diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5119d09..1bbadad 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,7 +3,9 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
-## [Unreleased]
+## [0.4.0] - 2025-01-20
+### Changed
+- Update APIs for 2.16.
## [0.3.2] - 2024-06-04
### Fixed
@@ -181,7 +183,7 @@ ensure it's automatically sent in all API requests.
### Changed
- Moved from the main `zaproxy` repository.
-[Unreleased]: https://github.com/zaproxy/zap-api-python/compare/0.3.2...HEAD
+[0.4.0]: https://github.com/zaproxy/zap-api-python/compare/0.3.2...0.4.0
[0.3.2]: https://github.com/zaproxy/zap-api-python/compare/0.3.1...0.3.2
[0.3.1]: https://github.com/zaproxy/zap-api-python/compare/0.3.0...0.3.1
[0.3.0]: https://github.com/zaproxy/zap-api-python/compare/0.2.0...0.3.0
diff --git a/src/zapv2/__init__.py b/src/zapv2/__init__.py
index 86cdc4c..4211f6c 100644
--- a/src/zapv2/__init__.py
+++ b/src/zapv2/__init__.py
@@ -45,6 +45,7 @@
from .httpSessions import httpSessions
from .localProxies import localProxies
from .network import network
+from .oast import oast
from .openapi import openapi
from .params import params
from .pnh import pnh
@@ -111,6 +112,7 @@ def __init__(self, proxies=None, apikey=None, validate_status_code=False):
self.httpsessions = httpSessions(self)
self.localProxies = localProxies(self)
self.network = network(self)
+ self.oast = oast(self)
self.openapi = openapi(self)
self.params = params(self)
self.pnh = pnh(self)
diff --git a/src/zapv2/accessControl.py b/src/zapv2/accessControl.py
index abec542..f20fd74 100644
--- a/src/zapv2/accessControl.py
+++ b/src/zapv2/accessControl.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/acsrf.py b/src/zapv2/acsrf.py
index b32fdda..5dfcdb6 100644
--- a/src/zapv2/acsrf.py
+++ b/src/zapv2/acsrf.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/ajaxSpider.py b/src/zapv2/ajaxSpider.py
index 66db520..c32eb14 100644
--- a/src/zapv2/ajaxSpider.py
+++ b/src/zapv2/ajaxSpider.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -150,6 +150,13 @@ def option_click_elems_once(self):
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'ajaxSpider/view/optionClickElemsOnce/')))
+ @property
+ def option_enable_extensions(self):
+ """
+ This component is optional and therefore the API will only work if it is installed
+ """
+ return six.next(six.itervalues(self.zap._request(self.zap.base + 'ajaxSpider/view/optionEnableExtensions/')))
+
@property
def option_random_inputs(self):
"""
@@ -283,6 +290,12 @@ def set_option_click_elems_once(self, boolean, apikey=''):
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'ajaxSpider/action/setOptionClickElemsOnce/', {'Boolean': boolean})))
+ def set_option_enable_extensions(self, boolean, apikey=''):
+ """
+ This component is optional and therefore the API will only work if it is installed
+ """
+ return six.next(six.itervalues(self.zap._request(self.zap.base + 'ajaxSpider/action/setOptionEnableExtensions/', {'Boolean': boolean})))
+
def set_option_event_wait(self, integer, apikey=''):
"""
Sets the time to wait after an event (in milliseconds). For example: the wait delay after the cursor hovers over an element, in order for a menu to display, etc.
