CyberStrikeAI/tools/zap.yaml

name: "zap"
command: "zap-cli"
enabled: false
short_description: "OWASP ZAP Web应用安全扫描器"
description: |
  OWASP ZAP是一个Web应用安全扫描器，用于发现Web应用中的安全漏洞。

  **主要功能：**
  - Web应用安全扫描
  - 主动和被动扫描
  - API测试
  - 详细报告

  **使用场景：**
  - Web应用安全测试
  - 漏洞扫描
  - 安全评估
  - 渗透测试
parameters:
  - name: "target"
    type: "string"
    description: "目标URL"
    required: true
    flag: "-t"
    format: "flag"
  - name: "scan_type"
    type: "string"
    description: "扫描类型（baseline, full, api）"
    required: false
    flag: "--scan-type"
    format: "flag"
    default: "baseline"
  - name: "api_key"
    type: "string"
    description: "ZAP API密钥"
    required: false
    flag: "--api-key"
    format: "flag"
  - name: "daemon"
    type: "bool"
    description: "以守护进程模式运行"
    required: false
    flag: "--daemon"
    format: "flag"
    default: false
  - name: "port"
    type: "string"
    description: "ZAP守护进程端口"
    required: false
    flag: "--port"
    format: "flag"
    default: "8090"
  - name: "format_type"
    type: "string"
    description: "输出格式（xml, json, html）"
    required: false
    flag: "--format"
    format: "flag"
    default: "xml"
  - name: "output_file"
    type: "string"
    description: "输出文件路径"
    required: false
    flag: "--output"
    format: "flag"
  - name: "additional_args"
    type: "string"
    description: |
      额外的zap参数。用于传递未在参数列表中定义的zap选项。

      **示例值：**
      - 根据工具特性添加常用参数示例

      **注意事项：**
      - 多个参数用空格分隔
      - 确保参数格式正确，避免命令注入
      - 此参数会直接追加到命令末尾
    required: false
    format: "positional"