HelpCmdline
ZAP supports the following command line options:
| -cmd | Runs ZAP 'inline', ie without starting the UI or a daemon | |
| -config | Overrides the specified key=value pair in the configuration file | |
| -daemon | Starts ZAP in 'daemon' mode, ie without a UI | |
| -dir | Uses the specified directory instead of the default one | |
| -installdir | Overrides the code that detects where ZAP has been installed with the specified directory | |
| -h | Shows all of the command line options available, including those added by add-ons | |
| -help | The same as -h | |
| -host | Overrides the host used for proxying specified in the configuration file | |
| -port | Overrides the port used for proxying specified in the configuration file | |
| -version | Reports the ZAP version | |
| -newsession | Creates a new session at the given location (it expects the full path to the session) | |
| -session | Opens the given session after starting ZAP (it expects the full path to the session). |
The options '-session' and '-newsession' are mutually exclusive. An error will be shown and ZAP exit (if not in GUI) when both options are set. Configuration keys should be specified using the dot notation based their location in the XML of the configuration file, eg:
-config api.key=12345 -config connection.timeoutInSecs=60
Note that add-ons can add extra command line options.
Examples:
-
Start ZAP in 'daemon' mode with a new session created at a given path:
-daemon -newsession /path/to/new/session -
Create a report of the last scan of an existing session and exit ZAP once finished:
-last_scan_report /path/to/save/report.xml -session /path/to/existing/session -cmd
| Introduction | the introduction to ZAP | |
| API | to control ZAP programmatically |
-
ZAP User Guide
- Introduction
-
Getting Started
- Configuring proxies
-
Features
- Active Scan
- Add-ons
- Alerts
- Anti CSRF Tokens
- API
- Authentication
- Break Points
- Callbacks
- Contexts
- Data Driven Content
- Filters
- Globally Excluded URLs
- HTTP Sessions
- Man-in-the-middle Proxy
- Modes
- Notes
- Passive Scan
- Scan Policies
- Scope
- Session Management
- Spider
- Statistics
- Structural Modifiers
- Structural Parameters
- Tags
- Users
- Scanner Rules
- A Simple Penetration Test
-
The User Interface
- Overview
- The Top Level Menu
- The Top Level Toolbar
- The Tabs
-
The Dialogs
- Active Scan
- Add Alert
- Add Break Point
- Add Note
- Encode/Decode/Hash
- Filter
- Find
- History Filter
- Manual Request Editor
- Manage Add-ons
- Manage Tags
-
Options
- Active Scan
- Active Scan Input Vectors
- Alerts
- Anti CSRF Tokens
- API
- Breakpoints
- Callback Address
- Certificate
- Check for Updates
- Connection
- Database
- Display
- Dynamic SSL Certificates
- Extensions
- Global Exclude URL
- HTTP Sessions
- JVM
- Keyboard
- Language
- Local Proxies
- Passive Scan Rules
- Passive Scan Tags
- Passive Scanner
- Rule Configuration
- Scripts
- Search
- Spider
- Statistics
- Persist Session
- Resend
- Scan Policy Manager
- Scan Progress
- Session
- Spider
- The Footer
- Command Line
- Add Ons
- Releases
- Paros Proxy
- Credits
