How to generate full report in owasp zap in any format

owasp zap
NMKP picture NMKP · Apr 6, 2017 · Viewed 8.3k times · Source

When i try to generate report in HTML,.XML or PDF I'm getting only alerts in the report. I would like to get all the information including passed attack also in the report.

For example in active scan there is around 500+ combination of URL being used but I'm getting only fee of them. I need all the 500+ URL and its results in the report

Any suggestion?

Answer

Simon Bennetts picture Simon Bennetts · Apr 6, 2017

We dont generate that as a 'standard' report as no ones asked for that to date. However we do expose pretty much everything via the ZAP API, and if theres anything we dont currently expose then let us know and we'll fix that. To get started with the API point your browser at the host:port that ZAP is listening on and follow the link to the API UI which will allow you to invoke any of the end points. We also have some info on the wiki: https://github.com/zaproxy/zaproxy/wiki/ApiDetails

If you have more detailed questions then the ZAP User Group is a good place to ask: https://groups.google.com/group/zaproxy-users

Related questions

Adding authentication in ZAP tool to attack a URL

How to pass authentication details to the ZAP tool to scan the website. Please help me to solve the problem.

Read More
OWASP's ZAP and the Fuzz ability

My scenario: I navigate to a login page. I put in a known username with a bad password. ZAP picks this up no issue. I select the POST to the login page. I find the lines that contain the Username …

Read More
Owasp Zap Testing rest api

Is that possible to testing rest-api via OWASP ZAP ? Url to attack worked just for GET requests. For example, my api controllers work with only token. I have TokenController and this controller require POST data via JSON data include password …

Read More