ZAP API Python Client

raw JSON →
0.5.0 verified Fri May 01 auth: no python

Python client for the OWASP ZAP (Zed Attack Proxy) API. Version 0.5.0 supports ZAP 2.15+. Released irregularly; maintained by the ZAP project.

pip install zaproxy

Common errors

error AttributeError: module 'zaproxy' has no attribute 'ZAPv2'
cause Importing incorrectly from top-level 'zaproxy' package instead of 'zapv2' submodule.
fix
Use 'from zapv2 import ZAPv2' instead of 'import zaproxy'.

Warnings

breaking In version 0.5.0, the default proxy changed. Previously the proxy was optional; now it must be explicitly passed or set to None if no proxy.
fix Always provide the proxy argument: ZAPv2(proxy={'http': 'http://127.0.0.1:8080', 'https': '...'})
gotcha The ZAP API key is required by default starting ZAP 2.9. If not set, you may get a 401 error. Pass an empty apikey if ZAP is configured without one.
fix Set ZAP_API_KEY environment variable or pass apikey='' to ZAPv2 for unauthenticated access.

Imports

Quickstart

Connect to local ZAP instance (must be running on port 8080) and call the core version endpoint.

from zapv2 import ZAPv2

zapi = ZAPv2(apikey=os.environ.get('ZAP_API_KEY', ''), proxy={'http': 'http://127.0.0.1:8080', 'https': 'http://127.0.0.1:8080'})
print(zapi.urlopen('http://127.0.0.1'))
# Core API example
print(zapi.core.version)
last verified Fri May 01
next check Thu Jul 30