Skip to content

HelpCmdline

Jump to bottom
thc202 edited this page Apr 4, 2017 · 8 revisions

Command Line

To run ZAP via the command line, you will need to locate the ZAP startup script. Windows:

C:\Program Files (x86)\OWASP\Zed Attack Proxy\zap.bat

Mac:

/Applications/OWASP\ ZAP.app/Contents/Java/zap.sh

Linux: zap.sh will be below the directory where ZAP was installed.

Alternatively, you can run the JAR file directly:

java -jar zap.jar

All options below can be passed to any of these.

Options

ZAP supports the following command line options:

     -version Reports the ZAP version
     -cmd Run inline (exits when command line options complete)
     -daemon Starts ZAP in daemon mode, ie without a UI
     -config <kvpair> Overrides the specified key=value pair in the configuration file. -config command line options are applied in the order they are specified.
     -configfile <path> Overrides the key=value pairs with those in the specified properties file
     -dir <dir> Uses the specified directory instead of the default one
     -installdir <dir> Overrides the code that detects where ZAP has been installed with the specified directory
     -h Shows all of the command line options available, including those added by add-ons
     -help The same as -h
     -newsession <path> Creates a new session at the given location
     -session <path> Opens the given session after starting ZAP
     -host <host> Overrides the host used for proxying specified in the configuration file
     -port <port> Overrides the port used for proxying specified in the configuration file
     -lowmem Use the database instead of memory as much as possible - this is still experimental
     -experimentaldb Use the experimental generic database code, which is not surprisingly also still experimental
     -addoninstall <addon> Install the specified add-on from the ZAP Marketplace
     -addoninstallall Install all available add-ons from the ZAP Marketplace
     -addonuninstall <addon> Uninstall the specified add-on
     -addonupdate Update all changed add-ons from the ZAP Marketplace
     -addonlist List all of the installed add-ons
     -script <script> Run the specified script (file system path) if command line/daemon, or just load it if GUI
     -last_scan_report <path> Generate the 'Last Scan Report' into the specified path

The options -session and -newsession are mutually exclusive. An error will be shown and ZAP exit (if not in GUI) when both options are set. Relative paths to session file are resolved against the "session" directory located in ZAP's home directory (default or specified with -dir option). Configuration keys should be specified using the dot notation based their location in the XML of the configuration file, eg:

<zap-script> -config api.key=12345 -config connection.timeoutInSecs=60

Note that add-ons can add extra command line options.

Examples:

  • Start ZAP in 'daemon' mode with a new session created at a given path:

    <zap-script> -daemon -newsession session

  • Create a report of the last scan of an existing session and exit ZAP once finished:

    <zap-script> -last_scan_report /full/path/to/save/report.xml -session /full/path/to/existing/session -cmd

See also

     Introduction the introduction to ZAP
     API to control ZAP programmatically
Clone this wiki locally