Zed Attack Proxy Scripts for finding CVEs and Secrets.

Related tags

Learning resource owasp vulnerability cve vulnerability-detection cve-scanning owasp-zap vulnerability-scanners zap-plugin zaproxy
Overview

zap-scripts

Zed Attack Proxy Scripts for finding CVEs and Secrets.

Building

This project uses Gradle to build the ZAP add-on, simply run:

./gradlew build

in the main directory of the project, the add-on will be placed in the directory build/zapAddOn/bin/.

Usage

The easiest way to use this repo in ZAP is to add the directory to the scripts directory in ZAP (under Options -> Scripts).

however, you can also build the add on and install it (under File -> Load Addon File...).

License

This software is distributed under the MIT License.

Credits

  • The scripts under the active directory are mostly ported from the amazing nuclei-templates repository, so huge shoutout to projectdiscovery and the community.

  • secret-finder.js uses regex patterns from the awesome gitleaks project.

  • takeover-finder.js uses patterns from the awesome nuclei-templates repository.

LEGAL NOTICE

THIS SOFTWARE IS PROVIDED FOR EDUCATIONAL USE ONLY! IF YOU ENGAGE IN ANY ILLEGAL ACTIVITY THE AUTHOR DOES NOT TAKE ANY RESPONSIBILITY FOR IT. BY USING THIS SOFTWARE YOU AGREE WITH THESE TERMS.

Get Involved

Please, send us pull requests!

You might also like...

This project will be using various AI and Rule Engine algorithm to detect various attack against a company!

This project will be using various AI and Rule Engine algorithm to detect various attack against a company!

📌 Introduction This project will be using various AI and Rule Engine algorithm to detect various attack against a website! 📌 Mission After starting

Apr 29, 2022

Rainbow Table attack to break zkcrush.xyz and reveal your crush.

Rainbow Table attack to break zkcrush.xyz and reveal your crush.

ZK-Crush-Break Rainbow Table attack to break zkcrush.xyz and reveal your crush. Background Amir released a project called zkcrush.xyz that allowed a u

Jul 1, 2022

Security tool + attack database used to take quick action against newly-discovered vulnerabilities in the blockchain.

Security tool + attack database used to take quick action against newly-discovered vulnerabilities in the blockchain.

SolidGuard Version: v1.0.1 SolidGuard is a Blockchain Security tool catered towards organizations who manages decentralized applications on the Ethere

Jan 3, 2023

A portal for finding and posting jobs. Assignment for internship.

A portal for finding and posting jobs. Assignment for internship.

Naukri Dundho A portal for finding and posting jobs. Assignment for internship. 💡 Explore the docs » • Report Bug • Request Feature • Backend Documan

Sep 14, 2022

Linkify is a JavaScript plugin for finding links in plain-text and converting them to HTML a tags.

Linkify Linkify is a JavaScript plugin. Use Linkify to find links in plain-text and convert them to HTML a tags. It automatically highlights URLs, #

Dec 27, 2022

API, web and mobile application for finding a partner to play online multiplayer games.

API, web and mobile application for finding a partner to play online multiplayer games.

Duo Finder Duo Finder is a simple mobile and web application for gamers looking for partners to play a game with. It's basics was developed during the

Sep 20, 2022

Finding RATs is hard. Push notifications for findarat.com.au

RAT-Push-Notifications Finding RATs is hard. Push notifications for findarat.com.au What is this? This is a script that will run on your computer / se

Jan 13, 2022

Path-finding & Sorting algorithms Visualizer

Update - Changelog 📋 09.05.2022 AlgoVision is now fully mobile-responsive for all its features ! On mobile, the 'Mouse Chase' option in Dynamic Mode

Dec 18, 2022

A Multi-Agent Path Finding visualization website.

A Multi-Agent Path Finding visualization website.

