Skip to content

Instantly share code, notes, and snippets.

@Grunny

Grunny/Dockerfile-zap-cli

Last active January 11, 2019 13:40
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Grunny/6ea8d48d711c6ad28064 to your computer and use it in GitHub Desktop.
Save Grunny/6ea8d48d711c6ad28064 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Dockerfile-zap-cli
FROM owasp/zap2docker-stable
MAINTAINER grunny
RUN pip install --upgrade git+https://github.com/Grunny/zap-cli.git
RUN chown -R zap /zap/
ENV ZAP_PORT 8080
Raw
Example
# The above Dockerfile can be built with: docker build -t "zap-cli" .
# Example of running a self-contained (-sc) quick scan with only XSS scanners, that starts ZAP with the API key disabled
$ docker run -u zap -i zap-cli zap-cli quick-scan -sc -o '-config api.disablekey=true' -s xss "http://127.0.0.1/index.php?foo=bar"
[INFO] Starting ZAP daemon
[INFO] Running a quick scan for http://127.0.0.1/index.php?foo=bar
[INFO] Issues found: 1
+----------------------------------+--------+----------+--------------------------------------------------------------------------------+
| Alert | Risk | CWE ID | URL |
+==================================+========+==========+================================================================================+
| Cross Site Scripting (Reflected) | High | 79 | http://127.0.0.1/index.php?foo=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E |
+----------------------------------+--------+----------+--------------------------------------------------------------------------------+
[INFO] Shutting down ZAP daemon
@jkugler
Copy link

jkugler commented Apr 17, 2018

Ah! Adding a USER root before the pip RUN fixed it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment