扫描的状态
GET /JSON/ascan/view/status/
scanId={scanId}
{"status":"11"}
4.2 获得所有scan扫描列表
GET /JSON/ascan/view/scans/
{"scans":[{"reqCount":"7563","alertCount":"7","progress":"11","newAlertCount":"1","id":"1","state":"RUNNING"}]}
5. 获得所有扫描的警告列表
GET /JSON/ascan/view/alertsIds/
scanId={scanId}
{"alertsIds":["86060","86061","86062","86063","86064","86065","86066"]}
6. 获得警告详情
GET /JSON/core/view/alert/
id={id}
{
"alert":{
"sourceid":"1",
"other":"",
"method":"GET",
"evidence":"root:x:0:0",
"pluginId":"6",
"cweid":"22",
"confidence":"Medium",
"wascid":"33",
"description":"The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory..."
"messageId":"30600",
"inputVector":"querystring",
"url":"http://192.168.50.3:11452/vul/dir/dir_list.php?title=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd",
"tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-ATHZ-01":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Applica..."}
"reference":"http://projects.webappsec.org/Path-Traversal\nhttp://cwe.mitre.org/data/definitions/22.html","solution":"Assume all input is malicious. Use an \"accept known good\"..."
"alert":"Path Traversal",
"param":"title",
"attack":"../../../../../../../../../../../../../../../../etc/passwd",
"name":"Path Traversal",
"risk":"High",
"id":"86060",
"alertRef":"6-2"
}
}
6.1 获得URL的警告统计数据
GET /JSON/alert/view/alertCountsByRisk/
url={url}
{"High":0,"Low":5,"Medium":2,"Informational":2,"False Positive":0}