chrisdlangton/zap.sh

## zap.sh
#!/usr/bin/env bash

# Usage: /usr/local/bin/zap <target domain> <baseline|full-scan|api-scan> <arguments>
# environment variables;
# ZAP_EXTRA_ARGS        Add more arguments to the zap python script
# ZAP_EXTRA_OPTS        Add more options to the zap java proxy
# ZAP_WORKDIR           Where to store logs and reports
# ZAP_DOCKER_NAME       Name the docker container

TYPE=$2
DOMAIN=$(echo "$1" | sed -e "s/[^/]*\/\/\([^@]*@\)\?\([^:/]*\).*/\2/")
if [[ -z "${DOMAIN}" ]]; then
    echo "target domain not set"
    return 0
fi
shift

if [[ -z "$ZAP_WORKDIR" ]]; then
    ZAP_WORKDIR=$(pwd)
fi
if [[ -z "$ZAP_DOCKER_NAME" ]]; then
    ZAP_DOCKER_NAME=zap
fi
SCRIPT_ARGS="-r ${DOMAIN}.html -J ${DOMAIN}.json -s -j -a -l WARN -m 5 ${ZAP_EXTRA_ARGS}"
ZAP_OPTS="-config database.recoverylog=false -addoninstallall ${ZAP_EXTRA_OPTS}"
SCRIPT=zap-baseline.py
if [[ ! -z "$TYPE" ]]; then
    shift
    if [[ "${TYPE}" == 'baseline' || "${TYPE}" == 'api-scan' ]]; then
        SCRIPT=zap-${TYPE}.py
        SCRIPT_ARGS="${SCRIPT_ARGS} -I"
    fi
    if [[ "${TYPE}" == 'full-scan' ]]; then
      SCRIPT=zap-${TYPE}.py
      SCRIPT_ARGS="${SCRIPT_ARGS} -T 15"
    fi
fi

if [[ $(wget -S --spider https://${DOMAIN} 2>&1 | grep 'HTTP/1.1 200 OK') ]]; then
    DOMAIN_PROTO=https://
else
    DOMAIN_PROTO=http://
fi
RUNTIME='runsc'
if [[ -z "$(which runsc 2>/dev/null)" ]]; then
    RUNTIME='runc'
fi

mkdir -p ${ZAP_WORKDIR}/reports ${ZAP_WORKDIR}/.ZAP
docker stop ${ZAP_DOCKER_NAME} >/dev/null 2>&1
docker rm ${ZAP_DOCKER_NAME} >/dev/null 2>&1
docker run \
    --runtime $RUNTIME \
    --name ${ZAP_DOCKER_NAME} \
    --mount type=bind,src=${ZAP_WORKDIR}/reports,dst=/zap/wrk/ \
    --mount type=bind,src=${ZAP_WORKDIR}/.ZAP,dst=/zap/.ZAP \
    --cap-drop ALL \
    --cap-add DAC_OVERRIDE \
    -t owasp/zap2docker-weekly /zap/${SCRIPT} \
        -t ${DOMAIN_PROTO}${DOMAIN} ${SCRIPT_ARGS} -z "${ZAP_OPTS}" $@ >${ZAP_WORKDIR}/reports/${DOMAIN}.log 2>&1
err=$?
if [[ -f ${ZAP_WORKDIR}/reports/${DOMAIN}.html ]]; then
    xdg-open ${ZAP_WORKDIR}/reports/${DOMAIN}.html >/dev/null 2>&1
elif [[ -f ${ZAP_WORKDIR}/reports/${DOMAIN}.log ]]; then
    xdg-open ${ZAP_WORKDIR}/reports/${DOMAIN}.log
fi
exit ${err}
	#!/usr/bin/env bash

	# Usage: /usr/local/bin/zap <target domain> <baseline\|full-scan\|api-scan> <arguments>
	# environment variables;
	# ZAP_EXTRA_ARGS Add more arguments to the zap python script
	# ZAP_EXTRA_OPTS Add more options to the zap java proxy
	# ZAP_WORKDIR Where to store logs and reports
	# ZAP_DOCKER_NAME Name the docker container

	TYPE=$2
	DOMAIN=$(echo "$1" \| sed -e "s/[^/]\/\/\([^@]@\)\?\([^:/]\)./\2/")
	if [[ -z "${DOMAIN}" ]]; then
	echo "target domain not set"
	return 0
	fi
	shift

	if [[ -z "$ZAP_WORKDIR" ]]; then
	ZAP_WORKDIR=$(pwd)
	fi
	if [[ -z "$ZAP_DOCKER_NAME" ]]; then
	ZAP_DOCKER_NAME=zap
	fi
	SCRIPT_ARGS="-r ${DOMAIN}.html -J ${DOMAIN}.json -s -j -a -l WARN -m 5 ${ZAP_EXTRA_ARGS}"
	ZAP_OPTS="-config database.recoverylog=false -addoninstallall ${ZAP_EXTRA_OPTS}"
	SCRIPT=zap-baseline.py
	if [[ ! -z "$TYPE" ]]; then
	shift
	if [[ "${TYPE}" == 'baseline' \|\| "${TYPE}" == 'api-scan' ]]; then
	SCRIPT=zap-${TYPE}.py
	SCRIPT_ARGS="${SCRIPT_ARGS} -I"
	fi
	if [[ "${TYPE}" == 'full-scan' ]]; then
	SCRIPT=zap-${TYPE}.py
	SCRIPT_ARGS="${SCRIPT_ARGS} -T 15"
	fi
	fi

	if [[ $(wget -S --spider https://${DOMAIN} 2>&1 \| grep 'HTTP/1.1 200 OK') ]]; then
	DOMAIN_PROTO=https://
	else
	DOMAIN_PROTO=http://
	fi
	RUNTIME='runsc'
	if [[ -z "$(which runsc 2>/dev/null)" ]]; then
	RUNTIME='runc'
	fi

	mkdir -p ${ZAP_WORKDIR}/reports ${ZAP_WORKDIR}/.ZAP
	docker stop ${ZAP_DOCKER_NAME} >/dev/null 2>&1
	docker rm ${ZAP_DOCKER_NAME} >/dev/null 2>&1
	docker run \
	--runtime $RUNTIME \
	--name ${ZAP_DOCKER_NAME} \
	--mount type=bind,src=${ZAP_WORKDIR}/reports,dst=/zap/wrk/ \
	--mount type=bind,src=${ZAP_WORKDIR}/.ZAP,dst=/zap/.ZAP \
	--cap-drop ALL \
	--cap-add DAC_OVERRIDE \
	-t owasp/zap2docker-weekly /zap/${SCRIPT} \
	-t ${DOMAIN_PROTO}${DOMAIN} ${SCRIPT_ARGS} -z "${ZAP_OPTS}" $@ >${ZAP_WORKDIR}/reports/${DOMAIN}.log 2>&1
	err=$?
	if [[ -f ${ZAP_WORKDIR}/reports/${DOMAIN}.html ]]; then
	xdg-open ${ZAP_WORKDIR}/reports/${DOMAIN}.html >/dev/null 2>&1
	elif [[ -f ${ZAP_WORKDIR}/reports/${DOMAIN}.log ]]; then
	xdg-open ${ZAP_WORKDIR}/reports/${DOMAIN}.log
	fi
	exit ${err}