grepmam/ultra-pentest

A tool to perform a quick security test on your website through the ZAP API.

A tool to perform a quick security test on your website through the ZAP API.

Install

pip install git+https://github.com/grepmam/ultra-pentest.git

Note: only supports 3.11 or higher.

How to use it?

We configure the environment variables and the attack file:

ZAP_EXECUTABLE=<exec-path>

Note: The executable path may vary. On Kali Linux it is located in /usr/share/zaproxy/zap.sh

vim default.json

We start ZAP Daemon:

ultra-pentest start

Configure workspace:

ultra-pentest auto-configure example.json

Launch quick attack:

ultra-pentest quick-attack http://example.com/

Launch attack as a logged in user:

ultra-pentest run-attack http://example.com/

Once finished you can generate the report:

ultra-pentest reports generate "Test" traditional-html -o /tmp/test

Disclaimer

Improper use of this software may lead to legal and ethical complications for which I neither endorse nor assume responsibility. So, don't be stupid, be careful and use this tool responsibly.