MAPF Visualizer A visualization tool for multi-agent path finding algorithms. About The Project This project provides a visualization tool for Multi-A

Dec 29, 2022
Comments
  • Create ZAP Add-on for the scripts

    Create ZAP Add-on for the scripts

    This should do it ;)

    The HTML file will be included in the ZAP help and appear on https://www.zaproxy.org/addons/ when its published. Feel free to add more details in there - I just created a very bare-bones version.

    If you add more script types then the gradle file will need tweaking, but we can explain whats needed if/when you get to that stage.

    Let me know if you have any questions about any of this..

    Signed-off-by: Simon Bennetts [email protected]

    opened by psiinon 9
  • Correct licence files

    Correct licence files

    Sorry, I used the ZAP License on these files - feel free to change them to your prefered license 😄 :

    • https://github.com/sepehrdaddev/zap-scripts/blob/main/gradle/spotless/license.java
    • https://github.com/sepehrdaddev/zap-scripts/blob/main/src/main/java/com/github/sepehrdaddev/zap_scripts/ExtensionSepehrdadScripts.java
    opened by psiinon 0
Owner
Sepehrdad
Software developer, Penetration tester and Security researcher.
Sepehrdad
GitHub
Grupprojekt för kurserna 'Javascript med Ramverk' och 'Agil Utveckling'

JavaScript-med-Ramverk-Laboration-3 Grupprojektet för kurserna Javascript med Ramverk och Agil Utveckling. Utvecklingsguide För information om hur utv

Svante Jonsson IT-Högskolan 3 May 18, 2022
Hemsida för personer i Sverige som kan och vill erbjuda boende till människor på flykt

Getting Started with Create React App This project was bootstrapped with Create React App. Available Scripts In the project directory, you can run: np

null 4 May 3, 2022
Kurs-repo för kursen Webbserver och Databaser

Webbserver och databaser This repository is meant for CME students to access exercises and codealongs that happen throughout the course. I hope you wi

null 14 Jan 3, 2023
Keep your sensitive information out of chat logs, emails, and more with heavily encrypted secrets.

Free encrypted secret sharing for everyone! This application is to be used to share encrypted secrets cross organizations, or as private persons. Hemm

Hemmelig 246 Dec 31, 2022
A back-end web app allows you to register and login to access a secrets page

A back-end web app allows you to register and login to access a secrets page

Shreya Christiana Malogi 12 Oct 30, 2022
Guardian - Securely Store and Share your Dev Secrets with your team

Guardian Securely Store and Share your Dev Secrets with your team Presentation About The Project No more sharing private development secrets over inef

Manavendra Sen 3 Oct 18, 2022
proxy 🦄 yxorp is your Web Proxy as a Service (SAAS) Multi-tenant, Multi-Threaded, with Cache & Article Spinner

proxy ?? yxorp is your Web Proxy as a Service (SAAS) Multi-tenant, Multi-Threaded, with Cache & Article Spinner. Batteries are included, Content Spinning and Caching Engine, all housed within a stunning web GUI. A unique high-performance, plug-and-play, multi-threaded website mirror and article spinner

4D/Òµ.com Dashboards 13 Dec 30, 2022
Proxy but misspelled -- closed proxy for the internet

pyrox Proxy that runs on Cloudflare Workers. Setup Install wrangler2. npm install wrangler. Generate a public Ed25519 key, exported under SPKI mode wi

bots.gg 10 Sep 9, 2022
Shifty is a tiny zero-dependency secrets generator, built for the web using TypeScript.

Shifty is a tiny zero-dependency secrets generator, built for the web using TypeScript. Installation yarn add @deepsource/shifty Usage Shifty is built

DeepSource 46 Nov 24, 2022
Browser In The Browser (BITB) attack is a sophisticated phishing and hard to detect.

BITB Browser In The Browser (BITB) attack is a sophisticated phishing and hard to detect. Goto: ?? MacOS-Chrome-DarkMode ?? MacOS-Chrome-LightMode ??

Lục Thiên Phong 18 Dec 4, 2022