Class: OwaspZap::Zap

Inherits:
Object
  • Object
show all
Defined in:
lib/owasp_zap.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(params = {}) ⇒ Zap

Returns a new instance of Zap.



22
23
24
25
26
27
28
29
 
# File 'lib/owasp_zap.rb', line 22

def initialize(params = {})
    #TODO
    # handle params
    @base = params[:base] || "http://127.0.0.1:8080"
    @target = params[:target]
    @zap_bin = params [:zap] || "#{ENV['HOME']}/ZAP/zap.sh"
    @output = params[:output] || $stdout #default we log everything to the stdout
end

Instance Attribute Details

#baseObject

Returns the value of attribute base.



20
21
22
 
# File 'lib/owasp_zap.rb', line 20

def base
  @base
end

#targetObject

Returns the value of attribute target.



20
21
22
 
# File 'lib/owasp_zap.rb', line 20

def target
  @target
end

#zap_binObject

Returns the value of attribute zap_bin.



20
21
22
 
# File 'lib/owasp_zap.rb', line 20

def zap_bin
  @zap_bin
end

Instance Method Details

#alertsObject 



57
58
59
 
# File 'lib/owasp_zap.rb', line 57

def alerts
    Zap::Alert.new(:base=>@base,:target=>@target)
end

#ascanObject

attack



66
67
68
 
# File 'lib/owasp_zap.rb', line 66

def ascan
    Zap::Attack.new(:base=>@base,:target=>@target)
end

#authObject 



74
75
76
 
# File 'lib/owasp_zap.rb', line 74

def auth
    Zap::Auth.new(:base=>@base) 
end

#ok?(json_data) ⇒ Boolean

Returns:

  • (Boolean) 


44
45
46
 
# File 'lib/owasp_zap.rb', line 44

def ok?(json_data)
    json_data.is_a?(Hash) and json_data[0] == "OK"
end

#running?Boolean

Returns:

  • (Boolean) 


48
49
50
51
52
53
54
55
 
# File 'lib/owasp_zap.rb', line 48

def running?
    begin
        response = RestClient::get "#{@base}"
    rescue Errno::ECONNREFUSED
        return false
    end
    response.code == 200
end

#scannerObject 



61
62
63
 
# File 'lib/owasp_zap.rb', line 61

def scanner
    Zap::Scanner.new(:base=>@base)
end

#shutdownObject

shutdown zap



98
99
100
 
# File 'lib/owasp_zap.rb', line 98

def shutdown
    RestClient::get "#{@base}/JSON/core/action/shutdown/"
end

#spiderObject 



70
71
72
 
# File 'lib/owasp_zap.rb', line 70

def spider
    Zap::Spider.new(:base=>@base,:target=>@target)
end

#start(params = {}) ⇒ Object

TODO DOCUMENT the step necessary: install ZAP under $home/ZAP or should be passed to new as :zap parameter



80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
 
# File 'lib/owasp_zap.rb', line 80

def start(params = {})
    cmd_line = if params.key? :daemon
        "#{@zap_bin} -daemon"
    else
        @zap_bin
    end
    fork do
       # if you passed :output=>"file.txt" to the constructor, then it will send the forked process output
       # to this file (that means, ZAP stdout)
       unless @output == $stdout
        STDOUT.reopen(File.open(@output, 'w+'))
        STDOUT.sync = true 
       end
       exec cmd_line
    end
end

#status_for(component) ⇒ Object 



31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/owasp_zap.rb', line 31

def status_for(component)
    case component
    when :ascan
        Zap::Attack.new(:base=>@base,:target=>@target).status
    when :spider
        Zap::Spider.new(:base=>@base,:target=>@target).status
    when :scan
        Zap::Scan.new(:base=>@base,:target=>@target).status
    else
        {:status=>"unknown component"}.to_json
    end

end

#xml_reportObject

xml report maybe it should be refactored to alert.



104
105
106
 
# File 'lib/owasp_zap.rb', line 104

def xml_report
    RestClient::get "#{@base}/OTHER/core/other/xmlreport/"
end