diff --git a/src/zapv2/alert.py b/src/zapv2/alert.py
index 6f9530c..e14d540 100644
--- a/src/zapv2/alert.py
+++ b/src/zapv2/alert.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/alertFilter.py b/src/zapv2/alertFilter.py
index d307ea3..d380c1e 100644
--- a/src/zapv2/alertFilter.py
+++ b/src/zapv2/alertFilter.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/ascan.py b/src/zapv2/ascan.py
index 6c9806f..3c5aa2d 100644
--- a/src/zapv2/ascan.py
+++ b/src/zapv2/ascan.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/authentication.py b/src/zapv2/authentication.py
index 72658cc..c724e43 100644
--- a/src/zapv2/authentication.py
+++ b/src/zapv2/authentication.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/authorization.py b/src/zapv2/authorization.py
index 29ba335..05bcaa3 100644
--- a/src/zapv2/authorization.py
+++ b/src/zapv2/authorization.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/automation.py b/src/zapv2/automation.py
index 21f2280..1f67906 100644
--- a/src/zapv2/automation.py
+++ b/src/zapv2/automation.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/autoupdate.py b/src/zapv2/autoupdate.py
index 1275a11..00802a1 100644
--- a/src/zapv2/autoupdate.py
+++ b/src/zapv2/autoupdate.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/brk.py b/src/zapv2/brk.py
index a3e0297..7f27b1d 100644
--- a/src/zapv2/brk.py
+++ b/src/zapv2/brk.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/context.py b/src/zapv2/context.py
index 87f1289..e2d9db6 100644
--- a/src/zapv2/context.py
+++ b/src/zapv2/context.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/core.py b/src/zapv2/core.py
index 9f8ea34..43030d7 100644
--- a/src/zapv2/core.py
+++ b/src/zapv2/core.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/custompayloads.py b/src/zapv2/custompayloads.py
index ea4cf78..5ebc3b1 100644
--- a/src/zapv2/custompayloads.py
+++ b/src/zapv2/custompayloads.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2024 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/exim.py b/src/zapv2/exim.py
index 10e1432..a4ccf9a 100644
--- a/src/zapv2/exim.py
+++ b/src/zapv2/exim.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -55,6 +55,20 @@ def import_modsec_2_logs(self, filepath, apikey=''):
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'exim/action/importModsec2Logs/', {'filePath': filepath})))
+ def export_sites_tree(self, filepath, apikey=''):
+ """
+ Exports the Sites Tree in the Sites Tree YAML format.
+ This component is optional and therefore the API will only work if it is installed
+ """
+ return six.next(six.itervalues(self.zap._request(self.zap.base + 'exim/action/exportSitesTree/', {'filePath': filepath})))
+
+ def prune_sites_tree(self, filepath, apikey=''):
+ """
+ Prunes the Sites Tree based on a file in the Sites Tree YAML format.
+ This component is optional and therefore the API will only work if it is installed
+ """
+ return six.next(six.itervalues(self.zap._request(self.zap.base + 'exim/action/pruneSitesTree/', {'filePath': filepath})))
+
def export_har(self, baseurl=None, start=None, count=None, apikey=''):
"""
Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages
diff --git a/src/zapv2/forcedUser.py b/src/zapv2/forcedUser.py
index 1b65e74..ff9d71b 100644
--- a/src/zapv2/forcedUser.py
+++ b/src/zapv2/forcedUser.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/httpSessions.py b/src/zapv2/httpSessions.py
index b01475d..3f22370 100644
--- a/src/zapv2/httpSessions.py
+++ b/src/zapv2/httpSessions.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/network.py b/src/zapv2/network.py
index 3faa281..01cf15c 100644
--- a/src/zapv2/network.py
+++ b/src/zapv2/network.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/oast.py b/src/zapv2/oast.py
new file mode 100644
index 0000000..4b2f045
--- /dev/null
+++ b/src/zapv2/oast.py
@@ -0,0 +1,111 @@
+# Zed Attack Proxy (ZAP) and its related class files.
+#
+# ZAP is an HTTP/HTTPS proxy for assessing web application security.
+#
+# Copyright 2025 the ZAP development team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""
+This file was automatically generated.
+"""
+
+import six
+
+
+class oast(object):
+
+ def __init__(self, zap):
+ self.zap = zap
+
+ @property
+ def get_active_scan_service(self):
+ """
+ Gets the service used with the active scanner, if any.
