zaproxy 0.0.1 → 0.0.3

data/lib/zap/v2apis/spider.rb

@@ -0,0 +1,293 @@
+# frozen_string_literal: true
+
+class ZAPv2 < ZAP
+  class Spider
+    def initialize(client)
+      @client = client
+    end
+
+    def added_nodes(scan_id)
+      @client.get("/JSON/spider/view/addedNodes/?scanId=#{scan_id}")
+    end
+
+    def all_urls
+      @client.get('/JSON/spider/view/allUrls/')
+    end
+
+    def domains_always_in_scope
+      @client.get('/JSON/spider/view/domainsAlwaysInScope/')
+    end
+
+    def excluded_from_scan
+      @client.get('/JSON/spider/view/excludedFromScan/')
+    end
+
+    def full_results(scan_id)
+      @client.get("/JSON/spider/view/fullResults/?scanId=#{scan_id}")
+    end
+
+    def option_accept_cookies
+      @client.get('/JSON/spider/view/optionAcceptCookies/')
+    end
+
+    def option_domains_always_in_scope
+      @client.get('/JSON/spider/view/optionDomainsAlwaysInScope/')
+    end
+
+    def option_domains_always_in_scope_enabled
+      @client.get('/JSON/spider/view/optionDomainsAlwaysInScopeEnabled/')
+    end
+
+    def option_handle_odata_parameters_visited
+      @client.get('/JSON/spider/view/optionHandleODataParametersVisited/')
+    end
+
+    def option_handle_parameters
+      @client.get('/JSON/spider/view/optionHandleParameters/')
+    end
+
+    def option_max_children
+      @client.get('/JSON/spider/view/optionMaxChildren/')
+    end
+
+    def option_max_depth
+      @client.get('/JSON/spider/view/optionMaxDepth/')
+    end
+
+    def option_max_duration
+      @client.get('/JSON/spider/view/optionMaxDuration/')
+    end
+
+    def option_max_parse_size_bytes
+      @client.get('/JSON/spider/view/optionMaxParseSizeBytes/')
+    end
+
+    def option_max_scans_in_ui
+      @client.get('/JSON/spider/view/optionMaxScansInUI/')
+    end
+
+    def option_parse_comments
+      @client.get('/JSON/spider/view/optionParseComments/')
+    end
+
+    def option_parse_ds_store
+      @client.get('/JSON/spider/view/optionParseDsStore/')
+    end
+
+    def option_parse_git
+      @client.get('/JSON/spider/view/optionParseGit/')
+    end
+
+    def option_parse_robots_txt
+      @client.get('/JSON/spider/view/optionParseRobotsTxt/')
+    end
+
+    def option_parse_svn_entries
+      @client.get('/JSON/spider/view/optionParseSVNEntries/')
+    end
+
+    def option_parse_sitemap_xml
+      @client.get('/JSON/spider/view/optionParseSitemapXml/')
+    end
+
+    def option_post_form
+      @client.get('/JSON/spider/view/optionPostForm/')
+    end
+
+    def option_process_form
+      @client.get('/JSON/spider/view/optionProcessForm/')
+    end
+
+    def option_request_wait_time
+      @client.get('/JSON/spider/view/optionRequestWaitTime/')
+    end
+
+    def option_send_referer_header
+      @client.get('/JSON/spider/view/optionSendRefererHeader/')
+    end
+
+    def option_show_advanced_dialog
+      @client.get('/JSON/spider/view/optionShowAdvancedDialog/')
+    end
+
+    def option_skip_url_string
+      @client.get('/JSON/spider/view/optionSkipURLString/')
+    end
+
+    def option_thread_count
+      @client.get('/JSON/spider/view/optionThreadCount/')
+    end
+
+    def option_user_agent
+      @client.get('/JSON/spider/view/optionUserAgent/')
+    end
+
+    def results(scan_id)
+      @client.get("/JSON/spider/view/results/?scanId=#{scan_id}")
+    end
+
+    def scans
+      @client.get('/JSON/spider/view/scans/')
