Script scanner with attack spider and active.

Scanner_Full_Owasp.py

#!/usr/bin/env python
import time
import urllib.parse
from zapv2 import ZAPv2
from pprint import pprint
apikey = ''
context_name = 'Scan_Full'
target_url = 'http://demo.testfire.net'
include_url = ['http://demo.testfire.net.*']
login_url = 'http://demo.testfire.net/login.jsp'
zap = ZAPv2(proxies={'http': 'http://localhost:8080'}, apikey=apikey)
useScanPolicy = True 
useContextForScan = True
shutdownOnceFinished = False
isWhiteListPolicy = True
useScanPolicy = True
forcedUser = zap.forcedUser
spider = zap.spider
scanId = 0
ascan = zap.ascan
alertThreshold = 'Medium'
attackStrength = 'Low'
scanPolicyName = 'EXPLORATION OWASP'

ascanIds = [7, 40009, 40012, 40014, 40018, 90019, 90020, 30001, 40003, 40016, 40017, 40026, 40019, 40020, 40021, 40022, 40024, 90018]

def cleanup():
    
        zap.context.remove_context(contextname = context_name, apikey = apikey)
        print('Delete Context',context_name)
        

def set_include_in_context():
    
    zap.context.include_in_context(context_name, include_url)
    print('Configured include in context',include_url)


def set_logged_in_indicator():
    logged_in_regex = '\Q<a id="AccountLink" href="/login.jsp" class="focus" >ONLINE BANKING LOGIN</a></div></td>\E'
    zap.authentication.set_logged_in_indicator(context_id, logged_in_regex)
    print('Configured logged in indicator regex: ')


def set_form_based_auth():
    login_request_data = 'uid={%username%}&passw={%password%}&btnSubmit=Login'
    form_based_config = 'loginUrl=' + urllib.parse.quote(login_url) + '&loginRequestData=' + urllib.parse.quote(login_request_data)
    zap.authentication.set_authentication_method(context_id, 'formBasedAuthentication', form_based_config)
    print('Configured form based authentication')


def set_user_auth_config():
    user = 'Teste_user'
    username = 'admin'
    password = 'admin'

    user_id = zap.users.new_user(context_id, user)
    user_auth_config = 'username=' + urllib.parse.quote(username) + '&password=' + urllib.parse.quote(password)
    zap.users.set_authentication_credentials(context_id, user_id, user_auth_config)
    zap.users.set_user_enabled(context_id, user_id, 'true')
    zap.forcedUser.set_forced_user(context_id, user_id)
    zap.forcedUser.set_forced_user_mode_enabled('true')
    print('User Auth Configured')
    return user_id

def set_polices_scan(scanPolicyName):
        
        if useScanPolicy:
            ascan.remove_scan_policy(scanpolicyname=scanPolicyName)
            pprint('Add scan policy ' + scanPolicyName + ' -> ' +
                ascan.add_scan_policy(scanpolicyname=scanPolicyName))
            for policyId in range(0, 5):
                # Set alert Threshold for all scans
                ascan.set_policy_alert_threshold(id=policyId,
                                            alertthreshold=alertThreshold,
                                            scanpolicyname=scanPolicyName)
            # Set attack strength for all scans
                ascan.set_policy_attack_strength(id=policyId,
                                            attackstrength=attackStrength,
                                            scanpolicyname=scanPolicyName)
            if isWhiteListPolicy:
            # Disable all active scanners
                pprint('Disable all scanners -> ' +
                    ascan.disable_all_scanners(scanpolicyname=scanPolicyName))
            # Enable some active scanners
                for idscans in ascanIds:
                    
                        ascan.enable_scanners(ids=idscans,
                                            scanpolicyname=scanPolicyName)
                pprint('Enable Scan IDs -> OK')
            else:
            # Enable all active scanners
                pprint('Enable all scanners -> ' +
                    ascan.enable_all_scanners(scanpolicyname=scanPolicyName))
            # Disable some active scanners
                for idscans in ascanIds:
                    
                          ascan.disable_scanners(ids=idscans,
                                        scanpolicyname=scanPolicyName)
                pprint('Disable scan IDs -> OK')


def start_spider(userId):
    if useContextForScan:
        print('Starting scans with User ID: ' + userId)
        scanId = spider.scan_as_user(contextid=context_id, userid=userId,
                url=target_url, maxchildren=None, recurse=True, subtreeonly=None)
        print('Start Spider scan with user ID: ' + userId +
                '. Scan ID equals: ' + scanId)
        time.sleep(2)
        while (int(spider.status(scanId)) < 100):
            print('Spider progress: ' + spider.status(scanId) + '%')
            time.sleep(2)
        print('Spider scan for user ID ' + userId + ' completed')
    else: 

        scanId = spider.scan(url=target_url, maxchildren=None, recurse=True,
            contextname=None, subtreeonly=None)
    print('Scan ID equals ' + scanId)
    time.sleep(2)
    while (int(spider.status(scanId)) < 100):
        print('Spider progress ' + spider.status(scanId) + '%')
        time.sleep(2)
    print('Spider scan completed')



def start_active_scan(userId,scanPolicyName):
    if useContextForScan:

        scanId = ascan.scan_as_user(url=target_url, contextid=context_id,
                userid=userId, recurse=True, scanpolicyname=scanPolicyName,
                method=None, postdata=True)
        print('Start Active Scan with user ID: ' + userId +
                '. Scan ID equals: ' + scanId)
        time.sleep(2)
        while (int(ascan.status(scanId)) < 100):
            print('Active Scan progress: ' + ascan.status(scanId) + '%')
            time.sleep(2)
        print('Active Scan for user ID ' + userId + ' completed')

    else:

        scanId = zap.ascan.scan(url=target_url, recurse=True, inscopeonly=None,
        scanpolicyname=scanPolicyName, method=None, postdata=True)
    print('Start Active scan. Scan ID equals ' + scanId)
    while (int(ascan.status(scanId)) < 100):
        print('Active Scan progress: ' + ascan.status(scanId) + '%')
        time.sleep(5)
    print('Active Scan completed')


def generationReport():

    time.sleep(5)
    # Report the results
    print('Hosts: ' + ', '.join(zap.core.hosts))
    print('Alerts: ')
    print(zap.core.alerts_summary())
  
    print('HTML report:')
    fHTML=open('zapreport.html', 'w')
    fHTML.write(zap.core.htmlreport())
    fHTML.close() 

    if shutdownOnceFinished:
        pprint('Finish ZAP -> ' + zap.core.shutdown())

# Running ---->
cleanup()   
context_id = zap.context.new_context(context_name) 
set_include_in_context()
set_form_based_auth()
set_logged_in_indicator()
userId = set_user_auth_config()
start_spider(userId)
set_polices_scan(scanPolicyName)
start_active_scan(userId,scanPolicyName)
generationReport()