Zed Attack Proxy Scripts for finding CVEs and Secrets.
This project uses Gradle to build the ZAP add-on, simply run:
in the main directory of the project, the add-on will be placed in the directory build/zapAddOn/bin/
.
The easiest way to use this repo in ZAP is to add the directory to the scripts directory in ZAP (under Options -> Scripts).
however, you can also build the add on and install it (under File -> Load Addon File...).
This software is distributed under the MIT License.
The scripts under the active
directory are mostly ported from the amazing nuclei-templates repository, so huge shoutout to projectdiscovery and the community.
secret-finder.js
uses regex patterns from the awesome gitleaks project.
takeover-finder.js
uses patterns from the awesome nuclei-templates repository.
THIS SOFTWARE IS PROVIDED FOR EDUCATIONAL USE ONLY! IF YOU ENGAGE IN ANY ILLEGAL ACTIVITY THE AUTHOR DOES NOT TAKE ANY RESPONSIBILITY FOR IT. BY USING THIS SOFTWARE YOU AGREE WITH THESE TERMS.
Please, send us pull requests!
Zap-Scripts - Zed Attack Proxy Scripts For Finding CVEs And Secrets Reviewed by Zion3R on 5:30 PM Rating: 5