+    end
+
+    def status(scan_id)
+      @client.get("/JSON/spider/view/status/?scanId=#{scan_id}")
+    end
+
+    def add_domain_always_in_scope(value, is_regex, is_enabled)
+      @client.get("/JSON/spider/action/addDomainAlwaysInScope/?value=#{value}&isRegex=#{is_regex}&isEnabled=#{is_enabled}")
+    end
+
+    def clear_excluded_from_scan
+      @client.get('/JSON/spider/action/clearExcludedFromScan/')
+    end
+
+    def disable_all_domains_always_in_scope
+      @client.get('/JSON/spider/action/disableAllDomainsAlwaysInScope/')
+    end
+
+    def enable_all_domains_always_in_scope
+      @client.get('/JSON/spider/action/enableAllDomainsAlwaysInScope/')
+    end
+
+    def exclude_from_scan(regex)
+      @client.get("/JSON/spider/action/excludeFromScan/?regex=#{regex}")
+    end
+
+    def modify_domain_always_in_scope(index, value, is_regex, is_enabled)
+      @client.get("/JSON/spider/action/modifyDomainAlwaysInScope/?idx=#{index}&value=#{value}&isRegex=#{is_regex}&isEnabled=#{is_enabled}")
+    end
+
+    def pause(scan_id)
+      @client.get("/JSON/spider/action/pause/?scanId=#{scan_id}")
+    end
+
+    def pause_all_scans
+      @client.get('/JSON/spider/action/pauseAllScans/')
+    end
+
+    def remove_all_scans
+      @client.get('/JSON/spider/action/removeAllScans/')
+    end
+
+    def remove_domain_always_in_scope(index)
+      @client.get("/JSON/spider/action/removeDomainAlwaysInScope/?idx=#{index}")
+    end
+
+    def remove_scan(scan_id)
+      @client.get("/JSON/spider/action/removeScan/?scanId=#{scan_id}")
+    end
+
+    def resume(scan_id)
+      @client.get("/JSON/spider/action/resume/?scanId=#{scan_id}")
+    end
+
+    def resume_all_scans
+      @client.get('/JSON/spider/action/resumeAllScans/')
+    end
+
+    def scan(url, max_children, recurse, context_name, subtree_only)
+      @client.get("/JSON/spider/action/scan/?url=#{url}&maxChildren=#{max_children}&recurse=#{recurse}&contextName=#{context_name}&subtreeOnly=#{subtree_only}")
+    end
+
+    def scan_as_user(context_id, user_id, url, max_children, recurse, subtree_only)
+      @client.get("/JSON/spider/action/scanAsUser/?contextId=#{context_id}&userId=#{user_id}&url=#{url}&maxChildren=#{max_children}&recurse=#{recurse}&subtreeOnly=#{subtree_only}")
+    end
+
+    def set_option_accept_cookies(boolean)
+      @client.get("/JSON/spider/action/setOptionAcceptCookies/?Boolean=#{boolean}")
+    end
+
+    def set_option_handle_odata_parameters_visited(boolean)
+      @client.get("/JSON/spider/action/setOptionHandleODataParametersVisited/?Boolean=#{boolean}")
+    end
+
+    def set_option_handle_parameters(string)
+      @client.get("/JSON/spider/action/setOptionHandleParameters/?String=#{string}")
+    end
+
+    def set_option_max_children(integer)
+      @client.get("/JSON/spider/action/setOptionMaxChildren/?Integer=#{integer}")
+    end
+
+    def set_option_max_depth(integer)
+      @client.get("/JSON/spider/action/setOptionMaxDepth/?Integer=#{integer}")
+    end
+
+    def set_option_max_duration(integer)
+      @client.get("/JSON/spider/action/setOptionMaxDuration/?Integer=#{integer}")
+    end
+
+    def set_option_max_parse_size_bytes(integer)
+      @client.get("/JSON/spider/action/setOptionMaxParseSizeBytes/?Integer=#{integer}")
+    end
+
+    def set_option_max_scans_in_ui(integer)
+      @client.get("/JSON/spider/action/setOptionMaxScansInUI/?Integer=#{integer}")
