Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/hahwul/mzap

⚡️ Multiple target ZAP Scanning
https://github.com/hahwul/mzap

bugbounty dast hacking security zaproxy zaproxy-automation

Last synced: about 1 month ago
JSON representation

⚡️ Multiple target ZAP Scanning

Host: GitHub
URL: https://github.com/hahwul/mzap
Owner: hahwul
License: mit
Created: 2020-08-22T13:42:10.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2023-11-26T13:52:41.000Z (about 1 year ago)
Last Synced: 2024-10-25T01:32:21.195Z (about 2 months ago)
Topics: bugbounty, dast, hacking, security, zaproxy, zaproxy-automation
Language: Go
Homepage:
Size: 138 KB
Stars: 103
Watchers: 4
Forks: 18
Open Issues: 1
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md

Awesome Lists containing this project

awesome-hacking-lists - hahwul/mzap - ⚡️ Multiple target ZAP Scanning (Go)

README

        


  


  

  


  

   

  

  



⚡️ Multiple target ZAP Scanning / mzap is a tool for scanning N*N in ZAP.

## Concept

![1414](https://user-images.githubusercontent.com/13212227/90961636-4a18bb80-e4e5-11ea-9913-a573fe748ce4.png)

## Installation

### go

```

go install github.com/hahwul/mzap@latest

```

### snapcraft

```

sudo snap install mzap

```

### homebrew

```

brew tap hahwul/mzap

brew install mzap

```

## Usage

```

Usage:

  mzap [command]

Available Commands:

  ajaxspider  Add AjaxSpider ZAP

  ascan       Add ActiveScan ZAP

  help        Help about any command

  spider      Add ZAP spider

  stop        Stop Scanning

  version     Show version

Flags:

      --apikey string   ZAP API Key / if you disable apikey, not use this option

      --apis string     ZAP API Host(s) address

                        e.g --apis http://localhost:8090,http://192.168.0.4:8090 (default "http://localhost:8090")

      --config string   config file (default is $HOME/.mzap.yaml)

  -h, --help            help for mzap

      --urls string     URL list file / e.g --urls hosts.txt

```

```

$ mzap spider --urls sample/target.txt --apis

          ,/

        ,'/

      ,' /

    ,'  /_____,

  .'____    ,'                     MZAP

        /  ,'     [ Multiple target/agent ZAP scanning ]

       / ,'       [ v1.3.1 ] [ by @hahwul ]

      /,'

     /'

Jan 26 01:12:00.081 [INFO] [spider] start

Jan 26 01:12:00.088 [INFO] [spider] [http://localhost:8090] [http://testphp.vulnweb.com/] added

Jan 26 01:12:00.090 [INFO] [spider] [http://localhost:8090] [https://www.hahwul.com] added

Jan 26 01:12:00.092 [INFO] [spider] [http://localhost:8090] [https://owasp.org] added

Jan 26 01:12:00.095 [INFO] [spider] [http://localhost:8090] [https://www.zaproxy.org] added

Jan 26 01:12:00.098 [INFO] [spider] [http://localhost:8090] [https://portswigger.net] added

Jan 26 01:12:00.101 [INFO] [spider] [http://localhost:8090] [https://www.hackerone.com] added

Jan 26 01:12:00.103 [INFO] [spider] [http://localhost:8090] [https://www.bugcrowd.com] added

Jan 26 01:12:00.106 [INFO] [spider] [http://localhost:8090] [https://dalfox.hahwul.com] added

Jan 26 01:12:00.108 [INFO] [spider] [http://localhost:8090] [https://authz0.hahwul.com] added

```

![1413](https://user-images.githubusercontent.com/13212227/151013450-985ff38c-5bbf-4a58-b160-58dfebd0bf11.png)

![1414](https://user-images.githubusercontent.com/13212227/90961367-4be17f80-e4e3-11ea-8d9f-68d8ba5d851f.png)

### Github action

```yaml

- name: MZAP Env

  uses: hahwul/[email protected]

  with:

    arguments: 'spider --urls sample/target.txt --apis'

```