+ This component is optional and therefore the API will only work if it is installed
+ """
+ return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/view/getActiveScanService/')))
+
+ @property
+ def get_services(self):
+ """
+ Gets all of the services.
+ This component is optional and therefore the API will only work if it is installed
+ """
+ return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/view/getServices/')))
+
+ @property
+ def get_boast_options(self):
+ """
+ Gets the BOAST options.
+ This component is optional and therefore the API will only work if it is installed
+ """
+ return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/view/getBoastOptions/')))
+
+ @property
+ def get_callback_options(self):
+ """
+ Gets the Callback options.
+ This component is optional and therefore the API will only work if it is installed
+ """
+ return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/view/getCallbackOptions/')))
+
+ @property
+ def get_interactsh_options(self):
+ """
+ Gets the Interactsh options.
+ This component is optional and therefore the API will only work if it is installed
+ """
+ return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/view/getInteractshOptions/')))
+
+ @property
+ def get_days_to_keep_records(self):
+ """
+ Gets the number of days the OAST records will be kept for.
+ This component is optional and therefore the API will only work if it is installed
+ """
+ return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/view/getDaysToKeepRecords/')))
+
+ def set_active_scan_service(self, name, apikey=''):
+ """
+ Sets the service used with the active scanner.
+ This component is optional and therefore the API will only work if it is installed
+ """
+ return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/action/setActiveScanService/', {'name': name})))
+
+ def set_boast_options(self, server, pollinsecs, apikey=''):
+ """
+ Sets the BOAST options.
+ This component is optional and therefore the API will only work if it is installed
+ """
+ return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/action/setBoastOptions/', {'server': server, 'pollInSecs': pollinsecs})))
+
+ def set_callback_options(self, localaddress, remoteaddress, port, apikey=''):
+ """
+ Sets the Callback options.
+ This component is optional and therefore the API will only work if it is installed
+ """
+ return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/action/setCallbackOptions/', {'localAddress': localaddress, 'remoteAddress': remoteaddress, 'port': port})))
+
+ def set_interactsh_options(self, server, pollinsecs, authtoken, apikey=''):
+ """
+ Sets the Interactsh options.
+ This component is optional and therefore the API will only work if it is installed
+ """
+ return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/action/setInteractshOptions/', {'server': server, 'pollInSecs': pollinsecs, 'authToken': authtoken})))
+
+ def set_days_to_keep_records(self, days, apikey=''):
+ """
+ Sets the number of days the OAST records will be kept for.
+ This component is optional and therefore the API will only work if it is installed
+ """
+ return six.next(six.itervalues(self.zap._request(self.zap.base + 'oast/action/setDaysToKeepRecords/', {'days': days})))
diff --git a/src/zapv2/params.py b/src/zapv2/params.py
index 61f7b2a..7dbb1d8 100644
--- a/src/zapv2/params.py
+++ b/src/zapv2/params.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/pnh.py b/src/zapv2/pnh.py
index 26d48c6..3228a4d 100644
--- a/src/zapv2/pnh.py
+++ b/src/zapv2/pnh.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/pscan.py b/src/zapv2/pscan.py
index 4c23758..f9535e0 100644
--- a/src/zapv2/pscan.py
+++ b/src/zapv2/pscan.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -31,13 +31,15 @@ def __init__(self, zap):
def scan_only_in_scope(self):
"""
Tells whether or not the passive scan should be performed only on messages that are in scope.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/view/scanOnlyInScope/')))
@property
def records_to_scan(self):
"""
- The number of records the passive scanner still has to scan
+ The number of records the passive scanner still has to scan.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/view/recordsToScan/')))
@@ -45,20 +47,23 @@ def records_to_scan(self):
def scanners(self):
"""
Lists all passive scan rules with their ID, name, enabled state, and alert threshold.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/view/scanners/')))
@property
def current_rule(self):
"""
- Show information about the passive scan rule currently being run (if any).