+    end
+
+    def set_option_parse_comments(boolean)
+      @client.get("/JSON/spider/action/setOptionParseComments/?Boolean=#{boolean}")
+    end
+
+    def set_option_parse_ds_store(boolean)
+      @client.get("/JSON/spider/action/setOptionParseDsStore/?Boolean=#{boolean}")
+    end
+
+    def set_option_parse_git(boolean)
+      @client.get("/JSON/spider/action/setOptionParseGit/?Boolean=#{boolean}")
+    end
+
+    def set_option_parse_robots_txt(boolean)
+      @client.get("/JSON/spider/action/setOptionParseRobotsTxt/?Boolean=#{boolean}")
+    end
+
+    def set_option_parse_svn_entries(boolean)
+      @client.get("/JSON/spider/action/setOptionParseSVNEntries/?Boolean=#{boolean}")
+    end
+
+    def set_option_parse_sitemap_xml(boolean)
+      @client.get("/JSON/spider/action/setOptionParseSitemapXml/?Boolean=#{boolean}")
+    end
+
+    def set_option_post_form(boolean)
+      @client.get("/JSON/spider/action/setOptionPostForm/?Boolean=#{boolean}")
+    end
+
+    def set_option_process_form(boolean)
+      @client.get("/JSON/spider/action/setOptionProcessForm/?Boolean=#{boolean}")
+    end
+
+    def set_option_request_wait_time(integer)
+      @client.get("/JSON/spider/action/setOptionRequestWaitTime/?Integer=#{integer}")
+    end
+
+    def set_option_send_referer_header(boolean)
+      @client.get("/JSON/spider/action/setOptionSendRefererHeader/?Boolean=#{boolean}")
+    end
+
+    def set_option_show_advanced_dialog(boolean)
+      @client.get("/JSON/spider/action/setOptionShowAdvancedDialog/?Boolean=#{boolean}")
+    end
+
+    def set_option_skip_url_string(string)
+      @client.get("/JSON/spider/action/setOptionSkipURLString/?String=#{string}")
+    end
+
+    def set_option_thread_count(integer)
+      @client.get("/JSON/spider/action/setOptionThreadCount/?Integer=#{integer}")
+    end
+
+    def set_option_user_agent(string)
+      @client.get("/JSON/spider/action/setOptionUserAgent/?String=#{string}")
+    end
+
+    def stop(scan_id)
+      @client.get("/JSON/spider/action/stop/?scanId=#{scan_id}")
+    end
+
+    def stop_all_scans
+      @client.get('/JSON/spider/action/stopAllScans/')
+    end
+  end
+end

data/lib/zap/v2apis/stats.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+class ZAPv2 < ZAP
+  class Stats
+    def initialize(client)
+      @client = client
+    end
+
+    def all_sites_stats(key_prefix)
+      @client.get("/JSON/stats/view/allSitesStats/?keyPrefix=#{key_prefix}")
+    end
+
+    def option_in_memory_enabled
+      @client.get('/JSON/stats/view/optionInMemoryEnabled/')
+    end
+
+    def option_statsd_enabled
+      @client.get('/JSON/stats/view/optionStatsdEnabled/')
+    end
+
+    def option_statsd_host
+      @client.get('/JSON/stats/view/optionStatsdHost/')
+    end
+
+    def option_statsd_port
+      @client.get('/JSON/stats/view/optionStatsdPort/')
+    end
+
+    def option_statsd_prefix
+      @client.get('/JSON/stats/view/optionStatsdPrefix/')
+    end
+
+    def site_stats(site, key_prefix)
+      @client.get("/JSON/stats/view/siteStats/?site=#{site}&keyPrefix=#{key_prefix}")
+    end
+
+    def stats(key_prefix)
+      @client.get("/JSON/stats/view/stats/?keyPrefix=#{key_prefix}")
+    end
+
+    def clear_stats(key_prefix)
+      @client.get("/JSON/stats/action/clearStats/?keyPrefix=#{key_prefix}")
+    end
+
+    def set_option_in_memory_enabled(boolean)
