⚡️ Multiple target ZAP Scanning / mzap is a tool for scanning N*N in ZAP.

Concept

1414

Installation

go

go install github.com/hahwul/[email protected]

snapcraft

sudo snap install mzap

homebrew

brew tap hahwul/mzap
brew install mzap

Usage

Usage:
  mzap [command]

Available Commands:
  ajaxspider  Add AjaxSpider ZAP
  ascan       Add ActiveScan ZAP
  help        Help about any command
  spider      Add ZAP spider
  stop        Stop Scanning
  version     Show version

Flags:
      --apikey string   ZAP API Key / if you disable apikey, not use this option
      --apis string     ZAP API Host(s) address
                        e.g --apis http://localhost:8090,http://192.168.0.4:8090 (default "http://localhost:8090")
      --config string   config file (default is $HOME/.mzap.yaml)
  -h, --help            help for mzap
      --urls string     URL list file / e.g --urls hosts.txt

$ mzap spider --urls sample/target.txt --apis

          ,/
        ,'/
      ,' /
    ,'  /_____,
  .'____    ,'                     MZAP
        /  ,'     [ Multiple target/agent ZAP scanning ]
       / ,'       [ v1.3.0 ] [ by @hahwul ]
      /,'
     /'

Jan 26 01:12:00.081 [INFO] [spider] start
Jan 26 01:12:00.088 [INFO] [spider] [http://localhost:8090] [http://testphp.vulnweb.com/] added
Jan 26 01:12:00.090 [INFO] [spider] [http://localhost:8090] [https://www.hahwul.com] added
Jan 26 01:12:00.092 [INFO] [spider] [http://localhost:8090] [https://owasp.org] added
Jan 26 01:12:00.095 [INFO] [spider] [http://localhost:8090] [https://www.zaproxy.org] added
Jan 26 01:12:00.098 [INFO] [spider] [http://localhost:8090] [https://portswigger.net] added
Jan 26 01:12:00.101 [INFO] [spider] [http://localhost:8090] [https://www.hackerone.com] added
Jan 26 01:12:00.103 [INFO] [spider] [http://localhost:8090] [https://www.bugcrowd.com] added
Jan 26 01:12:00.106 [INFO] [spider] [http://localhost:8090] [https://dalfox.hahwul.com] added
Jan 26 01:12:00.108 [INFO] [spider] [http://localhost:8090] [https://authz0.hahwul.com] added

1413 1414

Github action

- name: MZAP Env
  uses: hahwul/[email protected]
  with:
    arguments: 'spider --urls sample/target.txt --apis'

GitHub

View Github