-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathzap-config.yaml
More file actions
64 lines (57 loc) · 1.48 KB
/
zap-config.yaml
File metadata and controls
64 lines (57 loc) · 1.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# ZAP Configuration File
env:
contexts:
- name: "Angular XSS"
urls:
- "http://localhost:4200"
includePaths:
- "http://localhost:4200.*"
excludePaths: []
authentication:
method: "form"
loginPageUrl: "http://localhost:4200/home/signin"
loginRequestUrl: "http://localhost:8000/signin"
loginRequestBody: "email={%username%}&password={%password%}"
users:
- name: "admin"
username: "admin@example.com"
password: "admin123"
indicators:
- type: "response.header"
name: "Authorization"
present: "false"
parameters:
failOnWarning: false
failOnError: true
progressToStdout: true
maxAlertsPerRule: 10
addOns:
enableBruteForce: false
enableAjaxSpider: true
pscan:
maxAlertsPerRule: 10
maxBodySizeInBytesToScan: 2000000
ascan:
attackStrength: "HIGH"
alertThreshold: "MEDIUM"
maxRuleDurationInMins: 5
maxScanDurationInMins: 60
delay: 0
handleAntiCSRFTokens: true
injectPluginIdInHeader: true
maxBodySizeInBytesToScan: 2000000
defaultPolicy: "Default Policy"
ajax:
browserId: "htmlunit"
clickDefaultElements: "a,button,input"
eventWait: 1000
maxCrawlDepth: 10
maxCrawlStates: 0
maxDuration: 0
numberOfBrowsers: 1
# XSS-specific payloads for this vulnerable application
xss:
payloads:
- "javascript:alert('XSS')"
- "javascript:alert(document.cookie)"
- "javascript:alert(window.localStorage.getItem('token'))"