I would like to get a HTML report from the zap-cli. I am able to run these commands, but is there a way to run both in single command
[[email protected]@sb-test-vm ~]$ zap-cli quick-scan -s xss,sqli --spider -r -e "some_regex_pattern" http://demo.testfire.net/
[INFO] Running a quick scan for http://demo.testfire.net/
[INFO] Issues found: 6
+----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
| Alert | Risk | CWE ID | URL |
+==================================+========+==========+==================================================================================================================+
| Cross Site Scripting (Reflected) | High | 79 | http://demo.testfire.net/bank/login.aspx |
+----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
| Cross Site Scripting (Reflected) | High | 79 | http://demo.testfire.net/comment.aspx |
+----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
| Cross Site Scripting (Reflected) | High | 79 | http://demo.testfire.net/notfound.aspx?aspxerrorpath=%3C%2Fb%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Cb%3E |
+----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
| Cross Site Scripting (Reflected) | High | 79 | http://demo.testfire.net/search.aspx?txtSearch=%3C%2Fspan%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Cspan%3E |
+----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
| SQL Injection | High | 89 | http://demo.testfire.net/bank/login.aspx |
+----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
| SQL Injection | High | 89 | http://demo.testfire.net/bank/login.aspx |
+----------------------------------+--------+----------+------------------------------------------------------------------------------------------------------------------+
[[email protected]@sb-test-vm ~]$ zap-cli report -o abc.html -f html
[INFO] Report saved to "abc.html"
[[email protected]@sb-test-vm ~]$ ls -l abc.html
-rw-rw-r--. 1 [email protected] [email protected] 58659 Sep 25 16:39 abc.html
[[email protected]@sb-test-vm ~]$ date
Tue Sep 25 16:39:16 EDT 2018
[[email protected]@sb-test-vm ~]$
I tried the switches provided but unable to execuete the scan and get the report in a single liner. I am willing to use zap.sh even however I didn't see the option to generate the report in HTML, only XML. any insight on this is appreciated
zap-cli --help
Usage: zap-cli [OPTIONS] COMMAND [ARGS]...
ZAP CLI v0.9.0 - A simple commandline tool for OWASP ZAP.
Options:
--boring Remove color from console output.
-v, --verbose Add more verbose debugging output.
--zap-path TEXT Path to the ZAP daemon. Defaults to /zap or the value
of
the environment variable ZAP_PATH.
-p, --port INTEGER Port of the ZAP proxy. Defaults to 8090 or the value
of
the environment variable ZAP_PORT.
--zap-url TEXT The URL of the ZAP proxy. Defaults to http://127.0.0.1
or the value of the environment variable ZAP_URL.
--api-key TEXT The API key for using the ZAP API if required. Defaults
to the value of the environment variable ZAP_API_KEY.
--help Show this message and exit.
Commands:
active-scan Run an Active Scan.
ajax-spider Run the AJAX Spider against a URL.
alerts Show alerts at the given alert level.
context Manage contexts for the current session.
exclude Exclude a pattern from all scanners.
open-url Open a URL using the ZAP proxy.
policies Enable or list a set of policies.
quick-scan Run a quick scan.
report Generate XML, MD or HTML report.
scanners Enable, disable, or list a set of scanners.
scripts Manage scripts.
session Manage sessions.
shutdown Shutdown the ZAP daemon.
spider Run the spider against a URL.
start Start the ZAP daemon.
status Check if ZAP is running.
EDIT:
I tried this command but the abc.html file wasn't there in the current dir. I did a find but couldn't find abc.html anywhere
zap-cli quick-scan -s xss,sqli --spider -r -e "some_regex_pattern" http://demo.testfire.net/ && zap-cli report -o abc.html -f html
So, next I tried to out these 2 commands in a zap-run.sh script and chmod +x the script and ran it, that DID create the abc.html file. So, thank you