+      @client.get("/JSON/stats/action/setOptionInMemoryEnabled/?boolean=#{boolean}")
+    end
+
+    def set_option_statsd_host(string)
+      @client.get("/JSON/stats/action/setOptionStatsdHost/?String=#{string}")
+    end
+
+    def set_option_statsd_port(integer)
+      @client.get("/JSON/stats/action/setOptionStatsdPort/?Integer=#{integer}")
+    end
+
+    def set_option_statsd_prefix(string)
+      @client.get("/JSON/stats/action/setOptionStatsdPrefix/?String=#{string}")
+    end
+  end
+end

data/lib/zap/v2apis/users.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+class ZAPv2 < ZAP
+  class Users
+    def initialize(client)
+      @client = client
+    end
+
+    def get_authentication_credentials(contextid, userid)
+      @client.get("/JSON/users/view/getAuthenticationCredentials/?contextId=#{contextid}&userId=#{userid}")
+    end
+
+    def get_authentication_credentials_config_params(contextid)
+      @client.get("/JSON/users/view/getAuthenticationCredentialsConfigParams/?contextId=#{contextid}")
+    end
+
+    def get_authentication_session(contextid, userid)
+      @client.get("/JSON/users/view/getAuthenticationSession/?contextId=#{contextid}&userId=#{userid}")
+    end
+
+    def get_authentication_state(contextid, userid)
+      @client.get("/JSON/users/view/getAuthenticationState/?contextId=#{contextid}&userId=#{userid}")
+    end
+
+    def get_user_by_id(contextid, userid)
+      @client.get("/JSON/users/view/getUserById/?contextId=#{contextid}&userId=#{userid}")
+    end
+
+    def users_list(contextid)
+      @client.get("/JSON/users/view/usersList/?contextId=#{contextid}")
+    end
+
+    def authenticate_as_user(contextid, userid)
+      @client.get("/JSON/users/action/authenticateAsUser/?contextId=#{contextid}&userId=#{userid}")
+    end
+
+    def new_user(contextid, name)
+      @client.get("/JSON/users/action/newUser/?contextId=#{contextid}&name=#{name}")
+    end
+
+    def poll_as_user(contextid, userid)
+      @client.get("/JSON/users/action/pollAsUser/?contextId=#{contextid}&userId=#{userid}")
+    end
+
+    def remove_user(contextid, userid)
+      @client.get("/JSON/users/action/removeUser/?contextId=#{contextid}&userId=#{userid}")
+    end
+
+    def set_authentication_credentials(contextid, userid, authcredentialsconfigparams)
+      @client.get("/JSON/users/action/setAuthenticationCredentials/?contextId=#{contextid}&userId=#{userid}&authCredentialsConfigParams=#{authcredentialsconfigparams}")
+    end
+
+    def set_authentication_state(contextid, userid, lastpollresult, lastpolltimeinms, requestssincelastpoll)
+      @client.get("/JSON/users/action/setAuthenticationState/?contextId=#{contextid}&userId=#{userid}&lastPollResult=#{lastpollresult}&lastPollTimeInMs=#{lastpolltimeinms}&requestsSinceLastPoll=#{requestssincelastpoll}")
+    end
+
+    def set_cookie(contextid, userid, domain, name, value, path, secure)
+      @client.get("/JSON/users/action/setCookie/?contextId=#{contextid}&userId=#{userid}&domain=#{domain}&name=#{name}&value=#{value}&path=#{path}&secure=#{secure}")
+    end
+
+    def set_user_enabled(contextid, userid, enabled)
+      @client.get("/JSON/users/action/setUserEnabled/?contextId=#{contextid}&userId=#{userid}&enabled=#{enabled}")
+    end
+
+    def set_user_name(contextid, userid, name)
+      @client.get("/JSON/users/action/setUserName/?contextId=#{contextid}&userId=#{userid}&name=#{name}")
