ZAPROXY RESTFUL API 调用流程

AIB0t

于 2023-07-05 10:23:58 发布

阅读量216

点赞数

文章标签： restful web web安全安全性测试

本文链接：https://blog.csdn.net/Kuroneko_tango/article/details/131549952

版权

ZAPROXY API 调用流程

使用ZAPROXY Restful API，进行一次简单的扫描流程，包括URL爬取、漏洞扫描和结果查看的过程。使用静态的web spider和默认的扫描配置。

1. 创建一个上下文

POST /JSON/context/action/newContext/

contextName={contextName}

{"contextId":"1"}

2. 关联上下文到URL

POST /JSON/context/action/includeInContext

contextName={contextName}
regex=^{url}.*$

{"Result":"OK"}

3. 创建一个spider扫描

POST /JSON/spider/action/scan/

url={url}
contextName={contextName}

{"scanId":"1"}

3.1 获得spider扫描的状态

GET /JSON/spider/view/status/

scanId={scanId}

{"status":"50"}

3.2 获得spider扫描的结果

GET /JSON/spider/view/results/

scanId={scanId}

{"results":["http://192.168.50.3:11452/vul/sqli/sqli_header/?C=M;O=A","http://192.168.50.3:11452/vul/sqli/sqli_header/?C=M;O=D"]}

3.3 获得所有spider扫描列表

GET /JSON/spider/view/scans/

{"scans":[{"progress":"100","id":"1","state":"FINISHED"}]}

4. 创建一个scan扫描

POST /JSON/ascan/action/scan/

url={url}
contextId={contextId}

{"scanId":"1"}

4.1 获得scan扫描的状态

GET /JSON/ascan/view/status/

scanId={scanId}

{"status":"11"}

4.2 获得所有scan扫描列表

GET /JSON/ascan/view/scans/

{"scans":[{"reqCount":"7563","alertCount":"7","progress":"11","newAlertCount":"1","id":"1","state":"RUNNING"}]}

5. 获得所有扫描的警告列表

GET /JSON/ascan/view/alertsIds/

scanId={scanId}

{"alertsIds":["86060","86061","86062","86063","86064","86065","86066"]}

6. 获得警告详情

GET /JSON/core/view/alert/

id={id}

{
  "alert":{
    "sourceid":"1",
    "other":"",
    "method":"GET",
    "evidence":"root:x:0:0",
    "pluginId":"6",
    "cweid":"22",
    "confidence":"Medium",
    "wascid":"33",
    "description":"The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory..."
    "messageId":"30600",
    "inputVector":"querystring",
    "url":"http://192.168.50.3:11452/vul/dir/dir_list.php?title=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd",
    "tags":{"OWASP_2021_A01":"https://owasp.org/Top10/A01_2021-Broken_Access_Control/","WSTG-v42-ATHZ-01":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Applica..."}
    "reference":"http://projects.webappsec.org/Path-Traversal\nhttp://cwe.mitre.org/data/definitions/22.html","solution":"Assume all input is malicious. Use an \"accept known good\"..."
    "alert":"Path Traversal",
    "param":"title",
    "attack":"../../../../../../../../../../../../../../../../etc/passwd",
    "name":"Path Traversal",
    "risk":"High",
    "id":"86060",
    "alertRef":"6-2"
  }
 }

6.1 获得URL的警告统计数据

GET /JSON/alert/view/alertCountsByRisk/

url={url}

 {"High":0,"Low":5,"Medium":2,"Informational":2,"False Positive":0}