Class: OwaspZap::Zap
- Inherits:
-
Object
- Object
- OwaspZap::Zap
- Defined in:
- lib/owasp_zap.rb
Instance Attribute Summary collapse
-
#api_key ⇒ Object
readonly
Returns the value of attribute api_key.
-
#base ⇒ Object
Returns the value of attribute base.
-
#target ⇒ Object
Returns the value of attribute target.
-
#zap_bin ⇒ Object
Returns the value of attribute zap_bin.
Instance Method Summary collapse
- #alerts ⇒ Object
-
#ascan ⇒ Object
attack.
- #auth ⇒ Object
- #html_report ⇒ Object
-
#initialize(params = {}) ⇒ Zap
constructor
A new instance of Zap.
- #ok?(json_data) ⇒ Boolean
- #policy ⇒ Object
- #running? ⇒ Boolean
- #scanner ⇒ Object
-
#shutdown ⇒ Object
shutdown zap.
- #spider ⇒ Object
-
#start(params = {}) ⇒ Object
TODO DOCUMENT the step necessary: install ZAP under $home/ZAP or should be passed to new as :zap parameter.
- #status_for(component) ⇒ Object
-
#xml_report ⇒ Object
xml report maybe it should be refactored to alert.
Constructor Details
#initialize(params = {}) ⇒ Zap
Returns a new instance of Zap.
23 24 25 26 27 28 29 30 31 |
# File 'lib/owasp_zap.rb', line 23 def initialize(params = {}) #TODO # handle params @base = params[:base] || "http://127.0.0.1:8080" @target = params[:target] @api_key = params[:api_key] @zap_bin = params [:zap] || "#{ENV['HOME']}/ZAP/zap.sh" @output = params[:output] || $stdout #default we log everything to the stdout end |
Instance Attribute Details
#api_key ⇒ Object (readonly)
Returns the value of attribute api_key.
22 23 24 |
# File 'lib/owasp_zap.rb', line 22 def api_key @api_key end |
#base ⇒ Object
Returns the value of attribute base.
21 22 23 |
# File 'lib/owasp_zap.rb', line 21 def base @base end |
#target ⇒ Object
Returns the value of attribute target.
21 22 23 |
# File 'lib/owasp_zap.rb', line 21 def target @target end |
#zap_bin ⇒ Object
Returns the value of attribute zap_bin.
21 22 23 |
# File 'lib/owasp_zap.rb', line 21 def zap_bin @zap_bin end |
Instance Method Details
#alerts ⇒ Object
63 64 65 |
# File 'lib/owasp_zap.rb', line 63 def alerts Zap::Alert.new(:base=>@base,:target=>@target) end |
#ascan ⇒ Object
attack
72 73 74 |
# File 'lib/owasp_zap.rb', line 72 def ascan Zap::Attack.new(:base=>@base,:target=>@target) end |
#auth ⇒ Object
80 81 82 |
# File 'lib/owasp_zap.rb', line 80 def auth Zap::Auth.new(:base=>@base) end |
#html_report ⇒ Object
131 132 133 |
# File 'lib/owasp_zap.rb', line 131 def html_report RestClient::get "#{@base}/OTHER/core/other/htmlreport/" end |
#ok?(json_data) ⇒ Boolean
46 47 48 |
# File 'lib/owasp_zap.rb', line 46 def ok?(json_data) json_data.is_a?(Hash) and json_data[0] == "OK" end |
#policy ⇒ Object
59 60 61 |
# File 'lib/owasp_zap.rb', line 59 def policy Zap::Policy.new(:base=>@base) end |
#running? ⇒ Boolean
50 51 52 53 54 55 56 57 |
# File 'lib/owasp_zap.rb', line 50 def running? begin response = RestClient::get "#{@base}" rescue Errno::ECONNREFUSED return false end response.code == 200 end |
#scanner ⇒ Object
67 68 69 |
# File 'lib/owasp_zap.rb', line 67 def scanner Zap::Scanner.new(:base=>@base) end |
#shutdown ⇒ Object
shutdown zap
121 122 123 |
# File 'lib/owasp_zap.rb', line 121 def shutdown RestClient::get "#{@base}/JSON/core/action/shutdown/" end |
#spider ⇒ Object
76 77 78 |
# File 'lib/owasp_zap.rb', line 76 def spider Zap::Spider.new(:base=>@base,:target=>@target) end |
#start(params = {}) ⇒ Object
TODO DOCUMENT the step necessary: install ZAP under $home/ZAP or should be passed to new as :zap parameter
86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 |
# File 'lib/owasp_zap.rb', line 86 def start(params = {}) # default we are disabling api key params = {api_key:false}.merge(params) cmd_line = "#{@zap_bin}" case when params.key?(:daemon) cmd_line += " -daemon" when params.key?(:api_key) cmd_line += if params[:api_key] == true " -config api.key=#{@api_key}" else " -config api.disablekey=true" end end if params.key?(:host) cmd_line += " -host #{params[:host]}" end if params.key?(:port) cmd_line += " -port #{params[:port]}" end fork do # if you passed :output=>"file.txt" to the constructor, then it will send the forked process output # to this file (that means, ZAP stdout) unless @output == $stdout STDOUT.reopen(File.open(@output, 'w+')) STDOUT.sync = true end print "Running the following command: #{cmd_line} \n" exec cmd_line end end |
#status_for(component) ⇒ Object
33 34 35 36 37 38 39 40 41 42 43 44 45 |
# File 'lib/owasp_zap.rb', line 33 def status_for(component) case component when :ascan Zap::Attack.new(:base=>@base,:target=>@target).status when :spider Zap::Spider.new(:base=>@base,:target=>@target).status when :scan Zap::Scan.new(:base=>@base,:target=>@target).status else {:status=>"unknown component"}.to_json end end |
#xml_report ⇒ Object
xml report maybe it should be refactored to alert.
127 128 129 |
# File 'lib/owasp_zap.rb', line 127 def xml_report RestClient::get "#{@base}/OTHER/core/other/xmlreport/" end |