+    end
+  end
+end

data/lib/zap/v2apis/wappalyzer.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+class ZAPv2 < ZAP
+  class Wappalyzer
+    def initialize(client)
+      @client = client
+    end
+
+    def list_all
+      @client.get('/JSON/wappalyzer/view/listAll/')
+    end
+
+    def list_site(site)
+      @client.get("/JSON/wappalyzer/view/listSite/?site=#{site}")
+    end
+
+    def list_sites
+      @client.get('/JSON/wappalyzer/view/listSites/')
+    end
+  end
+end

data/lib/zap/v2apis/websocket.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+class ZAPv2 < ZAP
+  class Websocket
+    def initialize(client)
+      @client = client
+    end
+
+    def break_text_message
+      @client.get('/JSON/websocket/view/breakTextMessage/')
+    end
+
+    def channels
+      @client.get('/JSON/websocket/view/channels/')
+    end
+
+    def message(channelid, messageid)
+      @client.get("/JSON/websocket/view/message/?channelId=#{channelid}&messageId=#{messageid}")
+    end
+
+    def messages(channelid, start, count, payloadpreviewlength)
+      @client.get("/JSON/websocket/view/messages/?channelId=#{channelid}&start=#{start}&count=#{count}&payloadPreviewLength=#{payloadpreviewlength}")
+    end
+
+    def send_text_message(channelid, outgoing, message)
+      @client.get("/JSON/websocket/action/sendTextMessage/?channelId=#{channelid}&outgoing=#{outgoing}&message=#{message}")
+    end
+
+    def set_break_text_message(message, outgoing)
+      @client.get("/JSON/websocket/action/setBreakTextMessage/?message=#{message}&outgoing=#{outgoing}")
+    end
+  end
+end

data/lib/zap/zap.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+require 'net/http'
+require_relative 'result'
+
+class ZAP
+  API_KEY_DEFAULT = ''
+
+  def initialize(endpoint: 'http://localhost:8080', apikey: API_KEY_DEFAULT)
+    @endpoint = endpoint
+    @api_client = API.new(endpoint, apikey)
+  end
+
+  attr_reader :api
+
+  class API
+    def initialize(endpoint, apikey)
+      @url = URI.parse(endpoint)
+      @http = Net::HTTP.new(@url.host, @url.port)
+      @apikey = apikey
+    end
+
+    def get(path)
+      request = build_request(Net::HTTP::Get, path)
+      response = send_request(request)
+      if response.code == '200'
+        Result.new(true, response.body)
+      else
+        Result.new(false, response.body)
+      end
+    end
+
+    def post(path, data)
+      request = build_request(Net::HTTP::Post, path)
+      request.set_form_data(data)
+      response = send_request(request)
+      if response.code == '200'
+        Result.new(true, response.body)
+      else
+        Result.new(false, response.body)
+      end
+    end
+
+    def delete(path)
+      request = build_request(Net::HTTP::Delete, path)
+      response = send_request(request)
+      if response.code == '200'
+        Result.new(true, response.body)
+      else
+        Result.new(false, response.body)
+      end
+    end
+
+    def put(path, data)
+      request = build_request(Net::HTTP::Put, path)
+      request.set_form_data(data)
+      response = send_request(request)
+      if response.code == '200'
+        Result.new(true, response.body)
+      else
+        Result.new(false, response.body)
+      end
+    end
+
+    private
+
+    def build_request(request_type, path)
+      request = request_type.new(path)
+      request['X-ZAP-API-Key'] = @apikey unless @apikey.empty?
