我可以访问OWASP ZAP的警报对象吗?

时间:2018-03-08 07:30:19

标签: owasp zap

在独立脚本中,我如何访问警报对象(意味着获取警报的所有信息显示在下面的屏幕截图中)?

enter image description here

谢谢,

1 个答案:

答案 0 :(得分:2)

我刚刚为ZAP社区提交了一个公关脚本,用于执行此操作的脚本:) https://github.com/zaproxy/community-scripts/pull/100/files

extAlert = org.parosproxy.paros.control.Control.getSingleton().
    getExtensionLoader().getExtension(
        org.zaproxy.zap.extension.alert.ExtensionAlert.NAME) 
if (extAlert != null) {
    var Alert = org.parosproxy.paros.core.scanner.Alert
    var alerts = extAlert.getAllAlerts()
    for (var i = 0; i < alerts.length; i++) {
        var alert = alerts[i]
        print (alert.uri)
        print ('\tName:\t' + alert.name)
        print ('\tRisk:\t' + Alert.MSG_RISK[alert.risk])
        print ('\tConfidence:\t' + Alert.MSG_CONFIDENCE[alert.confidence])
        // For more alert properties see https://static.javadoc.io/org.zaproxy/zap/2.7.0/org/parosproxy/paros/core/scanner/Alert.html
    }
}