class OwaspZap::Zap

Attributes

api_key[R]
base[RW]
target[RW]
zap_bin[RW]

Public Class Methods

new(params = {}) click to toggle source
# File lib/owasp_zap.rb, line 23
def initialize(params = {})
     #TODO
     # handle params
     @base = params[:base] || "http://127.0.0.1:8080"
     @target = params[:target]
     @api_key = params[:api_key]
     @zap_bin = params [:zap] || "#{ENV['HOME']}/ZAP/zap.sh"
     @output = params[:output] || $stdout #default we log everything to the stdout
 end

Public Instance Methods

alerts() click to toggle source
# File lib/owasp_zap.rb, line 63
def alerts
    Zap::Alert.new(:base=>@base,:target=>@target)
end
ascan() click to toggle source

attack

# File lib/owasp_zap.rb, line 72
def ascan
    Zap::Attack.new(:base=>@base,:target=>@target)
end
auth() click to toggle source
# File lib/owasp_zap.rb, line 80
def auth
    Zap::Auth.new(:base=>@base)
end
html_report() click to toggle source
# File lib/owasp_zap.rb, line 131
def html_report
    RestClient::get "#{@base}/OTHER/core/other/htmlreport/"
end
ok?(json_data) click to toggle source
# File lib/owasp_zap.rb, line 46
def ok?(json_data)
    json_data.is_a?(Hash) and json_data[0] == "OK"
end
policy() click to toggle source
# File lib/owasp_zap.rb, line 59
def policy
    Zap::Policy.new(:base=>@base)
end
running?() click to toggle source
# File lib/owasp_zap.rb, line 50
def running?
    begin
        response = RestClient::get "#{@base}"
    rescue Errno::ECONNREFUSED
        return false
    end
    response.code == 200
end
scanner() click to toggle source
# File lib/owasp_zap.rb, line 67
def scanner
    Zap::Scanner.new(:base=>@base)
end
shutdown() click to toggle source

shutdown zap

# File lib/owasp_zap.rb, line 121
def shutdown
    RestClient::get "#{@base}/JSON/core/action/shutdown/"
end
spider() click to toggle source
# File lib/owasp_zap.rb, line 76
def spider
    Zap::Spider.new(:base=>@base,:target=>@target)
end
start(params = {}) click to toggle source

TODO DOCUMENT the step necessary: install ZAP under $home/ZAP or should be passed to new as :zap parameter

# File lib/owasp_zap.rb, line 86
def start(params = {})
    # default we are disabling api key
    params = {api_key:false}.merge(params)
    cmd_line = "#{@zap_bin}"
    case
    when params.key?(:daemon)
      cmd_line += " -daemon"
    when params.key?(:api_key)
      cmd_line += if params[:api_key] == true
        " -config api.key=#{@api_key}"
      else
        " -config api.disablekey=true"
      end
    end
    if params.key?(:host)
        cmd_line += " -host #{params[:host]}"
    end
    if params.key?(:port)
        cmd_line += " -port #{params[:port]}"
    end
    fork do
       # if you passed :output=>"file.txt" to the constructor, then it will send the forked process output
       # to this file (that means, ZAP stdout)
       unless @output == $stdout
        STDOUT.reopen(File.open(@output, 'w+'))
        STDOUT.sync = true
       end
       print "Running the following command: #{cmd_line} \n"

       exec cmd_line

    end
end
status_for(component) click to toggle source
# File lib/owasp_zap.rb, line 33
def status_for(component)
    case component
    when :ascan
        Zap::Attack.new(:base=>@base,:target=>@target).status
    when :spider
        Zap::Spider.new(:base=>@base,:target=>@target).status
    when :scan
        Zap::Scan.new(:base=>@base,:target=>@target).status
    else
        {:status=>"unknown component"}.to_json
    end

end
xml_report() click to toggle source

xml report maybe it should be refactored to alert.

# File lib/owasp_zap.rb, line 127
def xml_report
    RestClient::get "#{@base}/OTHER/core/other/xmlreport/"
end