+      request
+    end
+
+    def send_request(request)
+      @http.request(request)
+    end
+  end
+end

data/lib/zap/zapv2.rb

@@ -0,0 +1,102 @@
+# frozen_string_literal: true
+
+require_relative 'zap'
+require_relative 'v2apis/access_control'
+require_relative 'v2apis/acsrf'
+require_relative 'v2apis/ajax_spider'
+require_relative 'v2apis/alert'
+require_relative 'v2apis/alert_filter'
+require_relative 'v2apis/ascan'
+require_relative 'v2apis/authentication'
+require_relative 'v2apis/authorization'
+require_relative 'v2apis/automation'
+require_relative 'v2apis/autoupdate'
+require_relative 'v2apis/break'
+require_relative 'v2apis/client'
+require_relative 'v2apis/context'
+require_relative 'v2apis/core'
+require_relative 'v2apis/exim'
+require_relative 'v2apis/forced_user'
+require_relative 'v2apis/graphql'
+require_relative 'v2apis/http_sessions'
+require_relative 'v2apis/hud'
+require_relative 'v2apis/import_urls'
+require_relative 'v2apis/keyboard'
+require_relative 'v2apis/local_proxies'
+require_relative 'v2apis/network'
+require_relative 'v2apis/openapi'
+require_relative 'v2apis/params'
+require_relative 'v2apis/pnh'
+require_relative 'v2apis/postman'
+require_relative 'v2apis/pscan'
+require_relative 'v2apis/quickstartlaunch'
+require_relative 'v2apis/replacer'
+require_relative 'v2apis/reports'
+require_relative 'v2apis/reveal'
+require_relative 'v2apis/retest'
+require_relative 'v2apis/revisit'
+require_relative 'v2apis/rule_config'
+require_relative 'v2apis/script'
+require_relative 'v2apis/search'
+require_relative 'v2apis/selenium'
+require_relative 'v2apis/session_management'
+require_relative 'v2apis/soap'
+require_relative 'v2apis/spider'
+require_relative 'v2apis/stats'
+require_relative 'v2apis/users'
+require_relative 'v2apis/wappalyzer'
+require_relative 'v2apis/websocket'
+
+class ZAPv2 < ZAP
+  attr_reader :access_control, :acsrf, :ajax_spider, :alert, :alert_filter, :ascan, :authentication, :authorization, :automation, :autoupdate, :break, :client, :context, :core, :exim, :forced_user, :graphql, :http_sessions, :hud, :import_urls, :keyboard, :local_proxies, :network, :openapi, :params, :pnh, :postman, :pscan, :quickstartlaunch, :replacer, :reports, :reveal, :retest, :revisit, :rule_config, :script, :search, :selenium, :session_management, :soap, :spider, :stats, :users, :wappalyzer, :websocket
+
+  def initialize(endpoint: 'http://localhost:8080', apikey: API_KEY_DEFAULT)
+    super endpoint: endpoint, apikey: apikey
+
+    @access_control = AccessControl.new @api_client
+    @acsrf = Acsrf.new @api_client
+    @ajax_spider = AjaxSpider.new @api_client
+    @alert = Alert.new @api_client
+    @alert_filter = AlertFilter.new @api_client
+    @ascan = Ascan.new @api_client
+    @authentication = Authentication.new @api_client
+    @authorization = Authorization.new @api_client
+    @automation = Automation.new @api_client
+    @autoupdate = Autoupdate.new @api_client
+    @break = Break.new @api_client
+    @client = Client.new @api_client
+    @context = Context.new @api_client
+    @core = Core.new @api_client
+    @exim = Exim.new @api_client
+    @forced_user = ForcedUser.new @api_client
+    @graphql = GraphQL.new @api_client
+    @http_sessions = HTTPSessions.new @api_client
+    @hud = HUD.new @api_client
+    @import_urls = ImportURLs.new @api_client
+    @keyboard = Keyboard.new @api_client
+    @local_proxies = LocalProxies.new @api_client
+    @network = Network.new @api_client
+    @openapi = OpenAPI.new @api_client
+    @params = Params.new @api_client
+    @pnh = PnH.new @api_client
+    @postman = Postman.new @api_client
+    @pscan = Pscan.new @api_client
+    @quickstartlaunch = QuickStartLaunch.new @api_client
+    @replacer = Replacer.new @api_client
+    @reports = Reports.new @api_client
+    @retest = Retest.new @api_client
+    @reveal = Reveal.new @api_client
+    @revisit = Revisit.new @api_client
+    @rule_config = RuleConfig.new @api_client
+    @script = Script.new @api_client
+    @search = Search.new @api_client
+    @selenium = Selenium.new @api_client
+    @session_management = SessionManagement.new @api_client
+    @soap = Soap.new @api_client
+    @spider = Spider.new @api_client
+    @stats = Stats.new @api_client
+    @users = Users.new @api_client
+    @wappalyzer = Wappalyzer.new @api_client
+    @websocket = Websocket.new @api_client
+  end
+end

data/lib/zaproxy.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require_relative 'zap/zapv2'