zapr 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +13 -0
- data/lib/zapr.rb +8 -1
- data/lib/zapr/version.rb +1 -1
- data/lib/zapr/zap.rb +14 -3
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 92f45a3d03cd3a44bc991bdc30055ecb6cc9365c
|
4
|
+
data.tar.gz: ca6fad5edb2c94446ed5a7b1b2d2141a92ffefd9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 10707bf88999c4a791042fdfcb358c47b0f403229e78f4734af5fd8350bf105245e81ec2715a73e913bf811298c60b4af04fcabf43d00c6c634507be2a3b6467
|
7
|
+
data.tar.gz: 183d436e5503bf76e060f9b46ea465bc0fd77235fd283318a340799afac87f2ec148d7bb16ac8d95faeff5c27ad35dd28a93313d8c8c8fa20ecb9383ea5ea756
|
data/README.md
CHANGED
@@ -1,3 +1,10 @@
|
|
1
|
+
[![Dependency
|
2
|
+
Status](https://gemnasium.com/garethr/zapr.svg)](https://gemnasium.com/garethr/zapr)
|
3
|
+
[![Gem
|
4
|
+
Version](https://badge.fury.io/rb/zapr.svg)](http://badge.fury.io/rb/zapr)
|
5
|
+
[![Code
|
6
|
+
Climate](https://codeclimate.com/github/garethr/zapr.png)](https://codeclimate.com/github/garethr/zapr)
|
7
|
+
|
1
8
|
# Zapr
|
2
9
|
|
3
10
|
A command line tool that:
|
@@ -47,6 +54,12 @@ Options:
|
|
47
54
|
-h, --help print help
|
48
55
|
```
|
49
56
|
|
57
|
+
## Example
|
58
|
+
|
59
|
+
An example of Zapr running on
|
60
|
+
[Travis](https://travis-ci.org/garethr/zapr-example) against
|
61
|
+
[Railsgoat](https://github.com/OWASP/railsgoat) can be found at
|
62
|
+
[garethr/zapr-example](https://github.com/garethr/zapr-example).
|
50
63
|
|
51
64
|
|
52
65
|
## Installation
|
data/lib/zapr.rb
CHANGED
@@ -20,6 +20,7 @@ module Zapr
|
|
20
20
|
parameter "TARGET", "Web address to scan and attack with ZAP", :attribute_name => :target
|
21
21
|
|
22
22
|
def execute
|
23
|
+
signal_usage_error "Path to ZAP must be set" unless zap_path
|
23
24
|
signal_usage_error "Path to ZAP does not exist" unless File.file?(zap_path)
|
24
25
|
signal_usage_error "Invalid target URL" unless target =~ /\A#{URI::regexp(['http', 'https'])}\z/
|
25
26
|
begin
|
@@ -27,16 +28,22 @@ module Zapr
|
|
27
28
|
debug? ? zap.start : dev_null { zap.start }
|
28
29
|
zap.spider
|
29
30
|
zap.attack
|
30
|
-
puts summary? ? zap.summary : zap.
|
31
|
+
puts summary? ? zap.summary : zap.pretty_alerts
|
31
32
|
rescue Timeout::Error
|
32
33
|
puts "=====> Timeout".red
|
33
34
|
puts "the execution of the spider or scan took too long"
|
35
|
+
exit 124
|
34
36
|
rescue Exception => e
|
35
37
|
puts "=====> An error occured".red
|
36
38
|
puts e.message
|
39
|
+
puts e.backtrace.join("\n")
|
40
|
+
exit 125
|
37
41
|
ensure
|
38
42
|
zap.shutdown if defined? zap
|
39
43
|
end
|
44
|
+
puts "code is"
|
45
|
+
puts zap.exit_code
|
46
|
+
exit zap.exit_code
|
40
47
|
end
|
41
48
|
|
42
49
|
end
|
data/lib/zapr/version.rb
CHANGED
data/lib/zapr/zap.rb
CHANGED
@@ -40,13 +40,24 @@ module Zapr
|
|
40
40
|
@proxy.shutdown
|
41
41
|
end
|
42
42
|
|
43
|
-
def
|
44
|
-
JSON.pretty_generate(
|
43
|
+
def pretty_alerts
|
44
|
+
JSON.pretty_generate(alerts)
|
45
45
|
end
|
46
46
|
|
47
|
-
def
|
47
|
+
def alerts
|
48
48
|
alerts = JSON.parse(@proxy.alerts.view)['alerts']
|
49
49
|
alerts.sort_by! { |item| item["risk"] }
|
50
|
+
end
|
51
|
+
|
52
|
+
def exit_code
|
53
|
+
high = 0
|
54
|
+
alerts.each do |alert|
|
55
|
+
high += 1 if alert['risk'] == 'High'
|
56
|
+
end
|
57
|
+
return high
|
58
|
+
end
|
59
|
+
|
60
|
+
def summary
|
50
61
|
sorted = alerts.group_by { |item| item["alert"] }
|
51
62
|
Terminal::Table.new :headings => ['Alert', 'Risk', 'URL'] do |t|
|
52
63
|
sorted.each_with_index do |(alert_name, grouped_alerts), index|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: zapr
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Gareth Rushgrove
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-06-
|
11
|
+
date: 2014-06-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|