secfigo · August 5, 2018 22:32
diff --git a/zap-scan.py b/zap-scan.py
 #!/usr/bin/env python3
 import time

 from pprint import pprint
 from zapv2 import ZAPv2 as ZAP

 from selenium import webdriver
 from selenium.webdriver.common.keys import Keys
 from selenium.webdriver.firefox.options import Options
 from selenium.webdriver.common.proxy import Proxy, ProxyType

 #Declarations
 browser_proxy = "127.0.0.1"
 browser_proxy_port = 8080
 #zap_proxy =
 target = "http://10.0.1.22:8000"
 #apikey = 'changeme'


 print("Started ZAP Scan")

 #non API
 zap = ZAP(proxies={'http': 'http://127.0.0.1:8080', 'https':'https://127.0.0.1:8080'})
 #enable whtn APIkey is being used.
 #zap = ZAPv2(apikey=apikey, proxies={'http': 'http://127.0.0.1:8080', 'https':'https://127.0.0.1:8080'})

 ##Selenium Section Start
 #arguments for running firefox headless
 options = Options()
 options.add_argument("--headless")

 #configure firefoxproxy through FirefoxProfile, 1 for manual proxy, to redirect selenium traffic
 # through a zap proxy.
 profile = webdriver.FirefoxProfile()
 profile.set_preference('network.proxy.type', 1)
 profile.set_preference('network.proxy.http', browser_proxy)
 profile.set_preference('network.proxy.http_port', browser_proxy_port)
 profile.update_preferences()

 #invoking firefox driver                                                                        	 
 driver=webdriver.Firefox(firefox_profile=profile, firefox_options=options)

 #the following selenium script is specifically written for the djangonv.. Please modify it according to your website

 print("Started Djangonv Selenium Script \n")

 #signup
 driver.get(target + '/taskManager/register/')

 #enter the username, password, firstname,lastname etc.
 driver.find_element_by_id("id_username").send_keys('user10')
 driver.find_element_by_id('id_first_name').send_keys('user')
 driver.find_element_by_id('id_last_name').send_keys('user')
 driver.find_element_by_id('id_email').send_keys('[email protected]')
 driver.find_element_by_id("id_password").send_keys('user123')
 submit=driver.find_element_by_css_selector('.btn.btn-danger').click()

 #login
 driver.get(target + '/taskManager/login/')
 driver.find_element_by_id('username').send_keys('user10')
 driver.find_element_by_name('password').send_keys('user123')
 submit=driver.find_element_by_xpath("//button[@type='submit']")
 submit.click()

 #spider the URL's
 driver.get(target + "/taskManager/dashboard/")
 driver.get(target +"/taskManager/task_list/")
 driver.get(target + "/taskManager/project_list/")
 driver.get(target + "/taskManager/search/")

 #editing some data for better scan results
 driver.get(target + "/taskManager/profile/")
 driver.find_element_by_name('first_name').send_keys('firstroot')
 driver.find_element_by_name('last_name').send_keys('lastroot')
 driver.find_element_by_xpath("//button[@type='submit']").click()

 time.sleep(2)
 driver.close()

 print("Djangonv Selenium Spidering End")

 ## End of Selenium section

 print('Accessing the target {}'.format(target))
 zap.urlopen(target)
 time.sleep(2)

 print('Continuing the ZAP Spidering')
 scanid = zap.spider.scan(target)
 time.sleep(2)
 while(int(zap.spider.status(scanid))<100):
 	print('Spider progress %: {}'.format(zap.spider.status(scanid)))
 	time.sleep(5)

 print('Active Scanning started on target {}'.format(target))
 scanid = zap.ascan.scan(target)
 while(int(zap.ascan.status(scanid))<100):
 	print(' Active scan is still %: {}'.format(zap.ascan.status(scanid)))
 	time.sleep(10)

 print ('Active Scan Completed')

 print ('Hosts Scanned: {}'.format(', '.join(zap.core.hosts)))
 print ('Writing ZAP Alerts: ')
 print (zap.core.alerts())
 print("ZAP Scan is successfully done.")
	#!/usr/bin/env python3
	import time

	from pprint import pprint
	from zapv2 import ZAPv2 as ZAP

	from selenium import webdriver
	from selenium.webdriver.common.keys import Keys
	from selenium.webdriver.firefox.options import Options
	from selenium.webdriver.common.proxy import Proxy, ProxyType

