Facing issue with ZAP integration in Node JS

404 Views Asked by Sunils At 23 July 2021 at 12:51

I am new to ZAP and node.js
My Aim is to Scan for vulnerabilities in for any webapp and generate a report (JSON).

I tried with below code, it gives me error

const ZapClient = require('zaproxy');
 
const zapOptions = {
  apiKey: 'myAPIKEY'
  proxy: 'http://localhost:8095',
};
 
const zaproxy = new ZapClient(zapOptions);

let target = 'http://localhost:3000/#/app/my-app'

let promiseObj = zaproxy.ascan.scan(target);
    promiseObj
        .then(resp => {
            console.log(JSON.stringify(resp))
        })
        .catch(error =>{
            console.log(error)
        })

 let promiseObj = zaproxy.core.alerts(target);
     promiseObj
         .then(resp => {
             console.log(JSON.stringify(resp))
         })
         .catch(error =>{
             console.log(error)
         })

The error I am facing :

StatusCodeError: 404 - "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>
Error</title>\n</head>\n<body>\n<pre>
Cannot GET /JSON/ascan/action/scan/</pre>\n</body>\n</html>\n"

Also, I would be very grateful for :

can someone share any examples related to Zap with node.js
Is it necessary to keep ZAP tool open & running whenever I run above example.

Original Q&A

There are 1 best solutions below

Simon Bennetts On 23 July 2021 at 13:15 BEST ANSWER

Yes, you need ZAP running in order to communicate with it using the API. It doesnt look like you are doing that :(

Facing issue with ZAP integration in Node JS

There are 1 best solutions below

Related Questions in NODE.JS

Related Questions in ZAP

Related Questions in ZAPPROXY

Trending Questions

Popular # Hahtags

Popular Questions