+ Shows information about the passive scan rule currently being run (if any).
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/view/currentRule/')))
@property
def current_tasks(self):
"""
- Show information about the passive scan tasks currently being run (if any).
+ Shows information about the passive scan tasks currently being run (if any).
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/view/currentTasks/')))
@@ -66,71 +71,83 @@ def current_tasks(self):
def max_alerts_per_rule(self):
"""
Gets the maximum number of alerts a passive scan rule should raise.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/view/maxAlertsPerRule/')))
def set_enabled(self, enabled, apikey=''):
"""
Sets whether or not the passive scanning is enabled (Note: the enabled state is not persisted).
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/setEnabled/', {'enabled': enabled})))
def set_scan_only_in_scope(self, onlyinscope, apikey=''):
"""
Sets whether or not the passive scan should be performed only on messages that are in scope.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/setScanOnlyInScope/', {'onlyInScope': onlyinscope})))
def enable_all_scanners(self, apikey=''):
"""
- Enables all passive scan rules
+ Enables all passive scan rules.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/enableAllScanners/', {})))
def disable_all_scanners(self, apikey=''):
"""
- Disables all passive scan rules
+ Disables all passive scan rules.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/disableAllScanners/', {})))
def enable_scanners(self, ids, apikey=''):
"""
- Enables all passive scan rules with the given IDs (comma separated list of IDs)
+ Enables passive scan rules.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/enableScanners/', {'ids': ids})))
def disable_scanners(self, ids, apikey=''):
"""
- Disables all passive scan rules with the given IDs (comma separated list of IDs)
+ Disables passive scan rules.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/disableScanners/', {'ids': ids})))
def set_scanner_alert_threshold(self, id, alertthreshold, apikey=''):
"""
- Sets the alert threshold of the passive scan rule with the given ID, accepted values for alert threshold: OFF, DEFAULT, LOW, MEDIUM and HIGH
+ Sets the alert threshold of a passive scan rule.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/setScannerAlertThreshold/', {'id': id, 'alertThreshold': alertthreshold})))
def set_max_alerts_per_rule(self, maxalerts, apikey=''):
"""
- Sets the maximum number of alerts a passive scan rule should raise.
+ Sets the maximum number of alerts a passive scan rule can raise.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/setMaxAlertsPerRule/', {'maxAlerts': maxalerts})))
def disable_all_tags(self, apikey=''):
"""
Disables all passive scan tags.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/disableAllTags/', {})))
def enable_all_tags(self, apikey=''):
"""
Enables all passive scan tags.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/enableAllTags/', {})))
def clear_queue(self, apikey=''):
"""
Clears the passive scan queue.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'pscan/action/clearQueue/', {})))
diff --git a/src/zapv2/replacer.py b/src/zapv2/replacer.py
index 1a91792..e906041 100644
--- a/src/zapv2/replacer.py
+++ b/src/zapv2/replacer.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -37,7 +37,7 @@ def rules(self):
def add_rule(self, description, enabled, matchtype, matchregex, matchstring, replacement=None, initiators=None, url=None, apikey=''):
"""
- Adds a replacer rule. For the parameters: desc is a user friendly description, enabled is true or false, matchType is one of [REQ_HEADER, REQ_HEADER_STR, REQ_BODY_STR, RESP_HEADER, RESP_HEADER_STR, RESP_BODY_STR], matchRegex should be true if the matchString should be treated as a regex otherwise false, matchString is the string that will be matched against, replacement is the replacement string, initiators may be blank (for all initiators) or a comma separated list of integers as defined in HttpSender
+ Adds a replacer rule. For the parameters: desc is a user friendly description, enabled is true or false, matchType is one of [REQ_HEADER, REQ_HEADER_STR, REQ_BODY_STR, RESP_HEADER, RESP_HEADER_STR, RESP_BODY_STR], matchRegex should be true if the matchString should be treated as a regex otherwise false, matchString is the string that will be matched against, replacement is the replacement string, initiators may be blank (for all initiators) or a comma separated list of integers as defined in Request Initiator Constants
