Skip to content

Commit d2c52e2

Browse files
author
Daniel Santos
committed
Squashed signed commit for PR 499: new active script to detect open mcp servers
Signed-off-by: Daniel Santos <vovohelo@gmail.com>
1 parent 0e5e22b commit d2c52e2

File tree

9 files changed

+487
-56
lines changed

9 files changed

+487
-56
lines changed

.github/workflows/codeql.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -28,10 +28,10 @@ jobs:
2828
with:
2929
distribution: 'temurin'
3030
java-version: 17
31-
- uses: github/codeql-action/init@v3
31+
- uses: github/codeql-action/init@v4
3232
with:
3333
languages: ${{ matrix.language }}
34-
- uses: github/codeql-action/autobuild@v3
35-
- uses: github/codeql-action/analyze@v3
34+
- uses: github/codeql-action/autobuild@v4
35+
- uses: github/codeql-action/analyze@v4
3636
with:
3737
category: "/language:${{matrix.language}}"

CHANGELOG.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,17 +9,22 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
99
- Variant script 'AddUrlParams.js'
1010
- Extender script 'ScanMonitor.js'
1111
- Active script 'SwaggerSecretDetector.js'
12+
- Active script 'OpenModelContextProtocolServer.js' - Attempts to detect Model Context Protocol (MCP) servers lacking authentication.
1213

1314
### Changed
1415
- Update minimum ZAP version to 2.16.0 and compile with Java 17.
1516
- Add cautionary note to help and readme.
1617
- Maintenance and documentation changes.
18+
- Active and passive READMEs to include lastest JS script examples.
1719

1820
### Fixed
1921
- The following scripts were not being loaded as scan rules:
2022
- active/SSTI.js
2123
- passive/Mutliple Security Header Check.js
2224

25+
### Removed
26+
- Links to videos which no longer exist.
27+
2328
## [19] - 2024-07-01
2429
### Added
2530
- extender/arpSyndicateSubdomainDiscovery.js - uses the API of [ARPSyndicate's Subdomain Center](https://www.subdomain.center/)

README.md

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,4 @@ in the main directory of the project, the add-on will be placed in the directory
3838

3939
## Official Videos
4040

41-
* [ZAP In Ten: Introduction to Scripting](https://play.sonatype.com/watch/7gR4qYzUZ686wEDMBfxGdf) (9:33)
4241
* [ZAP Deep Dive: Scripting ZAP](https://www.youtube.com/watch?v=ujL6rH6nVXI) (28:34)
43-
44-
Note that there are videos for some of the specific script types linked from the relevant READMEs.

0 commit comments

Comments
 (0)