A tool to perform a quick security test on your website through the ZAP API.
pip install git+https://github.com/grepmam/ultra-pentest.git
Note: only supports 3.11 or higher.
We configure the environment variables and the attack file:
ZAP_EXECUTABLE=<exec-path>
Note: The executable path may vary. On Kali Linux it is located in /usr/share/zaproxy/zap.sh
vim default.json
We start ZAP Daemon:
ultra-pentest start
Configure workspace:
ultra-pentest auto-configure example.json
Launch quick attack:
ultra-pentest quick-attack http://example.com/
Launch attack as a logged in user:
ultra-pentest run-attack http://example.com/
Once finished you can generate the report:
ultra-pentest reports generate "Test" traditional-html -o /tmp/test
Improper use of this software may lead to legal and ethical complications for which I neither endorse nor assume responsibility. So, don't be stupid, be careful and use this tool responsibly.