This component is optional and therefore the API will only work if it is installed
"""
params = {'description': description, 'enabled': enabled, 'matchType': matchtype, 'matchRegex': matchregex, 'matchString': matchstring}
diff --git a/src/zapv2/reports.py b/src/zapv2/reports.py
index a61e9e7..979116b 100644
--- a/src/zapv2/reports.py
+++ b/src/zapv2/reports.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/retest.py b/src/zapv2/retest.py
index dc416d6..89dedfd 100644
--- a/src/zapv2/retest.py
+++ b/src/zapv2/retest.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/reveal.py b/src/zapv2/reveal.py
index 438b6a3..31a9f2c 100644
--- a/src/zapv2/reveal.py
+++ b/src/zapv2/reveal.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/revisit.py b/src/zapv2/revisit.py
index 8108a8f..8c4ad3f 100644
--- a/src/zapv2/revisit.py
+++ b/src/zapv2/revisit.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/ruleConfig.py b/src/zapv2/ruleConfig.py
index 7a2f9a8..d1c0210 100644
--- a/src/zapv2/ruleConfig.py
+++ b/src/zapv2/ruleConfig.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/script.py b/src/zapv2/script.py
index b85e3f2..dcf8cac 100644
--- a/src/zapv2/script.py
+++ b/src/zapv2/script.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -31,6 +31,7 @@ def __init__(self, zap):
def list_engines(self):
"""
Lists the script engines available
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/listEngines/')))
@@ -38,6 +39,7 @@ def list_engines(self):
def list_types(self):
"""
Lists the script types available.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/listTypes/')))
@@ -45,18 +47,21 @@ def list_types(self):
def list_scripts(self):
"""
Lists the scripts available, with its engine, name, description, type and error state.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/listScripts/')))
def global_var(self, varkey):
"""
Gets the value of the global variable with the given key. Returns an API error (DOES_NOT_EXIST) if no value was previously set.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/globalVar/', {'varKey': varkey})))
def global_custom_var(self, varkey):
"""
Gets the value (string representation) of a global custom variable. Returns an API error (DOES_NOT_EXIST) if no value was previously set.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/globalCustomVar/', {'varKey': varkey})))
@@ -64,6 +69,7 @@ def global_custom_var(self, varkey):
def global_vars(self):
"""
Gets all the global variables (key/value pairs).
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/globalVars/')))
@@ -71,48 +77,56 @@ def global_vars(self):
def global_custom_vars(self):
"""
Gets all the global custom variables (key/value pairs, the value is the string representation).
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/globalCustomVars/')))
def script_var(self, scriptname, varkey):
"""
Gets the value of the variable with the given key for the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists or if no value was previously set.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/scriptVar/', {'scriptName': scriptname, 'varKey': varkey})))
def script_custom_var(self, scriptname, varkey):
"""
Gets the value (string representation) of a custom variable. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists or if no value was previously set.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/scriptCustomVar/', {'scriptName': scriptname, 'varKey': varkey})))
def script_vars(self, scriptname):
"""
Gets all the variables (key/value pairs) of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/scriptVars/', {'scriptName': scriptname})))
def script_custom_vars(self, scriptname):
"""
Gets all the custom variables (key/value pairs, the value is the string representation) of a script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/view/scriptCustomVars/', {'scriptName': scriptname})))
def enable(self, scriptname, apikey=''):
"""
Enables the script with the given name
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/enable/', {'scriptName': scriptname})))
def disable(self, scriptname, apikey=''):
"""
Disables the script with the given name
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/disable/', {'scriptName': scriptname})))
def load(self, scriptname, scripttype, scriptengine, filename, scriptdescription=None, charset=None, apikey=''):
"""
Loads a script into ZAP from the given local file, with the given name, type and engine, optionally with a description, and a charset name to read the script (the charset name is required if the script is not in UTF-8, for example, in ISO-8859-1).
