stephendonner
Hook up easy-to-read/parse HTML report from ZAP CLI/API scans
Need to get a "pretty-printed" easy-to-read/parse HTML (or similarly-formatted) report from ZAP's scans.
Look at https://renouncedthoughts.wordpress.com/2015/01/13/owasp-zap-workaround-html-report-from-apis-daemon-mode/ and any potential other options.
ZAP's API has a HTML output at http://zap/UI/core/other/htmlreport which can be requested in Python with zap.core.htmlreport(apikey=api_key). I could add HTML as an output format for zap-cli alerts, which currently can only output JSON or the table summary, if that would do the trick (though the HTML report wouldn't be limitable to a certain threshold)? :)
@stephendonner Thanks to Sliim, zap-cli now has a report command that saves the HTML or XML report from the API. :)
That is some kind of awesome, @Grunny - I look forward to checking it out soon (and then integrating it here)!
I am able to run the following commands, but i would like to run them in one liner. is it possible? i want to run the scan and get report in html at the same time
[[email protected]@sb-test-vm ~]$ zap-cli quick-scan -s xss,sqli --spider -r -e "some_regex_pattern" http://demo.testfire.net/
[INFO] Running a quick scan for http://demo.testfire.net/
[INFO] Issues found: 6
+----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
| Alert | Risk | CWE ID | URL |
+==================================+========+==========+==================================================================================================================+
| Cross Site Scripting (Reflected) | High | 79 | http://demo.testfire.net/bank/login.aspx |
+----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
| Cross Site Scripting (Reflected) | High | 79 | http://demo.testfire.net/comment.aspx |
+----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
| Cross Site Scripting (Reflected) | High | 79 | http://demo.testfire.net/notfound.aspx?aspxerrorpath=%3C%2Fb%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Cb%3E |
+----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
| Cross Site Scripting (Reflected) | High | 79 | http://demo.testfire.net/search.aspx?txtSearch=%3C%2Fspan%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Cspan%3E |
+----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
| SQL Injection | High | 89 | http://demo.testfire.net/bank/login.aspx |
+----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
| SQL Injection | High | 89 | http://demo.testfire.net/bank/login.aspx |
+----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
[[email protected]@sb-test-vm ~]$ zap-cli report -o abc.html -f html
[INFO] Report saved to "abc.html"
[[email protected]@sb-test-vm ~]$ ls -l abc.html
-rw-rw-r--. 1 [email protected] [email protected] 58659 Sep 25 16:39 abc.html
[[email protected]@sb-test-vm ~]$ date
Tue Sep 25 16:39:16 EDT 2018
[[email protected]@sb-test-vm ~]$
