Skip to content

Commit bcfb5c3

Browse files
pzainopzaino
committed
Daily automated commit
1 parent 84eb8bf commit bcfb5c3

File tree

243 files changed

+128132
-0
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

243 files changed

+128132
-0
lines changed

README.md

+58
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
# ZAProxy Automated Security Tests Collection
2+
This repository contains a collection of scripts to automate ZAP Security Tests.
3+
4+
## Getting Started
5+
6+
To get started simply clone this repository, then browse each sub-directory for details on how to use each automation tool.
7+
8+
Tools on the project root are usable directly.
9+
10+
You can use this repo in conjunction with the Vagrant Kali-Linux base-box you'll find here:
11+
12+
[https://app.vagrantup.com/zfpsystems/boxes/kali-base-x86_64]
13+
14+
to have a full automated build environment and deploy of your testing VM.
15+
16+
### Prerequisites
17+
18+
You need git to clone this repository, obviously. You can get git from
19+
[http://git-scm.com/](http://git-scm.com/).
20+
21+
Scripts are mostly Python scripts so you'll need a Python interpreter installed and fully working.
22+
23+
You'll need ZAProxy installed, you can find the latest release here:
24+
[https://github.com/zaproxy/zaproxy]
25+
26+
You'll need Java VM installed.
27+
28+
### Install
29+
To install the automation tools just clone this repo inside your Kali Linux (or the system you want to use to run ZAProxy):
30+
```
31+
git clone https://github.com/zfpsystems/zap-automation
32+
```
33+
34+
I usually test these tools from /opt/zfpsystems/zap-automaion , but you can use whatever path you prefer.
35+
36+
Tools come with different licenses so please check sub-directory for licenses.
37+
38+
### Reccommendations (yeah read them!)
39+
- DO NOT USE ZAProxy or this ZAProxy automation tools collection to hack web sites and web applications you don't own or you don't have a written permission to pen-test.
40+
41+
- I do not assume any responsabilities for your actions, nor for the content of this repository.
42+
43+
- This automation tools collection sole purpose is to help people (especially the ones who can't afford expensive security solutions) to test security of their web applications and web sites to improve the quality and security of this world and not to make it worst!
44+
45+
### How to help this project
46+
If you have ZAProxy automation scripts you want to include in this collection please feel free, here is how to:
47+
48+
- Create a public github.com repository of your tool, for example JohnWayne-zap-automation
49+
- Add your tool, required dependencies and everything is needed to make it work fine in the repository you have created
50+
- Add a README.md file with instructions on how to install and use your automation tool and your name
51+
- Let me know the URL to your repo and I will add it to the autobuild that generates this collection daily. If your automation tool pass the basic working tests then it will be published on this public repository
52+
- Please note: This is a public and open source repository, so do not add copyrighted stuff that won't allow me to publish your automation tools.
53+
54+
Thanks!
55+
56+
57+
58+

jm-zap-automation/README.md

+41
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
# ZAP Automated Penetration Testing
2+
3+
Node.js script for automated testing using the OWASP ZAP tool, which is an integrated penetration testing tool for finding vulnerabilities in web applications.
4+
5+
6+
## Getting Started
7+
8+
To get you started you can simply clone this repository, install the dependencies, and set your browser up to proxy through ZAP.
9+
10+
### Prerequisites
11+
12+
You need git to clone this repository. You can get git from
13+
[http://git-scm.com/](http://git-scm.com/).
14+
15+
We also use a number of node.js tools to run the script. You must have node.js and
16+
its package manager (npm) installed. You can get them from [http://nodejs.org/](http://nodejs.org/).
17+
18+
You will also need a minimum of Java 7 to run. You can get it from [https://www.java.com/en/](https://www.java.com/en/).
19+
20+
### Clone Project
21+
22+
Clone the project to source tree
23+
24+
### Install Dependencies
25+
26+
Install dependencies via NPM by running the below command while within the source folder.
27+
```
28+
npm install
29+
```
30+
31+
### Proxy Browser
32+
33+
Navigate to `.../resources/`and import the `owasp_zap_root_ca.cer` certificate into your browser. This will allow HTTPS requests to be routed though ZAP.
34+
Next, adjust the browser's proxy settings to point to `localhost:8080`. If you are using Chrome browser, use an extension like SwitchySharp.
35+
36+
### Run the Application
37+
38+
```
39+
npm test
40+
```
41+
Results output to "```zap-test-report.html```"

jm-zap-automation/package.json

+22
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
{
2+
"name": "zap-penetration-test-suite",
3+
"private": true,
4+
"version": "1.0.0",
5+
"description": "Node.js script for automated testing using the OWASP ZAP tool, which is an integrated penetration testing tool for finding vulnerabilities in web applications.",
6+
"main": "penetration.test.js",
7+
"dependencies": {
8+
"async": "^2.1.4",
9+
"cli-progress": "^1.3.0",
10+
"co": "^4.6.0",
11+
"co-prompt": "^1.0.0",
12+
"yield": "^0.0.6-8",
13+
"zaproxy": "^0.2.0"
14+
},
15+
"devDependencies": {},
16+
"scripts": {
17+
"test": "node penetration.test.js"
18+
},
19+
"repository": {},
20+
"author": "James Marcogliese",
21+
"license": "Not yet defined."
22+
}

0 commit comments

Comments
 (0)