+ This component is optional and therefore the API will only work if it is installed
"""
params = {'scriptName': scriptname, 'scriptType': scripttype, 'scriptEngine': scriptengine, 'fileName': filename}
if scriptdescription is not None:
@@ -124,54 +138,63 @@ def load(self, scriptname, scripttype, scriptengine, filename, scriptdescription
def remove(self, scriptname, apikey=''):
"""
Removes the script with the given name
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/remove/', {'scriptName': scriptname})))
def run_stand_alone_script(self, scriptname, apikey=''):
"""
Runs the stand alone script with the given name
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/runStandAloneScript/', {'scriptName': scriptname})))
def clear_global_var(self, varkey, apikey=''):
"""
Clears the global variable with the given key.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/clearGlobalVar/', {'varKey': varkey})))
def clear_global_custom_var(self, varkey, apikey=''):
"""
Clears a global custom variable.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/clearGlobalCustomVar/', {'varKey': varkey})))
def clear_global_vars(self, apikey=''):
"""
Clears the global variables.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/clearGlobalVars/', {})))
def clear_script_var(self, scriptname, varkey, apikey=''):
"""
Clears the variable with the given key of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/clearScriptVar/', {'scriptName': scriptname, 'varKey': varkey})))
def clear_script_custom_var(self, scriptname, varkey, apikey=''):
"""
Clears a script custom variable.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/clearScriptCustomVar/', {'scriptName': scriptname, 'varKey': varkey})))
def clear_script_vars(self, scriptname, apikey=''):
"""
Clears the variables of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists.
+ This component is optional and therefore the API will only work if it is installed
"""
return six.next(six.itervalues(self.zap._request(self.zap.base + 'script/action/clearScriptVars/', {'scriptName': scriptname})))
def set_script_var(self, scriptname, varkey, varvalue=None, apikey=''):
"""
Sets the value of the variable with the given key of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists.
+ This component is optional and therefore the API will only work if it is installed
"""
params = {'scriptName': scriptname, 'varKey': varkey}
if varvalue is not None:
@@ -181,6 +204,7 @@ def set_script_var(self, scriptname, varkey, varvalue=None, apikey=''):
def set_global_var(self, varkey, varvalue=None, apikey=''):
"""
Sets the value of the global variable with the given key.
+ This component is optional and therefore the API will only work if it is installed
"""
params = {'varKey': varkey}
if varvalue is not None:
diff --git a/src/zapv2/search.py b/src/zapv2/search.py
index 79432ad..5fb6807 100644
--- a/src/zapv2/search.py
+++ b/src/zapv2/search.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -53,6 +53,19 @@ def urls_by_tag_regex(self, regex, baseurl=None, start=None, count=None):
params['count'] = count
return six.next(six.itervalues(self.zap._request(self.zap.base + 'search/view/urlsByTagRegex/', params)))
+ def urls_by_note_regex(self, regex, baseurl=None, start=None, count=None):
+ """
+ Returns the URLs of the HTTP messages that match the given regular expression in their note optionally filtered by URL and paginated with 'start' position and 'count' of messages.
+ """
+ params = {'regex': regex}
+ if baseurl is not None:
+ params['baseurl'] = baseurl
+ if start is not None:
+ params['start'] = start
+ if count is not None:
+ params['count'] = count
+ return six.next(six.itervalues(self.zap._request(self.zap.base + 'search/view/urlsByNoteRegex/', params)))
+
def urls_by_request_regex(self, regex, baseurl=None, start=None, count=None):
"""
Returns the URLs of the HTTP messages that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages.