	#Declarations
	browser_proxy = "127.0.0.1"
	browser_proxy_port = 8080
	#zap_proxy =
	target = "http://10.0.1.22:8000"
	#apikey = 'changeme'


	print("Started ZAP Scan")

	#non API
	zap = ZAP(proxies={'http': 'http://127.0.0.1:8080', 'https':'https://127.0.0.1:8080'})
	#enable whtn APIkey is being used.
	#zap = ZAPv2(apikey=apikey, proxies={'http': 'http://127.0.0.1:8080', 'https':'https://127.0.0.1:8080'})

	##Selenium Section Start
	#arguments for running firefox headless
	options = Options()
	options.add_argument("--headless")

	#configure firefoxproxy through FirefoxProfile, 1 for manual proxy, to redirect selenium traffic
	# through a zap proxy.
	profile = webdriver.FirefoxProfile()
	profile.set_preference('network.proxy.type', 1)
	profile.set_preference('network.proxy.http', browser_proxy)
	profile.set_preference('network.proxy.http_port', browser_proxy_port)
	profile.update_preferences()

	#invoking firefox driver
	driver=webdriver.Firefox(firefox_profile=profile, firefox_options=options)

	#the following selenium script is specifically written for the djangonv.. Please modify it according to your website

	print("Started Djangonv Selenium Script \n")

	#signup
	driver.get(target + '/taskManager/register/')

	#enter the username, password, firstname,lastname etc.
	driver.find_element_by_id("id_username").send_keys('user10')
	driver.find_element_by_id('id_first_name').send_keys('user')
	driver.find_element_by_id('id_last_name').send_keys('user')
	driver.find_element_by_id('id_email').send_keys('[email protected]')
	driver.find_element_by_id("id_password").send_keys('user123')
	submit=driver.find_element_by_css_selector('.btn.btn-danger').click()

	#login
	driver.get(target + '/taskManager/login/')
	driver.find_element_by_id('username').send_keys('user10')
	driver.find_element_by_name('password').send_keys('user123')
	submit=driver.find_element_by_xpath("//button[@type='submit']")
	submit.click()

	#spider the URL's
	driver.get(target + "/taskManager/dashboard/")
	driver.get(target +"/taskManager/task_list/")
	driver.get(target + "/taskManager/project_list/")
	driver.get(target + "/taskManager/search/")

	#editing some data for better scan results
	driver.get(target + "/taskManager/profile/")
	driver.find_element_by_name('first_name').send_keys('firstroot')
	driver.find_element_by_name('last_name').send_keys('lastroot')
	driver.find_element_by_xpath("//button[@type='submit']").click()

	time.sleep(2)
	driver.close()

	print("Djangonv Selenium Spidering End")

	## End of Selenium section

	print('Accessing the target {}'.format(target))
	zap.urlopen(target)
	time.sleep(2)

	print('Continuing the ZAP Spidering')
	scanid = zap.spider.scan(target)
	time.sleep(2)
	while(int(zap.spider.status(scanid))<100):
	print('Spider progress %: {}'.format(zap.spider.status(scanid)))
	time.sleep(5)

	print('Active Scanning started on target {}'.format(target))
	scanid = zap.ascan.scan(target)
	while(int(zap.ascan.status(scanid))<100):
	print(' Active scan is still %: {}'.format(zap.ascan.status(scanid)))
	time.sleep(10)

	print ('Active Scan Completed')

	print ('Hosts Scanned: {}'.format(', '.join(zap.core.hosts)))
	print ('Writing ZAP Alerts: ')
	print (zap.core.alerts())
	print("ZAP Scan is successfully done.")