⚡️ Multiple target ZAP Scanning / mzap is a tool for scanning N*N in ZAP.
go install github.com/hahwul/mzap@latest
brew tap hahwul/mzap
brew install mzap
Usage:
mzap [command]
Available Commands:
ajaxspider Add AjaxSpider ZAP
ascan Add ActiveScan ZAP
help Help about any command
spider Add ZAP spider
stop Stop Scanning
version Show version
Flags:
--apikey string ZAP API Key / if you disable apikey, not use this option
--apis string ZAP API Host(s) address
e.g --apis http://localhost:8090,http://192.168.0.4:8090 (default "http://localhost:8090")
--config string config file (default is $HOME/.mzap.yaml)
-h, --help help for mzap
--urls string URL list file / e.g --urls hosts.txt
$ mzap spider --urls sample/target.txt --apis
,/
,'/
,' /
,' /_____,
.'____ ,' MZAP
/ ,' [ Multiple target/agent ZAP scanning ]
/ ,' [ v1.3.1 ] [ by @hahwul ]
/,'
/'
Jan 26 01:12:00.081 [INFO] [spider] start
Jan 26 01:12:00.088 [INFO] [spider] [http://localhost:8090] [http://testphp.vulnweb.com/] added
Jan 26 01:12:00.090 [INFO] [spider] [http://localhost:8090] [https://www.hahwul.com] added
Jan 26 01:12:00.092 [INFO] [spider] [http://localhost:8090] [https://owasp.org] added
Jan 26 01:12:00.095 [INFO] [spider] [http://localhost:8090] [https://www.zaproxy.org] added
Jan 26 01:12:00.098 [INFO] [spider] [http://localhost:8090] [https://portswigger.net] added
Jan 26 01:12:00.101 [INFO] [spider] [http://localhost:8090] [https://www.hackerone.com] added
Jan 26 01:12:00.103 [INFO] [spider] [http://localhost:8090] [https://www.bugcrowd.com] added
Jan 26 01:12:00.106 [INFO] [spider] [http://localhost:8090] [https://dalfox.hahwul.com] added
Jan 26 01:12:00.108 [INFO] [spider] [http://localhost:8090] [https://authz0.hahwul.com] added
- name: MZAP Env
uses: hahwul/mzap@v1.3.1-action
with:
arguments: 'spider --urls sample/target.txt --apis'