@@ -118,6 +131,19 @@ def messages_by_tag_regex(self, regex, baseurl=None, start=None, count=None):
params['count'] = count
return six.next(six.itervalues(self.zap._request(self.zap.base + 'search/view/messagesByTagRegex/', params)))
+ def messages_by_note_regex(self, regex, baseurl=None, start=None, count=None):
+ """
+ Returns the HTTP messages that match the given regular expression in their note optionally filtered by URL and paginated with 'start' position and 'count' of messages.
+ """
+ params = {'regex': regex}
+ if baseurl is not None:
+ params['baseurl'] = baseurl
+ if start is not None:
+ params['start'] = start
+ if count is not None:
+ params['count'] = count
+ return six.next(six.itervalues(self.zap._request(self.zap.base + 'search/view/messagesByNoteRegex/', params)))
+
def messages_by_request_regex(self, regex, baseurl=None, start=None, count=None):
"""
Returns the HTTP messages that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages.
@@ -183,6 +209,19 @@ def har_by_tag_regex(self, regex, baseurl=None, start=None, count=None, apikey='
params['count'] = count
return (self.zap._request_other(self.zap.base_other + 'search/other/harByTagRegex/', params))
+ def har_by_note_regex(self, regex, baseurl=None, start=None, count=None, apikey=''):
+ """
+ Returns the HTTP messages, in HAR format, that match the given regular expression in their note optionally filtered by URL and paginated with 'start' position and 'count' of messages.
+ """
+ params = {'regex': regex}
+ if baseurl is not None:
+ params['baseurl'] = baseurl
+ if start is not None:
+ params['start'] = start
+ if count is not None:
+ params['count'] = count
+ return (self.zap._request_other(self.zap.base_other + 'search/other/harByNoteRegex/', params))
+
def har_by_request_regex(self, regex, baseurl=None, start=None, count=None, apikey=''):
"""
Returns the HTTP messages, in HAR format, that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages.
diff --git a/src/zapv2/selenium.py b/src/zapv2/selenium.py
index af5ecd1..c3fd78d 100644
--- a/src/zapv2/selenium.py
+++ b/src/zapv2/selenium.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -163,6 +163,13 @@ def add_browser_argument(self, browser, argument, enabled=None, apikey=''):
params['enabled'] = enabled
return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/action/addBrowserArgument/', params)))
+ def launch_browser(self, browser, apikey=''):
+ """
+ Launches a browser proxying through ZAP, for manual usage.
+ This component is optional and therefore the API will only work if it is installed
+ """
+ return six.next(six.itervalues(self.zap._request(self.zap.base + 'selenium/action/launchBrowser/', {'browser': browser})))
+
def remove_browser_argument(self, browser, argument, apikey=''):
"""
Removes a browser argument.
diff --git a/src/zapv2/sessionManagement.py b/src/zapv2/sessionManagement.py
index 6605799..04e6648 100644
--- a/src/zapv2/sessionManagement.py
+++ b/src/zapv2/sessionManagement.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/stats.py b/src/zapv2/stats.py
index d14cfac..adf20e5 100644
--- a/src/zapv2/stats.py
+++ b/src/zapv2/stats.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/users.py b/src/zapv2/users.py
index 76e4b21..84b9446 100644
--- a/src/zapv2/users.py
+++ b/src/zapv2/users.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/wappalyzer.py b/src/zapv2/wappalyzer.py
index 1e30263..1c0b459 100644
--- a/src/zapv2/wappalyzer.py
+++ b/src/zapv2/wappalyzer.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/src/zapv2/websocket.py b/src/zapv2/websocket.py
index 30b72ca..4d2e247 100644
--- a/src/zapv2/websocket.py
+++ b/src/zapv2/websocket.py
@@ -2,7 +2,7 @@
#
# ZAP is an HTTP/HTTPS proxy for assessing web application security.
#
-# Copyright 2022 the ZAP development team
+# Copyright 2025 the ZAP development team
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.